BOOL
dns_is_secure(const dns_answer * dnsa)
{
#ifdef DISABLE_DNSSEC
DEBUG(D_dns)
debug_printf("DNSSEC support disabled at build-time; dns_is_secure() false\n");
return FALSE;
#else
HEADER * h = (HEADER *) dnsa->answer;
const uschar * auth_name;
const uschar * trusted;
if (h->ad) return TRUE;
/* If the resolver we ask is authoritive for the domain in question, it
* may not set the AD but the AA bit. If we explicitly trust
* the resolver for that domain (via a domainlist in dns_trust_aa),
* we return TRUE to indicate a secure answer.
*/
if ( !h->aa
|| !dns_trust_aa
|| !(trusted = expand_string(dns_trust_aa))
|| !*trusted
|| !(auth_name = dns_extract_auth_name(dnsa))
|| OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL,
MCL_DOMAIN, TRUE, NULL)
)
return FALSE;
DEBUG(D_dns) debug_printf("DNS faked the AD bit "
"(got AA and matched with dns_trust_aa (%s in %s))\n",
auth_name, dns_trust_aa);
return TRUE;
#endif
}
int
manualroute_router_entry(
router_instance *rblock, /* data for this instantiation */
address_item *addr, /* address we are working on */
struct passwd *pw, /* passwd entry after check_local_user */
int verify, /* v_none/v_recipient/v_sender/v_expn */
address_item **addr_local, /* add it to this if it's local */
address_item **addr_remote, /* add it to this if it's remote */
address_item **addr_new, /* put new addresses on here */
address_item **addr_succeed) /* put old address here on success */
{
int rc, lookup_type;
uschar *route_item = NULL;
const uschar *options = NULL;
const uschar *hostlist = NULL;
const uschar *domain;
uschar *newhostlist;
const uschar *listptr;
manualroute_router_options_block *ob =
(manualroute_router_options_block *)(rblock->options_block);
transport_instance *transport = NULL;
BOOL individual_transport_set = FALSE;
BOOL randomize = ob->hosts_randomize;
addr_new = addr_new; /* Keep picky compilers happy */
addr_succeed = addr_succeed;
DEBUG(D_route) debug_printf("%s router called for %s\n domain = %s\n",
rblock->name, addr->address, addr->domain);
/* The initialization check ensures that either route_list or route_data is
set. */
if (ob->route_list != NULL)
{
int sep = -(';'); /* Default is semicolon */
listptr = ob->route_list;
while ((route_item = string_nextinlist(&listptr, &sep, NULL, 0)) != NULL)
{
int rc;
DEBUG(D_route) debug_printf("route_item = %s\n", route_item);
if (!parse_route_item(route_item, &domain, &hostlist, &options))
continue; /* Ignore blank items */
/* Check the current domain; if it matches, break the loop */
if ((rc = match_isinlist(addr->domain, &domain, UCHAR_MAX+1,
&domainlist_anchor, NULL, MCL_DOMAIN, TRUE, CUSS &lookup_value)) == OK)
break;
/* If there was a problem doing the check, defer */
if (rc == DEFER)
{
addr->message = US"lookup defer in route_list";
return DEFER;
}
}
if (route_item == NULL) return DECLINE; /* No pattern in the list matched */
}
/* Handle a single routing item in route_data. If it expands to an empty
string, decline. */
else
{
route_item = rf_expand_data(addr, ob->route_data, &rc);
if (route_item == NULL) return rc;
(void) parse_route_item(route_item, NULL, &hostlist, &options);
if (hostlist[0] == 0) return DECLINE;
}
/* Expand the hostlist item. It may then pointing to an empty string, or to a
single host or a list of hosts; options is pointing to the rest of the
routelist item, which is either empty or contains various option words. */
DEBUG(D_route) debug_printf("original list of hosts = \"%s\" options = %s\n",
hostlist, options);
newhostlist = expand_string_copy(hostlist);
lookup_value = NULL; /* Finished with */
expand_nmax = -1;
/* If the expansion was forced to fail, just decline. Otherwise there is a
configuration problem. */
if (newhostlist == NULL)
{
if (expand_string_forcedfail) return DECLINE;
addr->message = string_sprintf("%s router: failed to expand \"%s\": %s",
rblock->name, hostlist, expand_string_message);
return DEFER;
}
else hostlist = newhostlist;
DEBUG(D_route) debug_printf("expanded list of hosts = \"%s\" options = %s\n",
hostlist, options);
/* Set default lookup type and scan the options */
lookup_type = lk_default;
while (*options != 0)
{
unsigned n;
const uschar *s = options;
while (*options != 0 && !isspace(*options)) options++;
n = options-s;
if (Ustrncmp(s, "randomize", n) == 0) randomize = TRUE;
else if (Ustrncmp(s, "no_randomize", n) == 0) randomize = FALSE;
else if (Ustrncmp(s, "byname", n) == 0) lookup_type = lk_byname;
else if (Ustrncmp(s, "bydns", n) == 0) lookup_type = lk_bydns;
else
{
transport_instance *t;
for (t = transports; t != NULL; t = t->next)
if (Ustrcmp(t->name, s) == 0)
{
transport = t;
individual_transport_set = TRUE;
break;
}
if (t == NULL)
{
s = string_sprintf("unknown routing option or transport name \"%s\"", s);
log_write(0, LOG_MAIN, "Error in %s router: %s", rblock->name, s);
addr->message = string_sprintf("error in router: %s", s);
return DEFER;
}
}
if (*options)
{
options++;
while (*options != 0 && isspace(*options)) options++;
}
}
/* Set up the errors address, if any. */
