Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or | |
9 | directly via the DNS. When IPv6 is supported, getipnodebyname() and | |
10 | getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(), | |
11 | if the newer functions are available. This module also contains various other | |
12 | functions concerned with hosts and addresses, and a random number function, | |
13 | used for randomizing hosts with equal MXs but available for use in other parts | |
14 | of Exim. */ | |
15 | ||
16 | ||
17 | #include "exim.h" | |
18 | ||
19 | ||
20 | /* Static variable for preserving the list of interface addresses in case it is | |
21 | used more than once. */ | |
22 | ||
23 | static ip_address_item *local_interface_data = NULL; | |
24 | ||
25 | ||
26 | #ifdef USE_INET_NTOA_FIX | |
27 | /************************************************* | |
28 | * Replacement for broken inet_ntoa() * | |
29 | *************************************************/ | |
30 | ||
31 | /* On IRIX systems, gcc uses a different structure passing convention to the | |
32 | native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or | |
33 | 255.255.255.255. To get round this, we provide a private version of the | |
34 | function here. It is used only if USE_INET_NTOA_FIX is set, which should happen | |
35 | only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner, | |
36 | with these comments: | |
37 | ||
38 | code by Stuart Levy | |
39 | as seen in comp.sys.sgi.admin | |
40 | ||
2548ba04 PH |
41 | August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX |
42 | should now be set for them as well. | |
43 | ||
059ec3d9 PH |
44 | Arguments: sa an in_addr structure |
45 | Returns: pointer to static text string | |
46 | */ | |
47 | ||
48 | char * | |
49 | inet_ntoa(struct in_addr sa) | |
50 | { | |
51 | static uschar addr[20]; | |
52 | sprintf(addr, "%d.%d.%d.%d", | |
53 | (US &sa.s_addr)[0], | |
54 | (US &sa.s_addr)[1], | |
55 | (US &sa.s_addr)[2], | |
56 | (US &sa.s_addr)[3]); | |
57 | return addr; | |
58 | } | |
59 | #endif | |
60 | ||
61 | ||
62 | ||
63 | /************************************************* | |
64 | * Random number generator * | |
65 | *************************************************/ | |
66 | ||
67 | /* This is a simple pseudo-random number generator. It does not have to be | |
68 | very good for the uses to which it is put. When running the regression tests, | |
69 | start with a fixed seed. | |
70 | ||
17c76198 | 71 | If you need better, see vaguely_random_number() which is potentially stronger, |
9e3331ea TK |
72 | if a crypto library is available, but might end up just calling this instead. |
73 | ||
059ec3d9 PH |
74 | Arguments: |
75 | limit: one more than the largest number required | |
76 | ||
77 | Returns: a pseudo-random number in the range 0 to limit-1 | |
78 | */ | |
79 | ||
80 | int | |
81 | random_number(int limit) | |
82 | { | |
9e3331ea TK |
83 | if (limit < 1) |
84 | return 0; | |
059ec3d9 PH |
85 | if (random_seed == 0) |
86 | { | |
87 | if (running_in_test_harness) random_seed = 42; else | |
88 | { | |
89 | int p = (int)getpid(); | |
90 | random_seed = (int)time(NULL) ^ ((p << 16) | p); | |
91 | } | |
92 | } | |
93 | random_seed = 1103515245 * random_seed + 12345; | |
94 | return (unsigned int)(random_seed >> 16) % limit; | |
95 | } | |
96 | ||
846430d9 JH |
97 | /************************************************* |
98 | * Wrappers for logging lookup times * | |
99 | *************************************************/ | |
100 | ||
101 | /* When the 'slow_lookup_log' variable is enabled, these wrappers will | |
102 | write to the log file all (potential) dns lookups that take more than | |
103 | slow_lookup_log milliseconds | |
104 | */ | |
105 | ||
106 | static void | |
107 | log_long_lookup(const uschar * type, const uschar * data, unsigned long msec) | |
108 | { | |
109 | log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec", | |
110 | type, data, msec); | |
111 | } | |
112 | ||
113 | ||
114 | /* returns the current system epoch time in milliseconds. */ | |
115 | static unsigned long | |
116 | get_time_in_ms() | |
117 | { | |
118 | struct timeval tmp_time; | |
119 | unsigned long seconds, microseconds; | |
120 | ||
121 | gettimeofday(&tmp_time, NULL); | |
122 | seconds = (unsigned long) tmp_time.tv_sec; | |
123 | microseconds = (unsigned long) tmp_time.tv_usec; | |
124 | return seconds*1000 + microseconds/1000; | |
125 | } | |
126 | ||
127 | ||
128 | static int | |
129 | dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type, | |
130 | const uschar **fully_qualified_name) | |
131 | { | |
132 | int retval; | |
133 | unsigned long time_msec; | |
134 | ||
135 | if (!slow_lookup_log) | |
136 | return dns_lookup(dnsa, name, type, fully_qualified_name); | |
137 | ||
138 | time_msec = get_time_in_ms(); | |
139 | retval = dns_lookup(dnsa, name, type, fully_qualified_name); | |
140 | if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log) | |
141 | log_long_lookup(US"name", name, time_msec); | |
142 | return retval; | |
143 | } | |
059ec3d9 PH |
144 | |
145 | ||
e7726cbf PH |
146 | /************************************************* |
147 | * Replace gethostbyname() when testing * | |
148 | *************************************************/ | |
149 | ||
150 | /* This function is called instead of gethostbyname(), gethostbyname2(), or | |
1fb7660f | 151 | getipnodebyname() when running in the test harness. . It also |
7a546ad5 PH |
152 | recognizes an unqualified "localhost" and forces it to the appropriate loopback |
153 | address. IP addresses are treated as literals. For other names, it uses the DNS | |
75e0e026 PH |
154 | to find the host name. In the test harness, this means it will access only the |
155 | fake DNS resolver. | |
e7726cbf PH |
156 | |
157 | Arguments: | |
158 | name the host name or a textual IP address | |
159 | af AF_INET or AF_INET6 | |
160 | error_num where to put an error code: | |
161 | HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA | |
162 | ||
163 | Returns: a hostent structure or NULL for an error | |
164 | */ | |
165 | ||
166 | static struct hostent * | |
55414b25 | 167 | host_fake_gethostbyname(const uschar *name, int af, int *error_num) |
e7726cbf | 168 | { |
70d67ad3 | 169 | #if HAVE_IPV6 |
e7726cbf | 170 | int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr); |
70d67ad3 PH |
171 | #else |
172 | int alen = sizeof(struct in_addr); | |
173 | #endif | |
174 | ||
175 | int ipa; | |
55414b25 | 176 | const uschar *lname = name; |
e7726cbf PH |
177 | uschar *adds; |
178 | uschar **alist; | |
179 | struct hostent *yield; | |
180 | dns_answer dnsa; | |
181 | dns_scan dnss; | |
182 | dns_record *rr; | |
183 | ||
184 | DEBUG(D_host_lookup) | |
185 | debug_printf("using host_fake_gethostbyname for %s (%s)\n", name, | |
