Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] milter-greylist 2.1.8 is available

2006-07-28 by Hajimu UMEMOTO

Hi,

>>>>> On Thu, 27 Jul 2006 23:03:40 +0200
>>>>> manu@... said:

manu> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.8.tgz
manu> MD5 (milter-greylist-2.1.8.tgz) = 839757e776eec20973dbfd6580450e55 

manu> The only new feature since this afternoon's version is acl blacklist.

manu> Please test things, the goal now is to relase milter-greylist 3.0 with
manu> as much bugs fixed as possible. 

FreeBSD around 5.2-RELEASE and 6.1-STABLE don't have res_n*() but the
stock resolver is thread-safe.  FreeBSD 6.1-STABLE and later's stock
resolver is based on BIND9's one.

	FreeBSD		| thread-safe	res_n*()
	----------------+-----------------------
	< 5.2-R		| X		X
	5.2-R -- 6.1-R	| O		X
	> 6.1-S	 	| O		O

So, I wish to add --thread-safe-resolver option to configure script,
and make dnsrbl.c buildable without res_n*().

BTW, it seems you forgot to issue res_ndestroy() to release resources
used by resolver internally.  Slightly old BIND9 doesn't have
res_ndestroy().  If there is no res_ndestroy(), we need to issue
res_nclose() instead.

Here is the patch.  I've not tested it actually, yet.

Index: configure.ac
diff -u configure.ac.orig configure.ac
--- configure.ac.orig	Fri Jul 28 05:10:06 2006
+++ configure.ac	Fri Jul 28 13:13:45 2006
@@ -620,21 +620,24 @@
 AC_MSG_RESULT([$brokenpth])
 
 # Check is DNS resolver is re-entrant
-SAVEDCFLAGS=$CFLAGS
-CFLAGS=$CFLAGS" -Wall -Werror"
-AC_MSG_CHECKING([if DNS resolver is re-entrant])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
-		#include <netinet/in.h>
-		#include <arpa/inet.h>
-		#include <arpa/nameser.h>
-		#include <resolv.h>
-	],[
-		struct __res_state res;
+AC_ARG_WITH(thread-safe-resolver,
+	[  --with-thread-safe-resolver   Resolver is thread-safe],
+	[rdns=yes],[
+	SAVEDCFLAGS=$CFLAGS
+	CFLAGS=$CFLAGS" -Wall -Werror"
+	AC_MSG_CHECKING([if DNS resolver is re-entrant])
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+			#include <netinet/in.h>
+			#include <arpa/inet.h>
+			#include <arpa/nameser.h>
+			#include <resolv.h>
+		],[
+			struct __res_state res;
 
-		res_ninit(&res);
-	])], [rdns=yes], [rdns=no])
-AC_MSG_RESULT([$rdns])
-CFLAGS=$SAVEDCFLAGS
+			res_ninit(&res);
+		])], [rdns=yes], [rdns=no])
+	AC_MSG_RESULT([$rdns])
+	CFLAGS=$SAVEDCFLAGS])
 
 # Check for DNSRBL
 AC_ARG_ENABLE(dnsrbl,
Index: dnsrbl.c
diff -u -p dnsrbl.c.orig dnsrbl.c
--- dnsrbl.c.orig	Wed Jul 26 22:26:02 2006
+++ dnsrbl.c	Fri Jul 28 13:13:24 2006
@@ -55,6 +55,23 @@ __RCSID("$Id: dnsrbl.c,v 1.3 2006/07/26 
 #include <arpa/nameser.h>
 #include <resolv.h>
 
+#ifndef NS_MAXMSG
+#define NS_MAXMSG	65535
+#endif
+
+#ifdef res_ninit
+#define HAVE_RESN	1
+#ifndef res_ndestroy
+#define res_ndestroy(res)	res_nclose(res)
+#endif
+#else
+#define	res_ninit(res) \
+	((_res.options & RES_INIT) == 0 && res_init())
+#define res_nquery(res, req, class, type, ans, anslen)	\
+	res_query(req, class, type, ans, anslen)
+#define res_ndestroy(res)
+#endif
+
 #include "milter-greylist.h"
 #include "dnsrbl.h"
 
@@ -68,14 +85,16 @@ void
 dnsrbl_init(void) {
 	LIST_INIT(&dnsrbl_head);
 	return;
-}  
+}
 
 int
 dnsrbl_check_source(sa, source)
 	struct sockaddr *sa;
         struct dnsrbl_entry *source;
 {
+#ifdef HAVE_RESN
 	struct __res_state res;
+#endif
 	struct sockaddr_storage ss;
 	char req[NS_MAXDNAME + 1];
 	char ans[NS_MAXMSG + 1];
@@ -86,6 +105,7 @@ dnsrbl_check_source(sa, source)
 	int i;
 	char *dnsrbl = source->d_domain;
 	struct sockaddr *blacklisted;
+	int retval = 0;
 
 	blacklisted = (struct sockaddr *)&source->d_blacklisted;
 
@@ -110,7 +130,8 @@ dnsrbl_check_source(sa, source)
 
 	if ((inet_ntop(ss.ss_family, addr, req, NS_MAXDNAME)) == NULL){
 		syslog(LOG_ERR, "inet_ntop failed: %s", strerror(errno));
-		return -1;
+		retval = -1;
+		goto end;
 	}
 
 	(void)strncat(req, ".", NS_MAXDNAME);
@@ -118,13 +139,14 @@ dnsrbl_check_source(sa, source)
 
 	anslen = res_nquery(&res, req, C_IN, T_A, ans, sizeof(ans));
 	if (anslen == -1)
-		return 0;
+		goto end;
 
 	if (ns_initparse(ans, anslen, &handle) < 0) {
 		syslog(LOG_ERR, "ns_initparse failed: %s", strerror(errno));
-		return -1;
+		retval = -1;
+		goto end;
 	}
-	
+
 	for (i = 0; i < ns_msg_count(handle, ns_s_an); i++) {
 		char *addr;
 		size_t len;
@@ -132,7 +154,8 @@ dnsrbl_check_source(sa, source)
 		if ((ns_parserr(&handle, ns_s_an, i, &rr)) != 0) {
 			syslog(LOG_ERR, "ns_parserr failed: %s", 
 			    strerror(errno));
-			return -1;
+			retval = -1;
+			goto end;
 		}
 
 		switch (blacklisted->sa_family) {
@@ -167,11 +190,15 @@ dnsrbl_check_source(sa, source)
 			break;
 		}
 
-		if (memcmp(addr, rr.rdata, len) == 0)
-			return 1;
+		if (memcmp(addr, rr.rdata, len) == 0) {
+			retval = 1;
+			goto end;
+		}
 	}
 
-	return 0;
+end:
+	res_ndestroy(&res);
+	return retval;
 }
 
 

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.