rc = rf_get_errors_address(addr, rblock, verify, &addr->prop.errors_address);
if (rc != OK) return rc;
/* Set up the additional and removeable headers for this address. */
rc = rf_get_munge_headers(addr, rblock, &addr->prop.extra_headers,
&addr->prop.remove_headers);
if (rc != OK) return rc;
/* If an individual transport is not set, get the transport for this router, if
any. It might be expanded, or it might be unset if this router has verify_only
set. */
if (!individual_transport_set)
{
if (!rf_get_transport(rblock->transport_name, &(rblock->transport), addr,
rblock->name, NULL))
return DEFER;
transport = rblock->transport;
}
/* Deal with the case of a local transport. The host list is passed over as a
single text string that ends up in $host. */
if (transport != NULL && transport->info->local)
{
if (hostlist[0] != 0)
{
host_item *h;
addr->host_list = h = store_get(sizeof(host_item));
h->name = string_copy(hostlist);
h->address = NULL;
h->port = PORT_NONE;
h->mx = MX_NONE;
h->status = hstatus_unknown;
h->why = hwhy_unknown;
h->last_try = 0;
h->next = NULL;
}
/* There is nothing more to do other than to queue the address for the
local transport, filling in any uid/gid. This can be done by the common
rf_queue_add() function. */
addr->transport = transport;
return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)?
OK : DEFER;
}
/* There is either no transport (verify_only) or a remote transport. A host
list is mandatory in either case, except when verifying, in which case the
address is just accepted. */
if (hostlist[0] == 0)
{
if (verify != v_none) goto ROUTED;
addr->message = string_sprintf("error in %s router: no host(s) specified "
"for domain %s", rblock->name, domain);
log_write(0, LOG_MAIN, "%s", addr->message);
return DEFER;
}
/* Otherwise we finish the routing here by building a chain of host items
for the list of configured hosts, and then finding their addresses. */
host_build_hostlist(&(addr->host_list), hostlist, randomize);
rc = rf_lookup_hostlist(rblock, addr, rblock->ignore_target_hosts, lookup_type,
ob->hff_code, addr_new);
if (rc != OK) return rc;
/* If host_find_failed is set to "ignore", it is possible for all the hosts to
be ignored, in which case we will end up with an empty host list. What happens
is controlled by host_all_ignored. */
if (addr->host_list == NULL)
{
int i;
DEBUG(D_route) debug_printf("host_find_failed ignored every host\n");
if (ob->hai_code == hff_decline) return DECLINE;
if (ob->hai_code == hff_pass) return PASS;
for (i = 0; i < hff_count; i++)
if (ob->hai_code == hff_codes[i]) break;
addr->message = string_sprintf("lookup failed for all hosts in %s router: "
"host_find_failed=ignore host_all_ignored=%s", rblock->name, hff_names[i]);
if (ob->hai_code == hff_defer) return DEFER;
if (ob->hai_code == hff_fail) return FAIL;
addr->special_action = SPECIAL_FREEZE;
return DEFER;
}
/* Finally, since we have done all the routing here, there must be a transport
defined for these hosts. It will be a remote one, as a local transport is
dealt with above. However, we don't need one if verifying only. */
if (transport == NULL && verify == v_none)
{
log_write(0, LOG_MAIN, "Error in %s router: no transport defined",
rblock->name);
addr->message = US"error in router: transport missing";
return DEFER;
}
/* Fill in the transport, queue for remote delivery. The yield of
rf_queue_add() is always TRUE for a remote transport. */
ROUTED:
addr->transport = transport;
(void)rf_queue_add(addr, addr_local, addr_remote, rblock, NULL);
return OK;
}
int
dnslookup_router_entry(
router_instance *rblock, /* data for this instantiation */
address_item *addr, /* address we are working on */
struct passwd *pw, /* passwd entry after check_local_user */
int verify, /* v_none/v_recipient/v_sender/v_expn */
address_item **addr_local, /* add it to this if it's local */
address_item **addr_remote, /* add it to this if it's remote */
address_item **addr_new, /* put new addresses on here */
address_item **addr_succeed) /* put old address here on success */
{
host_item h;
int rc;
int widen_sep = 0;
int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A;
dnslookup_router_options_block *ob =
(dnslookup_router_options_block *)(rblock->options_block);
uschar *srv_service = NULL;
uschar *widen = NULL;
uschar *pre_widen = addr->domain;
uschar *post_widen = NULL;
uschar *fully_qualified_name;
uschar *listptr;
uschar widen_buffer[256];
addr_new = addr_new; /* Keep picky compilers happy */
addr_succeed = addr_succeed;
DEBUG(D_route)
debug_printf("%s router called for %s\n domain = %s\n",
rblock->name, addr->address, addr->domain);
/* If an SRV check is required, expand the service name */
if (ob->check_srv != NULL)
{
srv_service = expand_string(ob->check_srv);
if (srv_service == NULL && !expand_string_forcedfail)
{
addr->message = string_sprintf("%s router: failed to expand \"%s\": %s",
rblock->name, ob->check_srv, expand_string_message);
return DEFER;
}
else whichrrs |= HOST_FIND_BY_SRV;
}
/* Set up the first of any widening domains. The code further down copes with