186 | (af == AF_INET)? "IPv4" : "IPv6"); | |
187 | ||
7a546ad5 PH |
188 | /* Handle unqualified "localhost" */ |
189 | ||
e7726cbf PH |
190 | if (Ustrcmp(name, "localhost") == 0) |
191 | lname = (af == AF_INET)? US"127.0.0.1" : US"::1"; | |
192 | ||
193 | /* Handle a literal IP address */ | |
194 | ||
195 | ipa = string_is_ip_address(lname, NULL); | |
196 | if (ipa != 0) | |
197 | { | |
198 | if ((ipa == 4 && af == AF_INET) || | |
199 | (ipa == 6 && af == AF_INET6)) | |
200 | { | |
201 | int i, n; | |
202 | int x[4]; | |
203 | yield = store_get(sizeof(struct hostent)); | |
204 | alist = store_get(2 * sizeof(char *)); | |
205 | adds = store_get(alen); | |
206 | yield->h_name = CS name; | |
207 | yield->h_aliases = NULL; | |
208 | yield->h_addrtype = af; | |
209 | yield->h_length = alen; | |
210 | yield->h_addr_list = CSS alist; | |
211 | *alist++ = adds; | |
212 | n = host_aton(lname, x); | |
213 | for (i = 0; i < n; i++) | |
214 | { | |
215 | int y = x[i]; | |
216 | *adds++ = (y >> 24) & 255; | |
217 | *adds++ = (y >> 16) & 255; | |
218 | *adds++ = (y >> 8) & 255; | |
219 | *adds++ = y & 255; | |
220 | } | |
221 | *alist = NULL; | |
222 | } | |
223 | ||
224 | /* Wrong kind of literal address */ | |
225 | ||
226 | else | |
227 | { | |
228 | *error_num = HOST_NOT_FOUND; | |
229 | return NULL; | |
230 | } | |
231 | } | |
232 | ||
233 | /* Handle a host name */ | |
234 | ||
235 | else | |
236 | { | |
237 | int type = (af == AF_INET)? T_A:T_AAAA; | |
846430d9 | 238 | int rc = dns_lookup_timerwrap(&dnsa, lname, type, NULL); |
e7726cbf PH |
239 | int count = 0; |
240 | ||
4e0983dc JH |
241 | lookup_dnssec_authenticated = NULL; |
242 | ||
e7726cbf PH |
243 | switch(rc) |
244 | { | |
245 | case DNS_SUCCEED: break; | |
246 | case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; return NULL; | |
247 | case DNS_NODATA: *error_num = NO_DATA; return NULL; | |
248 | case DNS_AGAIN: *error_num = TRY_AGAIN; return NULL; | |
249 | default: | |
250 | case DNS_FAIL: *error_num = NO_RECOVERY; return NULL; | |
251 | } | |
252 | ||
253 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
e1a3f32f | 254 | rr; |
e7726cbf | 255 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) |
e1a3f32f JH |
256 | if (rr->type == type) |
257 | count++; | |
e7726cbf PH |
258 | |
259 | yield = store_get(sizeof(struct hostent)); | |
96f5fe4c | 260 | alist = store_get((count + 1) * sizeof(char *)); |
e7726cbf PH |
261 | adds = store_get(count *alen); |
262 | ||
263 | yield->h_name = CS name; | |
264 | yield->h_aliases = NULL; | |
265 | yield->h_addrtype = af; | |
266 | yield->h_length = alen; | |
267 | yield->h_addr_list = CSS alist; | |
268 | ||
269 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
e1a3f32f | 270 | rr; |
e7726cbf PH |
271 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) |
272 | { | |
273 | int i, n; | |
274 | int x[4]; | |
275 | dns_address *da; | |
276 | if (rr->type != type) continue; | |
e1a3f32f | 277 | if (!(da = dns_address_from_rr(&dnsa, rr))) break; |
e7726cbf PH |
278 | *alist++ = adds; |
279 | n = host_aton(da->address, x); | |
280 | for (i = 0; i < n; i++) | |
281 | { | |
282 | int y = x[i]; | |
283 | *adds++ = (y >> 24) & 255; | |
284 | *adds++ = (y >> 16) & 255; | |
285 | *adds++ = (y >> 8) & 255; | |
286 | *adds++ = y & 255; | |
287 | } | |
288 | } | |
289 | *alist = NULL; | |
290 | } | |
291 | ||
292 | return yield; | |
293 | } | |
294 | ||
295 | ||
296 | ||
059ec3d9 PH |
297 | /************************************************* |
298 | * Build chain of host items from list * | |
299 | *************************************************/ | |
300 | ||
301 | /* This function builds a chain of host items from a textual list of host | |
302 | names. It does not do any lookups. If randomize is true, the chain is build in | |
303 | a randomized order. There may be multiple groups of independently randomized | |
304 | hosts; they are delimited by a host name consisting of just "+". | |
305 | ||
306 | Arguments: | |
307 | anchor anchor for the chain | |
308 | list text list | |
309 | randomize TRUE for randomizing | |
310 | ||
311 | Returns: nothing | |
312 | */ | |
313 | ||
314 | void | |
55414b25 | 315 | host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize) |
059ec3d9 PH |
316 | { |
317 | int sep = 0; | |
318 | int fake_mx = MX_NONE; /* This value is actually -1 */ | |
319 | uschar *name; | |
059ec3d9 PH |
320 | |
321 | if (list == NULL) return; | |
322 | if (randomize) fake_mx--; /* Start at -2 for randomizing */ | |
323 | ||
324 | *anchor = NULL; | |
325 | ||
55414b25 | 326 | while ((name = string_nextinlist(&list, &sep, NULL, 0)) != NULL) |
059ec3d9 PH |
327 | { |
328 | host_item *h; | |
329 | ||
330 | if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */ | |
331 | { /* ignore if not randomizing */ | |
332 | if (randomize) fake_mx--; | |
333 | continue; | |
334 | } | |
335 | ||
336 | h = store_get(sizeof(host_item)); | |
55414b25 | 337 | h->name = name; |
059ec3d9 PH |
338 | h->address = NULL; |
339 | h->port = PORT_NONE; | |
340 | h->mx = fake_mx; | |
341 | h->sort_key = randomize? (-fake_mx)*1000 + random_number(1000) : 0; | |
342 | h->status = hstatus_unknown; | |
343 | h->why = hwhy_unknown; | |
344 | h->last_try = 0; | |
345 | ||
346 | if (*anchor == NULL) | |
347 | { | |
348 | h->next = NULL; | |
349 | *anchor = h; | |
350 | } | |
351 | else | |
352 | { | |
353 | host_item *hh = *anchor; | |
354 | if (h->sort_key < hh->sort_key) | |
355 | { | |
356 | h->next = hh; | |
357 | *anchor = h; | |
358 | } | |
359 | else | |
360 | { | |
361 | while (hh->next != NULL && h->sort_key >= (hh->next)->sort_key) | |
362 | hh = hh->next; | |
363 | h->next = hh->next; | |
364 | hh->next = h; | |
365 | } | |
366 | } | |
367 | } | |
368 | } | |
369 | ||
370 | ||
371 | ||
372 | ||
373 | ||
374 | /************************************************* | |
375 | * Extract port from address string * | |
376 | *************************************************/ | |
377 | ||
378 | /* In the spool file, and in the -oMa and -oMi options, a host plus port is | |
379 | given as an IP address followed by a dot and a port number. This function | |
380 | decodes this. | |
381 | ||
382 | An alternative format for the -oMa and -oMi options is [ip address]:port which | |
383 | is what Exim 4 uses for output, because it seems to becoming commonly used, | |
384 | whereas the dot form confuses some programs/people. So we recognize that form | |
385 | too. | |
386 | ||
387 | Argument: | |
388 | address points to the string; if there is a port, the '.' in the string | |
389 | is overwritten with zero to terminate the address; if the string | |
390 | is in the [xxx]:ppp format, the address is shifted left and the | |
391 | brackets are removed | |
392 | ||
393 | Returns: 0 if there is no port, else the port number. If there's a syntax | |
394 | error, leave the incoming address alone, and return 0. | |
395 | */ | |
396 | ||
397 | int | |
7cd1141b | 398 | host_address_extract_port(uschar *address) |
059ec3d9 PH |
399 | { |
400 | int port = 0; | |
401 | uschar *endptr; | |
402 | ||
403 | /* Handle the "bracketed with colon on the end" format */ | |
404 | ||
405 | if (*address == '[') | |
406 | { | |
407 | uschar *rb = address + 1; | |
408 | while (*rb != 0 && *rb != ']') rb++; | |
409 | if (*rb++ == 0) return 0; /* Missing ]; leave invalid address */ | |
410 | if (*rb == ':') | |
411 | { | |
412 | port = Ustrtol(rb + 1, &endptr, 10); | |
413 | if (*endptr != 0) return 0; /* Invalid port; leave invalid address */ | |
414 | } | |
415 | else if (*rb != 0) return 0; /* Bad syntax; leave invalid address */ | |
416 | memmove(address, address + 1, rb - address - 2); | |
417 | rb[-2] = 0; | |
418 | } | |
419 | ||
420 | /* Handle the "dot on the end" format */ | |
421 | ||
422 | else | |
423 | { | |
424 | int skip = -3; /* Skip 3 dots in IPv4 addresses */ | |
425 | address--; | |
426 | while (*(++address) != 0) | |
427 | { | |
428 | int ch = *address; | |
429 | if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */ | |
430 | else if (ch == '.' && skip++ >= 0) break; | |
431 | } | |
432 | if (*address == 0) return 0; | |
433 | port = Ustrtol(address + 1, &endptr, 10); | |
434 | if (*endptr != 0) return 0; /* Invalid port; leave invalid address */ | |
435 | *address = 0; | |
436 | } | |
437 | ||
438 | return port; | |
439 | } | |
440 | ||
441 | ||
7cd1141b PH |
442 | /************************************************* |
443 | * Get port from a host item's name * | |
444 | *************************************************/ | |
445 | ||
446 | /* This function is called when finding the IP address for a host that is in a | |
447 | list of hosts explicitly configured, such as in the manualroute router, or in a | |
448 | fallback hosts list. We see if there is a port specification at the end of the | |
449 | host name, and if so, remove it. A minimum length of 3 is required for the | |
450 | original name; nothing shorter is recognized as having a port. | |
451 | ||
452 | We test for a name ending with a sequence of digits; if preceded by colon we | |
453 | have a port if the character before the colon is ] and the name starts with [ | |
454 | or if there are no other colons in the name (i.e. it's not an IPv6 address). | |
455 | ||
456 | Arguments: pointer to the host item | |
457 | Returns: a port number or PORT_NONE | |
458 | */ | |
459 | ||
460 | int | |
461 | host_item_get_port(host_item *h) | |
462 | { | |
55414b25 | 463 | const uschar *p; |
7cd1141b PH |
464 | int port, x; |
465 | int len = Ustrlen(h->name); | |
466 | ||
467 | if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE; | |
468 | ||
469 | /* Extract potential port number */ | |
470 | ||
471 | port = *p-- - '0'; | |
472 | x = 10; | |
473 | ||
474 | while (p > h->name + 1 && isdigit(*p)) | |
475 | { | |
476 | port += (*p-- - '0') * x; | |
477 | x *= 10; | |
478 | } | |
479 | ||
480 | /* The smallest value of p at this point is h->name + 1. */ | |
481 | ||
482 | if (*p != ':') return PORT_NONE; | |
483 | ||
484 | if (p[-1] == ']' && h->name[0] == '[') | |
485 | h->name = string_copyn(h->name + 1, p - h->name - 2); | |
486 | else if (Ustrchr(h->name, ':') == p) | |
487 | h->name = string_copyn(h->name, p - h->name); | |
488 | else return PORT_NONE; | |
489 | ||
490 | DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port); | |
491 | return port; | |
492 | } | |
493 | ||
494 | ||
059ec3d9 PH |
495 | |
496 | #ifndef STAND_ALONE /* Omit when standalone testing */ | |
497 | ||
498 | /************************************************* | |
499 | * Build sender_fullhost and sender_rcvhost * | |
500 | *************************************************/ | |
501 | ||
502 | /* This function is called when sender_host_name and/or sender_helo_name | |
503 | have been set. Or might have been set - for a local message read off the spool | |
504 | they won't be. In that case, do nothing. Otherwise, set up the fullhost string | |
505 | as follows: | |
506 | ||
507 | (a) No sender_host_name or sender_helo_name: "[ip address]" | |
508 | (b) Just sender_host_name: "host_name [ip address]" | |
82c19f95 PH |
509 | (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP |
510 | in which case: "[ip address}" | |
511 | (d) The two are identical: "host_name [ip address]" includes helo = IP | |
059ec3d9 PH |
512 | (e) The two are different: "host_name (helo_name) [ip address]" |
513 | ||
514 | If log_incoming_port is set, the sending host's port number is added to the IP | |
515 | address. | |
516 | ||
517 | This function also builds sender_rcvhost for use in Received: lines, whose | |
518 | syntax is a bit different. This value also includes the RFC 1413 identity. | |
519 | There wouldn't be two different variables if I had got all this right in the | |
520 | first place. | |
521 | ||
522 | Because this data may survive over more than one incoming SMTP message, it has | |
a5c60e3c JH |
523 | to be in permanent store. However, STARTTLS has to be forgotten and redone |
524 | on a multi-message conn, so this will be called once per message then. Hence | |
525 | we use malloc, so we can free. | |
059ec3d9 PH |
526 | |
527 | Arguments: none | |
528 | Returns: nothing | |
529 | */ | |
530 | ||
531 | void | |
532 | host_build_sender_fullhost(void) | |
533 | { | |
82c19f95 | 534 | BOOL show_helo = TRUE; |
a5c60e3c | 535 | uschar * address, * fullhost, * rcvhost, * reset_point; |
82c19f95 | 536 | int len; |
059ec3d9 | 537 | |
2d0dc929 | 538 | if (!sender_host_address) return; |
059ec3d9 | 539 | |
a5c60e3c | 540 | reset_point = store_get(0); |
059ec3d9 PH |
541 | |
542 | /* Set up address, with or without the port. After discussion, it seems that | |
543 | the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't | |
544 | use this directly as the first item for Received: because it ain't an RFC 2822 | |
545 | domain. Sigh. */ | |
546 | ||
547 | address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port); | |
6c6d6e48 | 548 | if (!LOGGING(incoming_port) || sender_host_port <= 0) |
059ec3d9 PH |
549 | *(Ustrrchr(address, ':')) = 0; |
550 | ||
82c19f95 PH |
551 | /* If there's no EHLO/HELO data, we can't show it. */ |
552 | ||
2d0dc929 | 553 | if (!sender_helo_name) show_helo = FALSE; |
82c19f95 PH |
554 | |
555 | /* If HELO/EHLO was followed by an IP literal, it's messy because of two | |
556 | features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and | |
557 | doesn't require this, for historical reasons). Secondly, IPv6 addresses may not | |
4c04137d | 558 | be given in canonical form, so we have to canonicalize them before comparing. As |