either pre- or post-widening, but at present there is no way to turn on
pre-widening, as actually doing so seems like a rather bad idea, and nobody has
requested it. Pre-widening would cause local abbreviated names to take
precedence over global names. For example, if the domain is "xxx.ch" it might
be something in the "ch" toplevel domain, but it also might be xxx.ch.xyz.com.
The choice of pre- or post-widening affects which takes precedence. If ever
somebody comes up with some kind of requirement for pre-widening, presumably
with some conditions under which it is done, it can be selected here.
The rewrite_headers option works only when routing an address at transport
time, because the alterations to the headers are not persistent so must be
worked out immediately before they are used. Sender addresses are routed for
verification purposes, but never at transport time, so any header changes that
you might expect as a result of sender domain widening do not occur. Therefore
we do not perform widening when verifying sender addresses; however, widening
sender addresses is OK if we do not have to rewrite the headers. A corollary
of this is that if the current address is not the original address, then it
does not appear in the message header so it is also OK to widen. The
suppression of widening for sender addresses is silent because it is the
normal desirable behaviour. */
if (ob->widen_domains != NULL &&
(verify != v_sender || !ob->rewrite_headers || addr->parent != NULL))
{
listptr = ob->widen_domains;
widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
sizeof(widen_buffer));
/****
if (some condition requiring pre-widening)
{
post_widen = pre_widen;
pre_widen = NULL;
}
****/
}
/* Loop to cope with explicit widening of domains as configured. This code
copes with widening that may happen before or after the original name. The
decision as to which is taken above. */
for (;;)
{
int flags = whichrrs;
BOOL removed = FALSE;
if (pre_widen != NULL)
{
h.name = pre_widen;
pre_widen = NULL;
}
else if (widen != NULL)
{
h.name = string_sprintf("%s.%s", addr->domain, widen);
widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
sizeof(widen_buffer));
DEBUG(D_route) debug_printf("%s router widened %s to %s\n", rblock->name,
addr->domain, h.name);
}
else if (post_widen != NULL)
{
h.name = post_widen;
post_widen = NULL;
DEBUG(D_route) debug_printf("%s router trying %s after widening failed\n",
rblock->name, h.name);
}
else return DECLINE;
/* Set up the rest of the initial host item. Others may get chained on if
there is more than one IP address. We set it up here instead of outside the
loop so as to re-initialize if a previous try succeeded but was rejected
because of not having an MX record. */
h.next = NULL;
h.address = NULL;
h.port = PORT_NONE;
h.mx = MX_NONE;
h.status = hstatus_unknown;
h.why = hwhy_unknown;
h.last_try = 0;
/* Unfortunately, we cannot set the mx_only option in advance, because the
DNS lookup may extend an unqualified name. Therefore, we must do the test
subsequently. We use the same logic as that for widen_domains above to avoid
requesting a header rewrite that cannot work. */
if (verify != v_sender || !ob->rewrite_headers || addr->parent != NULL)
{
if (ob->qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
if (ob->search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
}
rc = host_find_bydns(&h, rblock->ignore_target_hosts, flags, srv_service,
ob->srv_fail_domains, ob->mx_fail_domains, &fully_qualified_name, &removed);
if (removed) setflag(addr, af_local_host_removed);
/* If host found with only address records, test for the domain's being in
the mx_domains list. Note that this applies also to SRV records; the name of
the option is historical. */
if ((rc == HOST_FOUND || rc == HOST_FOUND_LOCAL) && h.mx < 0 &&
ob->mx_domains != NULL)
{
switch(match_isinlist(fully_qualified_name, &(ob->mx_domains), 0,
&domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
{
case DEFER:
addr->message = US"lookup defer for mx_domains";
return DEFER;
case OK:
DEBUG(D_route) debug_printf("%s router rejected %s: no MX record(s)\n",
rblock->name, fully_qualified_name);
continue;
}
}
/* Deferral returns forthwith, and anything other than failure breaks the
loop. */
if (rc == HOST_FIND_AGAIN)
{
if (rblock->pass_on_timeout)
{
DEBUG(D_route) debug_printf("%s router timed out, and pass_on_timeout is set\n",
rblock->name);
return PASS;
}
addr->message = US"host lookup did not complete";
return DEFER;
}
if (rc != HOST_FIND_FAILED) break;
/* Check to see if the failure is the result of MX records pointing to
non-existent domains, and if so, set an appropriate error message; the case
of an MX or SRV record pointing to "." is another special case that we can
detect. Otherwise "unknown mail domain" is used, which is confusing. Also, in
this case don't do the widening. We need check only the first host to see if
its MX has been filled in, but there is no address, because if there were any
usable addresses returned, we would not have had HOST_FIND_FAILED.