82c19f95 PH |
559 | it happens, the code works for both IPv4 and IPv6. */ |
560 | ||
561 | else if (sender_helo_name[0] == '[' && | |
562 | sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']') | |
563 | { | |
564 | int offset = 1; | |
565 | uschar *helo_ip; | |
566 | ||
567 | if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5; | |
568 | if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5; | |
569 | ||
570 | helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1); | |
571 | ||
572 | if (string_is_ip_address(helo_ip, NULL) != 0) | |
573 | { | |
574 | int x[4], y[4]; | |
575 | int sizex, sizey; | |
576 | uschar ipx[48], ipy[48]; /* large enough for full IPv6 */ | |
577 | ||
578 | sizex = host_aton(helo_ip, x); | |
579 | sizey = host_aton(sender_host_address, y); | |
580 | ||
581 | (void)host_nmtoa(sizex, x, -1, ipx, ':'); | |
582 | (void)host_nmtoa(sizey, y, -1, ipy, ':'); | |
583 | ||
584 | if (strcmpic(ipx, ipy) == 0) show_helo = FALSE; | |
585 | } | |
586 | } | |
587 | ||
059ec3d9 PH |
588 | /* Host name is not verified */ |
589 | ||
acec9514 | 590 | if (!sender_host_name) |
059ec3d9 PH |
591 | { |
592 | uschar *portptr = Ustrstr(address, "]:"); | |
acec9514 | 593 | gstring * g; |
059ec3d9 PH |
594 | int adlen; /* Sun compiler doesn't like ++ in initializers */ |
595 | ||
acec9514 | 596 | adlen = portptr ? (++portptr - address) : Ustrlen(address); |
a5c60e3c | 597 | fullhost = sender_helo_name |
acec9514 JH |
598 | ? string_sprintf("(%s) %s", sender_helo_name, address) |
599 | : address; | |
059ec3d9 | 600 | |
acec9514 | 601 | g = string_catn(NULL, address, adlen); |
059ec3d9 | 602 | |
2d0dc929 | 603 | if (sender_ident || show_helo || portptr) |
059ec3d9 PH |
604 | { |
605 | int firstptr; | |
acec9514 JH |
606 | g = string_catn(g, US" (", 2); |
607 | firstptr = g->ptr; | |
059ec3d9 | 608 | |
acec9514 JH |
609 | if (portptr) |
610 | g = string_append(g, 2, US"port=", portptr + 1); | |
059ec3d9 | 611 | |
82c19f95 | 612 | if (show_helo) |
acec9514 JH |
613 | g = string_append(g, 2, |
614 | firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name); | |
059ec3d9 | 615 | |
acec9514 JH |
616 | if (sender_ident) |
617 | g = string_append(g, 2, | |
618 | firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident); | |
059ec3d9 | 619 | |
acec9514 | 620 | g = string_catn(g, US")", 1); |
059ec3d9 PH |
621 | } |
622 | ||
a5c60e3c | 623 | rcvhost = string_from_gstring(g); |
059ec3d9 PH |
624 | } |
625 | ||
82c19f95 PH |
626 | /* Host name is known and verified. Unless we've already found that the HELO |
627 | data matches the IP address, compare it with the name. */ | |
059ec3d9 PH |
628 | |
629 | else | |
630 | { | |
82c19f95 PH |
631 | if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0) |
632 | show_helo = FALSE; | |
5dd9625b | 633 | |
82c19f95 | 634 | if (show_helo) |
059ec3d9 | 635 | { |
a5c60e3c | 636 | fullhost = string_sprintf("%s (%s) %s", sender_host_name, |
059ec3d9 | 637 | sender_helo_name, address); |
a5c60e3c JH |
638 | rcvhost = sender_ident |
639 | ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name, | |
640 | address, sender_helo_name, sender_ident) | |
641 | : string_sprintf("%s (%s helo=%s)", sender_host_name, | |
642 | address, sender_helo_name); | |
059ec3d9 | 643 | } |
82c19f95 PH |
644 | else |
645 | { | |
a5c60e3c JH |
646 | fullhost = string_sprintf("%s %s", sender_host_name, address); |
647 | rcvhost = sender_ident | |
648 | ? string_sprintf("%s (%s ident=%s)", sender_host_name, address, | |
649 | sender_ident) | |
650 | : string_sprintf("%s (%s)", sender_host_name, address); | |
82c19f95 | 651 | } |
059ec3d9 PH |
652 | } |
653 | ||
a5c60e3c JH |
654 | if (sender_fullhost) store_free(sender_fullhost); |
655 | sender_fullhost = string_copy_malloc(fullhost); | |
656 | if (sender_rcvhost) store_free(sender_rcvhost); | |
657 | sender_rcvhost = string_copy_malloc(rcvhost); | |
658 | ||
659 | store_reset(reset_point); | |
059ec3d9 PH |
660 | |
661 | DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost); | |
662 | DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost); | |
663 | } | |
664 | ||
665 | ||
666 | ||
667 | /************************************************* | |
668 | * Build host+ident message * | |
669 | *************************************************/ | |
670 | ||
671 | /* Used when logging rejections and various ACL and SMTP incidents. The text | |
672 | return depends on whether sender_fullhost and sender_ident are set or not: | |
673 | ||
674 | no ident, no host => U=unknown | |
675 | no ident, host set => H=sender_fullhost | |
676 | ident set, no host => U=ident | |
677 | ident set, host set => H=sender_fullhost U=ident | |
678 | ||
679 | Arguments: | |
680 | useflag TRUE if first item to be flagged (H= or U=); if there are two | |
681 | items, the second is always flagged | |
682 | ||
683 | Returns: pointer to a string in big_buffer | |
684 | */ | |
685 | ||
686 | uschar * | |
687 | host_and_ident(BOOL useflag) | |
688 | { | |
689 | if (sender_fullhost == NULL) | |
690 | { | |
691 | (void)string_format(big_buffer, big_buffer_size, "%s%s", useflag? "U=" : "", | |
692 | (sender_ident == NULL)? US"unknown" : sender_ident); | |
693 | } | |
694 | else | |
695 | { | |
696 | uschar *flag = useflag? US"H=" : US""; | |
697 | uschar *iface = US""; | |
6c6d6e48 | 698 | if (LOGGING(incoming_interface) && interface_address != NULL) |
059ec3d9 PH |
699 | iface = string_sprintf(" I=[%s]:%d", interface_address, interface_port); |
700 | if (sender_ident == NULL) | |
701 | (void)string_format(big_buffer, big_buffer_size, "%s%s%s", | |
702 | flag, sender_fullhost, iface); | |
703 | else | |
704 | (void)string_format(big_buffer, big_buffer_size, "%s%s%s U=%s", | |
705 | flag, sender_fullhost, iface, sender_ident); | |
706 | } | |
707 | return big_buffer; | |
708 | } | |
709 | ||
710 | #endif /* STAND_ALONE */ | |
711 | ||
712 | ||
713 | ||
714 | ||
715 | /************************************************* | |
716 | * Build list of local interfaces * | |
717 | *************************************************/ | |
718 | ||
719 | /* This function interprets the contents of the local_interfaces or | |
720 | extra_local_interfaces options, and creates an ip_address_item block for each | |
721 | item on the list. There is no special interpretation of any IP addresses; in | |
722 | particular, 0.0.0.0 and ::0 are returned without modification. If any address | |
723 | includes a port, it is set in the block. Otherwise the port value is set to | |
724 | zero. | |
725 | ||
726 | Arguments: | |
727 | list the list | |
728 | name the name of the option being expanded | |
729 | ||
730 | Returns: a chain of ip_address_items, each containing to a textual | |