As a common cause of this problem is MX records with IP addresses on the
RHS, give a special message in this case. */
if (h.mx >= 0 && h.address == NULL)
{
setflag(addr, af_pass_message); /* This is not a security risk */
if (h.name[0] == 0)
addr->message = US"an MX or SRV record indicated no SMTP service";
else
{
addr->message = US"all relevant MX records point to non-existent hosts";
if (!allow_mx_to_ip && string_is_ip_address(h.name, NULL) != 0)
{
addr->user_message =
string_sprintf("It appears that the DNS operator for %s\n"
"has installed an invalid MX record with an IP address\n"
"instead of a domain name on the right hand side.", addr->domain);
addr->message = string_sprintf("%s or (invalidly) to IP addresses",
addr->message);
}
}
return DECLINE;
}
/* If there's a syntax error, do not continue with any widening, and note
the error. */
if (host_find_failed_syntax)
{
addr->message = string_sprintf("mail domain \"%s\" is syntactically "
"invalid", h.name);
return DECLINE;
}
}
/* If the original domain name has been changed as a result of the host lookup,
set up a child address for rerouting and request header rewrites if so
configured. Then yield REROUTED. However, if the only change is a change of
case in the domain name, which some resolvers yield (others don't), just change
the domain name in the original address so that the official version is used in
RCPT commands. */
if (Ustrcmp(addr->domain, fully_qualified_name) != 0)
{
if (strcmpic(addr->domain, fully_qualified_name) == 0)
{
uschar *at = Ustrrchr(addr->address, '@');
memcpy(at+1, fully_qualified_name, Ustrlen(at+1));
}
else
{
rf_change_domain(addr, fully_qualified_name, ob->rewrite_headers, addr_new);
return REROUTED;
}
}
/* If the yield is HOST_FOUND_LOCAL, the remote domain name either found MX
records with the lowest numbered one pointing to a host with an IP address that
is set on one of the interfaces of this machine, or found A records or got
addresses from gethostbyname() that contain one for this machine. This can
happen quite legitimately if the original name was a shortened form of a
domain, but we will have picked that up already via the name change test above.
Otherwise, the action to be taken can be configured by the self option, the
handling of which is in a separate function, as it is also required for other
routers. */
if (rc == HOST_FOUND_LOCAL)
{
rc = rf_self_action(addr, &h, rblock->self_code, rblock->self_rewrite,
rblock->self, addr_new);
if (rc != OK) return rc;
}
/* Otherwise, insist on being a secondary MX if so configured */
else if (ob->check_secondary_mx && !testflag(addr, af_local_host_removed))
{
DEBUG(D_route) debug_printf("check_secondary_mx set and local host not secondary\n");
return DECLINE;
}
/* Set up the errors address, if any. */
rc = rf_get_errors_address(addr, rblock, verify, &(addr->p.errors_address));
if (rc != OK) return rc;
/* Set up the additional and removeable headers for this address. */
rc = rf_get_munge_headers(addr, rblock, &(addr->p.extra_headers),
&(addr->p.remove_headers));
if (rc != OK) return rc;
/* Get store in which to preserve the original host item, chained on
to the address. */
addr->host_list = store_get(sizeof(host_item));
addr->host_list[0] = h;
/* Fill in the transport and queue the address for delivery. */
if (!rf_get_transport(rblock->transport_name, &(rblock->transport),
addr, rblock->name, NULL))
return DEFER;
addr->transport = rblock->transport;
return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)?
OK : DEFER;
}
int
dns_basic_lookup(dns_answer *dnsa, const uschar *name, int type)
{
#ifndef STAND_ALONE
int rc = -1;
const uschar *save_domain;
#endif
res_state resp = os_get_dns_resolver_res();
tree_node *previous;
uschar node_name[290];
/* DNS lookup failures of any kind are cached in a tree. This is mainly so that
a timeout on one domain doesn't happen time and time again for messages that
have many addresses in the same domain. We rely on the resolver and name server
caching for successful lookups. */
sprintf(CS node_name, "%.255s-%s-%lx", name, dns_text_type(type),
resp->options);
previous = tree_search(tree_dns_fails, node_name);
if (previous != NULL)
{
DEBUG(D_dns) debug_printf("DNS lookup of %.255s-%s: using cached value %s\n",
name, dns_text_type(type),
(previous->data.val == DNS_NOMATCH)? "DNS_NOMATCH" :
(previous->data.val == DNS_NODATA)? "DNS_NODATA" :
(previous->data.val == DNS_AGAIN)? "DNS_AGAIN" :
(previous->data.val == DNS_FAIL)? "DNS_FAIL" : "??");
return previous->data.val;
}
#ifdef EXPERIMENTAL_INTERNATIONAL
/* Convert all names to a-label form before doing lookup */
{
uschar * alabel;
uschar * errstr = NULL;
DEBUG(D_dns) if (string_is_utf8(name))
debug_printf("convert utf8 '%s' to alabel for for lookup\n", name);
if ((alabel = string_domain_utf8_to_alabel(name, &errstr)), errstr)
{
DEBUG(D_dns)
debug_printf("DNS name '%s' utf8 conversion to alabel failed: %s\n", name,
errstr);
host_find_failed_syntax = TRUE;
return DNS_NOMATCH;
}
name = alabel;
}
#endif
/* If configured, check the hygene of the name passed to lookup. Otherwise,
although DNS lookups may give REFUSED at the lower level, some resolvers
turn this into TRY_AGAIN, which is silly. Give a NOMATCH return, since such
domains cannot be in the DNS. The check is now done by a regular expression;
give it space for substring storage to save it having to get its own if the
regex has substrings that are used - the default uses a conditional.
This test is omitted for PTR records. These occur only in calls from the dnsdb
lookup, which constructs the names itself, so they should be OK. Besides,
bitstring labels don't conform to normal name syntax. (But the aren't used any
more.)
For SRV records, we omit the initial _smtp._tcp. components at the start. */
#ifndef STAND_ALONE /* Omit this for stand-alone tests */
if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
{
const uschar *checkname = name;
int ovector[3*(EXPAND_MAXN+1)];
dns_pattern_init();
/* For an SRV lookup, skip over the first two components (the service and
protocol names, which both start with an underscore). */
if (type == T_SRV || type == T_TLSA)
{
while (*checkname++ != '.');
while (*checkname++ != '.');
}
if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),
0, PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int)) < 0)
{
DEBUG(D_dns)
debug_printf("DNS name syntax check failed: %s (%s)\n", name,
dns_text_type(type));
host_find_failed_syntax = TRUE;
return DNS_NOMATCH;
}
}
#endif /* STAND_ALONE */
/* Call the resolver; for an overlong response, res_search() will return the
number of bytes the message would need, so we need to check for this case. The
effect is to truncate overlong data.
On some systems, res_search() will recognize "A-for-A" queries and return
the IP address instead of returning -1 with h_error=HOST_NOT_FOUND. Some
nameservers are also believed to do this. It is, of course, contrary to the
specification of the DNS, so we lock it out. */
if ((type == T_A || type == T_AAAA) && string_is_ip_address(name, NULL) != 0)
return DNS_NOMATCH;
/* If we are running in the test harness, instead of calling the normal resolver
(res_search), we call fakens_search(), which recognizes certain special
domains, and interfaces to a fake nameserver for certain special zones. */
dnsa->answerlen = running_in_test_harness
? fakens_search(name, type, dnsa->answer, MAXPACKET)
: res_search(CCS name, C_IN, type, dnsa->answer, MAXPACKET);
if (dnsa->answerlen > MAXPACKET)
{
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet (size %d), truncating to %d.\n",
name, dns_text_type(type), dnsa->answerlen, MAXPACKET);
dnsa->answerlen = MAXPACKET;
}
if (dnsa->answerlen < 0) switch (h_errno)
{
case HOST_NOT_FOUND:
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave HOST_NOT_FOUND\n"
"returning DNS_NOMATCH\n", name, dns_text_type(type));
return dns_return(name, type, DNS_NOMATCH);
case TRY_AGAIN:
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n",
name, dns_text_type(type));
/* Cut this out for various test programs */
#ifndef STAND_ALONE
save_domain = deliver_domain;
deliver_domain = string_copy(name); /* set $domain */
rc = match_isinlist(name, (const uschar **)&dns_again_means_nonexist, 0, NULL, NULL,
MCL_DOMAIN, TRUE, NULL);
deliver_domain = save_domain;
if (rc != OK)
{
DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n");
return dns_return(name, type, DNS_AGAIN);
}
DEBUG(D_dns) debug_printf("%s is in dns_again_means_nonexist: returning "
"DNS_NOMATCH\n", name);
return dns_return(name, type, DNS_NOMATCH);
#else /* For stand-alone tests */
return dns_return(name, type, DNS_AGAIN);
#endif
case NO_RECOVERY:
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_RECOVERY\n"
"returning DNS_FAIL\n", name, dns_text_type(type));
return dns_return(name, type, DNS_FAIL);
case NO_DATA:
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave NO_DATA\n"
"returning DNS_NODATA\n", name, dns_text_type(type));
return dns_return(name, type, DNS_NODATA);
default:
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave unknown DNS error %d\n"
"returning DNS_FAIL\n", name, dns_text_type(type), h_errno);
return dns_return(name, type, DNS_FAIL);
}
DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) succeeded\n",
name, dns_text_type(type));
return DNS_SUCCEED;
}
int
lss_match_local_part(uschar *local_part, uschar *list, BOOL caseless)
{
return match_isinlist(CUS local_part, CUSS &list, 0, &localpartlist_anchor, NULL,
MCL_LOCALPART, caseless, NULL);
}
int
lss_match_domain(uschar *domain, uschar *list)
{
return match_isinlist(CUS domain, CUSS &list, 0, &domainlist_anchor, NULL, MCL_DOMAIN,
TRUE, NULL);
}
uschar *dkim_exim_sign(int dkim_fd,
uschar *dkim_private_key,
uschar *dkim_domain,
uschar *dkim_selector,
uschar *dkim_canon,
uschar *dkim_sign_headers) {
int sep = 0;
uschar *seen_items = NULL;
int seen_items_size = 0;
int seen_items_offset = 0;
uschar itembuf[256];
uschar *dkim_canon_expanded;
uschar *dkim_sign_headers_expanded;
uschar *dkim_private_key_expanded;
pdkim_ctx *ctx = NULL;
uschar *rc = NULL;
uschar *sigbuf = NULL;
int sigsize = 0;
int sigptr = 0;
pdkim_signature *signature;
int pdkim_canon;
int pdkim_rc;
int sread;
char buf[4096];
int save_errno = 0;
int old_pool = store_pool;
store_pool = POOL_MAIN;
dkim_domain = expand_string(dkim_domain);
if (dkim_domain == NULL) {
/* expansion error, do not send message. */
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"dkim_domain: %s", expand_string_message);
rc = NULL;
goto CLEANUP;
}
/* Set $dkim_domain expansion variable to each unique domain in list. */
while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep,
itembuf,
sizeof(itembuf))) != NULL) {
if (!dkim_signing_domain || (dkim_signing_domain[0] == '\0')) continue;
/* Only sign once for each domain, no matter how often it
appears in the expanded list. */
if (seen_items != NULL) {
uschar *seen_items_list = seen_items;
if (match_isinlist(dkim_signing_domain,
&seen_items_list,0,NULL,NULL,MCL_STRING,TRUE,NULL) == OK)
continue;
seen_items = string_append(seen_items,&seen_items_size,&seen_items_offset,1,":");
}
seen_items = string_append(seen_items,&seen_items_size,&seen_items_offset,1,dkim_signing_domain);
seen_items[seen_items_offset] = '\0';
/* Set up $dkim_selector expansion variable. */
dkim_signing_selector = expand_string(dkim_selector);
if (dkim_signing_selector == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"dkim_selector: %s", expand_string_message);
rc = NULL;
goto CLEANUP;
}
/* Get canonicalization to use */
dkim_canon_expanded = expand_string(dkim_canon?dkim_canon:US"relaxed");
if (dkim_canon_expanded == NULL) {
/* expansion error, do not send message. */
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"dkim_canon: %s", expand_string_message);
rc = NULL;
goto CLEANUP;
}
if (Ustrcmp(dkim_canon_expanded, "relaxed") == 0)
pdkim_canon = PDKIM_CANON_RELAXED;
else if (Ustrcmp(dkim_canon_expanded, "simple") == 0)
pdkim_canon = PDKIM_CANON_SIMPLE;
else {
log_write(0, LOG_MAIN, "DKIM: unknown canonicalization method '%s', defaulting to 'relaxed'.\n",dkim_canon_expanded);
pdkim_canon = PDKIM_CANON_RELAXED;
}
if (dkim_sign_headers) {
dkim_sign_headers_expanded = expand_string(dkim_sign_headers);
if (dkim_sign_headers_expanded == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"dkim_sign_headers: %s", expand_string_message);