731 | version of an IP address, and a port number (host order) or | |
732 | zero if no port was given with the address | |
733 | */ | |
734 | ||
735 | ip_address_item * | |
55414b25 | 736 | host_build_ifacelist(const uschar *list, uschar *name) |
059ec3d9 PH |
737 | { |
738 | int sep = 0; | |
739 | uschar *s; | |
b891534f | 740 | ip_address_item * yield = NULL, * last = NULL, * next; |
059ec3d9 | 741 | |
b891534f | 742 | while ((s = string_nextinlist(&list, &sep, NULL, 0))) |
059ec3d9 | 743 | { |
7e66e54d | 744 | int ipv; |
7cd1141b | 745 | int port = host_address_extract_port(s); /* Leaves just the IP address */ |
b891534f JH |
746 | |
747 | if (!(ipv = string_is_ip_address(s, NULL))) | |
059ec3d9 PH |
748 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s", |
749 | s, name); | |
750 | ||
7e66e54d PH |
751 | /* Skip IPv6 addresses if IPv6 is disabled. */ |
752 | ||
753 | if (disable_ipv6 && ipv == 6) continue; | |
754 | ||
059ec3d9 PH |
755 | /* This use of strcpy() is OK because we have checked that s is a valid IP |
756 | address above. The field in the ip_address_item is large enough to hold an | |
757 | IPv6 address. */ | |
758 | ||
759 | next = store_get(sizeof(ip_address_item)); | |
760 | next->next = NULL; | |
761 | Ustrcpy(next->address, s); | |
762 | next->port = port; | |
763 | next->v6_include_v4 = FALSE; | |
764 | ||
b891534f JH |
765 | if (!yield) |
766 | yield = last = next; | |
767 | else | |
059ec3d9 PH |
768 | { |
769 | last->next = next; | |
770 | last = next; | |
771 | } | |
772 | } | |
773 | ||
774 | return yield; | |
775 | } | |
776 | ||
777 | ||
778 | ||
779 | ||
780 | ||
781 | /************************************************* | |
782 | * Find addresses on local interfaces * | |
783 | *************************************************/ | |
784 | ||
785 | /* This function finds the addresses of local IP interfaces. These are used | |
786 | when testing for routing to the local host. As the function may be called more | |
787 | than once, the list is preserved in permanent store, pointed to by a static | |
788 | variable, to save doing the work more than once per process. | |
789 | ||
790 | The generic list of interfaces is obtained by calling host_build_ifacelist() | |
791 | for local_interfaces and extra_local_interfaces. This list scanned to remove | |
792 | duplicates (which may exist with different ports - not relevant here). If | |
793 | either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are | |
794 | replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces, | |
795 | obtained from os_find_running_interfaces(). | |
796 | ||
797 | Arguments: none | |
798 | Returns: a chain of ip_address_items, each containing to a textual | |
799 | version of an IP address; the port numbers are not relevant | |
800 | */ | |
801 | ||
802 | ||
803 | /* First, a local subfunction to add an interface to a list in permanent store, | |
804 | but only if there isn't a previous copy of that address on the list. */ | |
805 | ||
806 | static ip_address_item * | |
807 | add_unique_interface(ip_address_item *list, ip_address_item *ipa) | |
808 | { | |
809 | ip_address_item *ipa2; | |
810 | for (ipa2 = list; ipa2 != NULL; ipa2 = ipa2->next) | |
811 | if (Ustrcmp(ipa2->address, ipa->address) == 0) return list; | |
812 | ipa2 = store_get_perm(sizeof(ip_address_item)); | |
813 | *ipa2 = *ipa; | |
814 | ipa2->next = list; | |
815 | return ipa2; | |
816 | } | |
817 | ||
818 | ||
819 | /* This is the globally visible function */ | |
820 | ||
821 | ip_address_item * | |
822 | host_find_interfaces(void) | |
823 | { | |
824 | ip_address_item *running_interfaces = NULL; | |
825 | ||
826 | if (local_interface_data == NULL) | |
827 | { | |
828 | void *reset_item = store_get(0); | |
55414b25 | 829 | ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces, |
059ec3d9 | 830 | US"local_interfaces"); |
55414b25 | 831 | ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces, |
059ec3d9 PH |
832 | US"extra_local_interfaces"); |
833 | ip_address_item *ipa; | |
834 | ||
835 | if (dlist == NULL) dlist = xlist; else | |
836 | { | |
837 | for (ipa = dlist; ipa->next != NULL; ipa = ipa->next); | |
838 | ipa->next = xlist; | |
839 | } | |
840 | ||
841 | for (ipa = dlist; ipa != NULL; ipa = ipa->next) | |
842 | { | |
843 | if (Ustrcmp(ipa->address, "0.0.0.0") == 0 || | |
844 | Ustrcmp(ipa->address, "::0") == 0) | |
845 | { | |
846 | ip_address_item *ipa2; | |
847 | BOOL ipv6 = ipa->address[0] == ':'; | |
848 | if (running_interfaces == NULL) | |
849 | running_interfaces = os_find_running_interfaces(); | |
850 | for (ipa2 = running_interfaces; ipa2 != NULL; ipa2 = ipa2->next) | |
851 | { | |
852 | if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6) | |
853 | local_interface_data = add_unique_interface(local_interface_data, | |
854 | ipa2); | |
855 | } | |
856 | } | |
857 | else | |
858 | { | |
859 | local_interface_data = add_unique_interface(local_interface_data, ipa); | |
860 | DEBUG(D_interface) | |
861 | { | |
862 | debug_printf("Configured local interface: address=%s", ipa->address); | |
863 | if (ipa->port != 0) debug_printf(" port=%d", ipa->port); | |
864 | debug_printf("\n"); | |
865 | } | |
866 | } | |
867 | } | |
868 | store_reset(reset_item); | |
869 | } | |
870 | ||
871 | return local_interface_data; | |
872 | } | |
873 | ||
874 | ||
875 | ||
876 | ||
877 | ||
878 | /************************************************* | |
879 | * Convert network IP address to text * | |
880 | *************************************************/ | |
881 | ||
882 | /* Given an IPv4 or IPv6 address in binary, convert it to a text | |
883 | string and return the result in a piece of new store. The address can | |
884 | either be given directly, or passed over in a sockaddr structure. Note | |
885 | that this isn't the converse of host_aton() because of byte ordering | |
886 | differences. See host_nmtoa() below. | |
887 | ||
888 | Arguments: | |
889 | type if < 0 then arg points to a sockaddr, else | |
890 | either AF_INET or AF_INET6 | |
891 | arg points to a sockaddr if type is < 0, or | |
892 | points to an IPv4 address (32 bits), or | |
893 | points to an IPv6 address (128 bits), | |
894 | in both cases, in network byte order | |
895 | buffer if NULL, the result is returned in gotten store; | |
896 | else points to a buffer to hold the answer | |
897 | portptr points to where to put the port number, if non NULL; only | |
898 | used when type < 0 | |
899 | ||
900 | Returns: pointer to character string | |
901 | */ | |
902 | ||
903 | uschar * | |
904 | host_ntoa(int type, const void *arg, uschar *buffer, int *portptr) | |
905 | { | |
906 | uschar *yield; | |
907 | ||
908 | /* The new world. It is annoying that we have to fish out the address from | |