rc = NULL;
goto CLEANUP;
}
}
else {
/* pass NULL, which means default header list */
dkim_sign_headers_expanded = NULL;
}
/* Get private key to use. */
dkim_private_key_expanded = expand_string(dkim_private_key);
if (dkim_private_key_expanded == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"dkim_private_key: %s", expand_string_message);
rc = NULL;
goto CLEANUP;
}
if ( (Ustrlen(dkim_private_key_expanded) == 0) ||
(Ustrcmp(dkim_private_key_expanded,"0") == 0) ||
(Ustrcmp(dkim_private_key_expanded,"false") == 0) ) {
/* don't sign, but no error */
continue;
}
if (dkim_private_key_expanded[0] == '/') {
int privkey_fd = 0;
/* Looks like a filename, load the private key. */
memset(big_buffer,0,big_buffer_size);
privkey_fd = open(CS dkim_private_key_expanded,O_RDONLY);
if (privkey_fd < 0) {
log_write(0, LOG_MAIN|LOG_PANIC, "unable to open "
"private key file for reading: %s", dkim_private_key_expanded);
rc = NULL;
goto CLEANUP;
}
if (read(privkey_fd,big_buffer,(big_buffer_size-2)) < 0) {
log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
dkim_private_key_expanded);
rc = NULL;
goto CLEANUP;
}
(void)close(privkey_fd);
dkim_private_key_expanded = big_buffer;
}
ctx = pdkim_init_sign(PDKIM_INPUT_SMTP,
(char *)dkim_signing_domain,
(char *)dkim_signing_selector,
(char *)dkim_private_key_expanded
);
pdkim_set_debug_stream(ctx,debug_file);
pdkim_set_optional(ctx,
(char *)dkim_sign_headers_expanded,
NULL,
pdkim_canon,
pdkim_canon,
-1,
PDKIM_ALGO_RSA_SHA256,
0,
0);
lseek(dkim_fd, 0, SEEK_SET);
while((sread = read(dkim_fd,&buf,4096)) > 0) {
if (pdkim_feed(ctx,buf,sread) != PDKIM_OK) {
rc = NULL;
goto CLEANUP;
}
}
/* Handle failed read above. */
if (sread == -1) {
debug_printf("DKIM: Error reading -K file.\n");
save_errno = errno;
rc = NULL;
goto CLEANUP;
}
pdkim_rc = pdkim_feed_finish(ctx,&signature);
if (pdkim_rc != PDKIM_OK) {
log_write(0, LOG_MAIN|LOG_PANIC, "DKIM: signing failed (RC %d)", pdkim_rc);
rc = NULL;
goto CLEANUP;
}
sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2,
US signature->signature_header,
US"\r\n");
pdkim_free_ctx(ctx);
ctx = NULL;
}
if (sigbuf != NULL) {
sigbuf[sigptr] = '\0';
rc = sigbuf;
} else
rc = US"";
CLEANUP:
if (ctx != NULL)
pdkim_free_ctx(ctx);
store_pool = old_pool;
errno = save_errno;
return rc;
}
static int
internal_lsearch_find(void *handle, uschar *filename, uschar *keystring,
int length, uschar **result, uschar **errmsg, int type)
{
FILE *f = (FILE *)handle;
BOOL last_was_eol = TRUE;
BOOL this_is_eol = TRUE;
int old_pool = store_pool;
void *reset_point = NULL;
uschar buffer[4096];
/* Wildcard searches may use up some store, because of expansions. We don't
want them to fill up our search store. What we do is set the pool to the main
pool and get a point to reset to later. Wildcard searches could also issue
lookups, but internal_search_find will take care of that, and the cache will be
safely stored in the search pool again. */
if(type == LSEARCH_WILD || type == LSEARCH_NWILD)
{
store_pool = POOL_MAIN;
reset_point = store_get(0);
}
filename = filename; /* Keep picky compilers happy */
errmsg = errmsg;
rewind(f);
for (last_was_eol = TRUE;
Ufgets(buffer, sizeof(buffer), f) != NULL;
last_was_eol = this_is_eol)
{
int ptr, size;
int p = Ustrlen(buffer);
int linekeylength;
BOOL this_is_comment;
uschar *yield;
uschar *s = buffer;
/* Check whether this the final segment of a line. If it follows an
incomplete part-line, skip it. */
this_is_eol = p > 0 && buffer[p-1] == '\n';
if (!last_was_eol) continue;
/* We now have the start of a physical line. If this is a final line segment,
remove trailing white space. */
if (this_is_eol)
{
while (p > 0 && isspace((uschar)buffer[p-1])) p--;
buffer[p] = 0;
}
/* If the buffer is empty it might be (a) a complete empty line, or (b) the
start of a line that begins with so much white space that it doesn't all fit
in the buffer. In both cases we want to skip the entire physical line.
If the buffer begins with # it is a comment line; if it begins with white
space it is a logical continuation; again, we want to skip the entire
physical line. */
if (buffer[0] == 0 || buffer[0] == '#' || isspace(buffer[0])) continue;
/* We assume that they key will fit in the buffer. If the key starts with ",
read it as a quoted string. We don't use string_dequote() because that uses
new store for the result, and we may be doing this many times in a long file.
We know that the dequoted string must be shorter than the original, because
we are removing the quotes, and also any escape sequences always turn two or
more characters into one character. Therefore, we can store the new string in
the same buffer. */
if (*s == '\"')
{
uschar *t = s++;
while (*s != 0 && *s != '\"')
{
if (*s == '\\') *t++ = string_interpret_escape(&s);
else *t++ = *s;
s++;
}
if (*s != 0) s++; /* Past terminating " */
linekeylength = t - buffer;
}
/* Otherwise it is terminated by a colon or white space */
else
{
while (*s != 0 && *s != ':' && !isspace(*s)) s++;
linekeylength = s - buffer;
}
/* The matching test depends on which kind of lsearch we are doing */
switch(type)
{
/* A plain lsearch treats each key as a literal */
case LSEARCH_PLAIN:
if (linekeylength != length || strncmpic(buffer, keystring, length) != 0)
continue;
break; /* Key matched */
/* A wild lsearch treats each key as a possible wildcarded string; no
expansion is done for nwildlsearch. */
case LSEARCH_WILD:
case LSEARCH_NWILD:
{
int rc;
int save = buffer[linekeylength];
uschar *list = buffer;
buffer[linekeylength] = 0;
rc = match_isinlist(keystring,
&list,
UCHAR_MAX+1, /* Single-item list */
NULL, /* No anchor */
NULL, /* No caching */
MCL_STRING + ((type == LSEARCH_WILD)? 0:MCL_NOEXPAND),
TRUE, /* Caseless */
NULL);
buffer[linekeylength] = save;
if (rc == FAIL) continue;
if (rc == DEFER) return DEFER;
}
/* The key has matched. If the search involved a regular expression, it
might have caused numerical variables to be set. However, their values will
be in the wrong storage pool for external use. Copying them to the standard
pool is not feasible because of the caching of lookup results - a repeated
lookup will not match the regular expression again. Therefore, we flatten
all numeric variables at this point. */
expand_nmax = -1;
break;
/* Compare an ip address against a list of network/ip addresses. We have to
allow for the "*" case specially. */
case LSEARCH_IP:
if (linekeylength == 1 && buffer[0] == '*')
{
if (length != 1 || keystring[0] != '*') continue;
}
else if (length == 1 && keystring[0] == '*') continue;
else
{
int maskoffset;
int save = buffer[linekeylength];
buffer[linekeylength] = 0;
if (string_is_ip_address(buffer, &maskoffset) == 0 ||
!host_is_in_net(keystring, buffer, maskoffset)) continue;
buffer[linekeylength] = save;
}
break; /* Key matched */
}
/* The key has matched. Skip spaces after the key, and allow an optional
colon after the spaces. This is an odd specification, but it's for
compatibility. */
while (isspace((uschar)*s)) s++;
if (*s == ':')
{
s++;
while (isspace((uschar)*s)) s++;
}
/* Reset dynamic store, if we need to, and revert to the search pool */
if (reset_point != NULL)
{
store_reset(reset_point);
store_pool = old_pool;
}
/* Now we want to build the result string to contain the data. There can be
two kinds of continuation: (a) the physical line may not all have fitted into
the buffer, and (b) there may be logical continuation lines, for which we
must convert all leading white space into a single blank.
Initialize, and copy the first segment of data. */
this_is_comment = FALSE;
size = 100;
ptr = 0;
yield = store_get(size);
if (*s != 0)
yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
/* Now handle continuations */
for (last_was_eol = this_is_eol;
Ufgets(buffer, sizeof(buffer), f) != NULL;
last_was_eol = this_is_eol)
{
s = buffer;
p = Ustrlen(buffer);
this_is_eol = p > 0 && buffer[p-1] == '\n';
/* Remove trailing white space from a physical line end */
if (this_is_eol)
{
while (p > 0 && isspace((uschar)buffer[p-1])) p--;
buffer[p] = 0;
}
/* If this is not a physical line continuation, skip it entirely if it's
empty or starts with #. Otherwise, break the loop if it doesn't start with
white space. Otherwise, replace leading white space with a single blank. */
if (last_was_eol)
{
this_is_comment = (this_is_comment || (buffer[0] == 0 || buffer[0] == '#'));
if (this_is_comment) continue;
if (!isspace((uschar)buffer[0])) break;
while (isspace((uschar)*s)) s++;
*(--s) = ' ';
}
if (this_is_comment) continue;
/* Join a physical or logical line continuation onto the result string. */
yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
}
yield[ptr] = 0;
store_reset(yield + ptr + 1);
*result = yield;
return OK;
}
/* Reset dynamic store, if we need to */
if (reset_point != NULL)
{
store_reset(reset_point);
store_pool = old_pool;
}
return FAIL;
}