909 | different places in the block, depending on what kind of address it is. It | |
910 | is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4 | |
911 | function inet_ntoa() returns just uschar *, and some picky compilers insist | |
912 | on warning if one assigns a const uschar * to a uschar *. Hence the casts. */ | |
913 | ||
914 | #if HAVE_IPV6 | |
915 | uschar addr_buffer[46]; | |
916 | if (type < 0) | |
917 | { | |
918 | int family = ((struct sockaddr *)arg)->sa_family; | |
919 | if (family == AF_INET6) | |
920 | { | |
921 | struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg; | |
5903c6ff | 922 | yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer, |
059ec3d9 PH |
923 | sizeof(addr_buffer)); |
924 | if (portptr != NULL) *portptr = ntohs(sk->sin6_port); | |
925 | } | |
926 | else | |
927 | { | |
928 | struct sockaddr_in *sk = (struct sockaddr_in *)arg; | |
5903c6ff | 929 | yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer, |
059ec3d9 PH |
930 | sizeof(addr_buffer)); |
931 | if (portptr != NULL) *portptr = ntohs(sk->sin_port); | |
932 | } | |
933 | } | |
934 | else | |
935 | { | |
5903c6ff | 936 | yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer)); |
059ec3d9 PH |
937 | } |
938 | ||
939 | /* If the result is a mapped IPv4 address, show it in V4 format. */ | |
940 | ||
941 | if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7; | |
942 | ||
943 | #else /* HAVE_IPV6 */ | |
944 | ||
945 | /* The old world */ | |
946 | ||
947 | if (type < 0) | |
948 | { | |
949 | yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr); | |
950 | if (portptr != NULL) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port); | |
951 | } | |
952 | else | |
953 | yield = US inet_ntoa(*((struct in_addr *)arg)); | |
954 | #endif | |
955 | ||
956 | /* If there is no buffer, put the string into some new store. */ | |
957 | ||
958 | if (buffer == NULL) return string_copy(yield); | |
959 | ||
960 | /* Callers of this function with a non-NULL buffer must ensure that it is | |
961 | large enough to hold an IPv6 address, namely, at least 46 bytes. That's what | |
962 | makes this use of strcpy() OK. */ | |
963 | ||
964 | Ustrcpy(buffer, yield); | |
965 | return buffer; | |
966 | } | |
967 | ||
968 | ||
969 | ||
970 | ||
971 | /************************************************* | |
972 | * Convert address text to binary * | |
973 | *************************************************/ | |
974 | ||
975 | /* Given the textual form of an IP address, convert it to binary in an | |
976 | array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints. | |
977 | The result has the first byte in the most significant byte of the first int. In | |
978 | other words, the result is not in network byte order, but in host byte order. | |
979 | As a result, this is not the converse of host_ntoa(), which expects network | |
980 | byte order. See host_nmtoa() below. | |
981 | ||
982 | Arguments: | |
983 | address points to the textual address, checked for syntax | |
984 | bin points to an array of 4 ints | |
985 | ||
986 | Returns: the number of ints used | |
987 | */ | |
988 | ||
989 | int | |
55414b25 | 990 | host_aton(const uschar *address, int *bin) |
059ec3d9 PH |
991 | { |
992 | int x[4]; | |
993 | int v4offset = 0; | |
994 | ||
8e669ac1 | 995 | /* Handle IPv6 address, which may end with an IPv4 address. It may also end |
7e634d24 PH |
996 | with a "scope", introduced by a percent sign. This code is NOT enclosed in #if |
997 | HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not | |
998 | supported. */ | |
059ec3d9 PH |
999 | |
1000 | if (Ustrchr(address, ':') != NULL) | |
1001 | { | |
55414b25 JH |
1002 | const uschar *p = address; |
1003 | const uschar *component[8]; | |
059ec3d9 PH |
1004 | BOOL ipv4_ends = FALSE; |
1005 | int ci = 0; | |
1006 | int nulloffset = 0; | |
1007 | int v6count = 8; | |
1008 | int i; | |
1009 | ||
1010 | /* If the address starts with a colon, it will start with two colons. | |
1011 | Just lose the first one, which will leave a null first component. */ | |
8e669ac1 | 1012 | |
059ec3d9 PH |
1013 | if (*p == ':') p++; |
1014 | ||
8e669ac1 PH |
1015 | /* Split the address into components separated by colons. The input address |
1016 | is supposed to be checked for syntax. There was a case where this was | |
1017 | overlooked; to guard against that happening again, check here and crash if | |
7e634d24 | 1018 | there are too many components. */ |
059ec3d9 | 1019 | |
7e634d24 | 1020 | while (*p != 0 && *p != '%') |
059ec3d9 | 1021 | { |
7e634d24 | 1022 | int len = Ustrcspn(p, ":%"); |
059ec3d9 | 1023 | if (len == 0) nulloffset = ci; |
8e669ac1 | 1024 | if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
b975ba52 | 1025 | "Internal error: invalid IPv6 address \"%s\" passed to host_aton()", |
8e669ac1 | 1026 | address); |
059ec3d9 PH |
1027 | component[ci++] = p; |
1028 | p += len; | |
1029 | if (*p == ':') p++; | |
1030 | } | |
1031 | ||
1032 | /* If the final component contains a dot, it is a trailing v4 address. | |
1033 | As the syntax is known to be checked, just set up for a trailing | |
1034 | v4 address and restrict the v6 part to 6 components. */ | |
1035 | ||
1036 | if (Ustrchr(component[ci-1], '.') != NULL) | |
1037 | { | |
1038 | address = component[--ci]; | |
1039 | ipv4_ends = TRUE; | |
1040 | v4offset = 3; | |
1041 | v6count = 6; | |
1042 | } | |
1043 | ||
1044 | /* If there are fewer than 6 or 8 components, we have to insert some | |
1045 | more empty ones in the middle. */ | |
1046 | ||
1047 | if (ci < v6count) | |
1048 | { | |
1049 | int insert_count = v6count - ci; | |
1050 | for (i = v6count-1; i > nulloffset + insert_count; i--) | |
1051 | component[i] = component[i - insert_count]; | |
1052 | while (i > nulloffset) component[i--] = US""; | |
1053 | } | |
1054 | ||
1055 | /* Now turn the components into binary in pairs and bung them | |
1056 | into the vector of ints. */ | |
1057 | ||
1058 | for (i = 0; i < v6count; i += 2) | |
1059 | bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) + | |
1060 | Ustrtol(component[i+1], NULL, 16); | |
1061 | ||
1062 | /* If there was no terminating v4 component, we are done. */ | |
1063 | ||
1064 | if (!ipv4_ends) return 4; | |
1065 | } | |
1066 | ||
1067 | /* Handle IPv4 address */ | |
1068 | ||
ff790e47 | 1069 | (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3); |
13559da6 | 1070 | bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3]; |
059ec3d9 PH |
1071 | return v4offset+1; |
1072 | } | |
1073 | ||
1074 | ||
1075 | /************************************************* | |
1076 | * Apply mask to an IP address * | |
1077 | *************************************************/ | |
1078 | ||
1079 | /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the | |
1080 | first int, etc. | |
1081 | ||
1082 | Arguments: | |
1083 | count the number of ints | |
1084 | binary points to the ints to be masked | |
1085 | mask the count of ms bits to leave, or -1 if no masking | |
1086 | ||
1087 | Returns: nothing | |
1088 | */ | |
1089 | ||
1090 | void | |
1091 | host_mask(int count, int *binary, int mask) | |
1092 | { | |
1093 | int i; | |
1094 | if (mask < 0) mask = 99999; | |
1095 | for (i = 0; i < count; i++) | |
1096 | { | |
1097 | int wordmask; | |
1098 | if (mask == 0) wordmask = 0; | |
1099 | else if (mask < 32) | |
1100 | { | |
13559da6 | 1101 | wordmask = (uint)(-1) << (32 - mask); |
059ec3d9 PH |
1102 | mask = 0; |
1103 | } | |
1104 | else | |
1105 | { | |
1106 | wordmask = -1; | |
1107 | mask -= 32; | |
1108 | } | |
1109 | binary[i] &= wordmask; | |
1110 | } | |
1111 | } | |
1112 | ||
1113 | ||
1114 | ||
1115 | ||
1116 | /************************************************* | |
1117 | * Convert masked IP address in ints to text * | |
1118 | *************************************************/ | |
1119 | ||
1120 | /* We can't use host_ntoa() because it assumes the binary values are in network | |
1121 | byte order, and these are the result of host_aton(), which puts them in ints in | |
1122 | host byte order. Also, we really want IPv6 addresses to be in a canonical | |
6f0c9a4f PH |
1123 | format, so we output them with no abbreviation. In a number of cases we can't |
1124 | use the normal colon separator in them because it terminates keys in lsearch | |
8e669ac1 | 1125 | files, so we want to use dot instead. There's an argument that specifies what |
6f0c9a4f | 1126 | to use for IPv6 addresses. |
059ec3d9 PH |
1127 | |
1128 | Arguments: | |
1129 | count 1 or 4 (number of ints) | |
1130 | binary points to the ints | |
1131 | mask mask value; if < 0 don't add to result | |
1132 | buffer big enough to hold the result | |
8e669ac1 | 1133 | sep component separator character for IPv6 addresses |
059ec3d9 PH |
1134 | |
1135 | Returns: the number of characters placed in buffer, not counting | |
1136 | the final nul. | |
1137 | */ | |
1138 | ||
1139 | int | |
6f0c9a4f | 1140 | host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep) |
059ec3d9 PH |
1141 | { |
1142 | int i, j; | |
1143 | uschar *tt = buffer; | |
1144 | ||
1145 | if (count == 1) | |
1146 | { | |
1147 | j = binary[0]; | |
1148 | for (i = 24; i >= 0; i -= 8) | |
fc4a7f70 | 1149 | tt += sprintf(CS tt, "%d.", (j >> i) & 255); |
059ec3d9 PH |
1150 | } |
1151 | else | |
059ec3d9 PH |
1152 | for (i = 0; i < 4; i++) |
1153 | { | |
1154 | j = binary[i]; | |
fc4a7f70 | 1155 | tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep); |
059ec3d9 | 1156 | } |
059ec3d9 | 1157 | |
6f0c9a4f | 1158 | tt--; /* lose final separator */ |
059ec3d9 PH |
1159 | |
1160 | if (mask < 0) | |
1161 | *tt = 0; | |
1162 | else | |
5976eb99 | 1163 | tt += sprintf(CS tt, "/%d", mask); |
059ec3d9 PH |
1164 | |
1165 | return tt - buffer; | |
1166 | } | |
1167 | ||
1168 | ||
fc4a7f70 JH |
1169 | /* Like host_nmtoa() but: ipv6-only, canonical output, no mask |
1170 | ||
1171 | Arguments: | |
1172 | binary points to the ints | |
1173 | buffer big enough to hold the result | |
1174 | ||
1175 | Returns: the number of characters placed in buffer, not counting | |
1176 | the final nul. | |
1177 | */ | |
1178 | ||
1179 | int | |
1180 | ipv6_nmtoa(int * binary, uschar * buffer) | |
1181 | { | |
1182 | int i, j, k; | |
1183 | uschar * c = buffer; | |
39755c16 | 1184 | uschar * d = NULL; /* shut insufficiently "clever" compiler up */ |
fc4a7f70 JH |
1185 | |
1186 | for (i = 0; i < 4; i++) | |
1187 | { /* expand to text */ | |
1188 | j = binary[i]; | |
1189 | c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff); | |
1190 | } | |
1191 | ||
1192 | for (c = buffer, k = -1, i = 0; i < 8; i++) | |
1193 | { /* find longest 0-group sequence */ | |
1194 | if (*c == '0') /* must be "0:" */ | |
1195 | { | |
1196 | uschar * s = c; | |
1197 | j = i; | |
1198 | while (c[2] == '0') i++, c += 2; | |
1199 | if (i-j > k) | |
1200 | { | |
1201 | k = i-j; /* length of sequence */ | |
1202 | d = s; /* start of sequence */ | |
1203 | } | |
1204 | } | |
1205 | while (*++c != ':') ; | |
1206 | c++; | |
1207 | } | |
1208 | ||
1209 | c[-1] = '\0'; /* drop trailing colon */ | |
1210 | ||
1211 | /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, d, d + 2*(k+1)); */ | |
1212 | if (k >= 0) | |
1213 | { /* collapse */ | |
1214 | c = d + 2*(k+1); | |
1215 | if (d == buffer) c--; /* need extra colon */ | |
1216 | *d++ = ':'; /* 1st 0 */ | |
39755c16 | 1217 | while ((*d++ = *c++)) ; |
fc4a7f70 JH |
1218 | } |
1219 | else | |
1220 | d = c; | |
1221 | ||
1222 | return d - buffer; | |
1223 | } | |
1224 | ||
1225 | ||
059ec3d9 PH |
1226 | |
1227 | /************************************************* | |
1228 | * Check port for tls_on_connect * | |
1229 | *************************************************/ | |
1230 | ||
1231 | /* This function checks whether a given incoming port is configured for tls- | |
1232 | on-connect. It is called from the daemon and from inetd handling. If the global | |
1233 | option tls_on_connect is already set, all ports operate this way. Otherwise, we | |
1234 | check the tls_on_connect_ports option for a list of ports. | |
1235 | ||
1236 | Argument: a port number | |
1237 | Returns: TRUE or FALSE | |
1238 | */ | |
1239 | ||
1240 | BOOL | |
1241 | host_is_tls_on_connect_port(int port) | |
1242 | { | |
1243 | int sep = 0; | |
1244 | uschar buffer[32]; | |
55414b25 | 1245 | const uschar *list = tls_in.on_connect_ports; |
059ec3d9 | 1246 | uschar *s; |
071c51f7 | 1247 | uschar *end; |
059ec3d9 | 1248 | |
817d9f57 | 1249 | if (tls_in.on_connect) return TRUE; |
059ec3d9 | 1250 | |
071c51f7 JH |
1251 | while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) |
1252 | if (Ustrtol(s, &end, 10) == port) | |
1253 | return TRUE; | |
059ec3d9 PH |
1254 | |
1255 | return FALSE; | |
1256 | } | |
1257 | ||
1258 | ||
1259 | ||
1260 | /************************************************* | |
1261 | * Check whether host is in a network * | |
1262 | *************************************************/ | |
1263 | ||
1264 | /* This function checks whether a given IP address matches a pattern that | |
1265 | represents either a single host, or a network (using CIDR notation). The caller | |
1266 | of this function must check the syntax of the arguments before calling it. | |
1267 | ||
1268 | Arguments: | |
1269 | host string representation of the ip-address to check | |
1270 | net string representation of the network, with optional CIDR mask | |
1271 | maskoffset offset to the / that introduces the mask in the key | |
1272 | zero if there is no mask | |
1273 | ||
1274 | Returns: | |
1275 | TRUE the host is inside the network | |
1276 | FALSE the host is NOT inside the network | |
1277 | */ | |
1278 | ||
1279 | BOOL | |
55414b25 | 1280 | host_is_in_net(const uschar *host, const uschar *net, int maskoffset) |
059ec3d9 PH |
1281 | { |
1282 | int i; | |
1283 | int address[4]; | |
1284 | int incoming[4]; | |
1285 | int mlen; | |
1286 | int size = host_aton(net, address); | |
1287 | int insize; | |
1288 | ||
1289 | /* No mask => all bits to be checked */ | |
1290 | ||
1291 | if (maskoffset == 0) mlen = 99999; /* Big number */ | |
1292 | else mlen = Uatoi(net + maskoffset + 1); | |
1293 | ||
1294 | /* Convert the incoming address to binary. */ | |
1295 | ||
1296 | insize = host_aton(host, incoming); | |
1297 | ||
1298 | /* Convert IPv4 addresses given in IPv6 compatible mode, which represent | |
1299 | connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form | |
1300 | ::ffff:<v4address>, to IPv4 format. */ | |
1301 | ||
1302 | if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 && | |
1303 | incoming[2] == 0xffff) | |
1304 | { | |
1305 | insize = 1; | |
1306 | incoming[0] = incoming[3]; | |
1307 | } | |
1308 | ||
1309 | /* No match if the sizes don't agree. */ | |
1310 | ||
1311 | if (insize != size) return FALSE; | |
1312 | ||
1313 | /* Else do the masked comparison. */ | |
1314 | ||
1315 | for (i = 0; i < size; i++) | |
1316 | { | |
1317 | int mask; | |
1318 | if (mlen == 0) mask = 0; | |
1319 | else if (mlen < 32) | |
1320 | { | |
13559da6 | 1321 | mask = (uint)(-1) << (32 - mlen); |
059ec3d9 PH |
1322 | mlen = 0; |
1323 | } | |
1324 | else | |
1325 | { | |
1326 | mask = -1; | |
1327 | mlen -= 32; | |
1328 | } | |
1329 | if ((incoming[i] & mask) != (address[i] & mask)) return FALSE; | |
1330 | } | |
1331 | ||
1332 | return TRUE; | |
1333 | } | |
1334 | ||
1335 | ||
1336 | ||
1337 | /************************************************* | |
1338 | * Scan host list for local hosts * | |
1339 | *************************************************/ | |
1340 | ||
1341 | /* Scan through a chain of addresses and check whether any of them is the | |
1342 | address of an interface on the local machine. If so, remove that address and | |
1343 | any previous ones with the same MX value, and all subsequent ones (which will | |
1344 | have greater or equal MX values) from the chain. Note: marking them as unusable | |
1345 | is NOT the right thing to do because it causes the hosts not to be used for | |
1346 | other domains, for which they may well be correct. | |
1347 | ||
1348 | The hosts may be part of a longer chain; we only process those between the | |
1349 | initial pointer and the "last" pointer. | |
1350 | ||
1351 | There is also a list of "pseudo-local" host names which are checked against the | |
1352 | host names. Any match causes that host item to be treated the same as one which | |
1353 | matches a local IP address. | |
1354 | ||
1355 | If the very first host is a local host, then all MX records had a precedence | |
1356 | greater than or equal to that of the local host. Either there's a problem in | |
1357 | the DNS, or an apparently remote name turned out to be an abbreviation for the | |
1358 | local host. Give a specific return code, and let the caller decide what to do. | |
1359 | Otherwise, give a success code if at least one host address has been found. | |
1360 | ||
1361 | Arguments: | |
1362 | host pointer to the first host in the chain | |
1363 | lastptr pointer to pointer to the last host in the chain (may be updated) | |
1364 | removed if not NULL, set TRUE if some local addresses were removed | |
1365 | from the list | |
1366 | ||
1367 | Returns: | |
1368 | HOST_FOUND if there is at least one host with an IP address on the chain | |
1369 | and an MX value less than any MX value associated with the | |
1370 | local host | |
1371 | HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when | |
1372 | the host addresses were obtained from A records or | |
1373 | gethostbyname(), the MX values are set to -1. | |
1374 | HOST_FIND_FAILED if no valid hosts with set IP addresses were found | |
1375 | */ | |
1376 | ||
1377 | int | |
1378 | host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed) | |
1379 | { | |
1380 | int yield = HOST_FIND_FAILED; | |
1381 | host_item *last = *lastptr; | |
1382 | host_item *prev = NULL; | |
1383 | host_item *h; | |
1384 | ||
1385 | if (removed != NULL) *removed = FALSE; | |
1386 | ||
1387 | if (local_interface_data == NULL) local_interface_data = host_find_interfaces(); | |
1388 | ||
1389 | for (h = host; h != last->next; h = h->next) | |
1390 | { | |
1391 | #ifndef STAND_ALONE | |
1392 | if (hosts_treat_as_local != NULL) | |
1393 | { | |
1394 | int rc; | |
55414b25 | 1395 | const uschar *save = deliver_domain; |
059ec3d9 | 1396 | deliver_domain = h->name; /* set $domain */ |
55414b25 | 1397 | rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0, |
059ec3d9 PH |
1398 | &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); |
1399 | deliver_domain = save; | |
1400 | if (rc == OK) goto FOUND_LOCAL; | |
1401 | } | |
1402 | #endif | |
1403 | ||
1404 | /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym | |
1405 | for 127.0.0.1 and refers to the local host. We therefore force it always to | |
1406 | be treated as local. */ | |
1407 | ||
1408 | if (h->address != NULL) | |
1409 | { | |
1410 | ip_address_item *ip; | |
1411 | if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL; | |
1412 | for (ip = local_interface_data; ip != NULL; ip = ip->next) | |
1413 | if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL; | |
1414 | yield = HOST_FOUND; /* At least one remote address has been found */ | |
1415 | } | |
1416 | ||
1417 | /* Update prev to point to the last host item before any that have | |
1418 | the same MX value as the one we have just considered. */ | |
1419 | ||
1420 | if (h->next == NULL || h->next->mx != h->mx) prev = h; | |
1421 | } | |
1422 | ||
1423 | return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */ | |
1424 | ||
1425 | /* A host whose IP address matches a local IP address, or whose name matches | |
1426 | something in hosts_treat_as_local has been found. */ | |
1427 | ||
1428 | FOUND_LOCAL: | |
1429 | ||
1430 | if (prev == NULL) | |
1431 | { | |
1432 | HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)? | |
1433 | "local host has lowest MX\n" : | |
1434 | "local host found for non-MX address\n"); | |
1435 | return HOST_FOUND_LOCAL; | |
1436 | } | |
1437 | ||
1438 | HDEBUG(D_host_lookup) | |
1439 | { | |
1440 | debug_printf("local host in host list - removed hosts:\n"); | |
1441 | for (h = prev->next; h != last->next; h = h->next) | |
1442 | debug_printf(" %s %s %d\n", h->name, h->address, h->mx); | |
1443 | } | |
1444 | ||
1445 | if (removed != NULL) *removed = TRUE; | |
1446 | prev->next = last->next; | |
1447 | *lastptr = prev; | |
1448 | return yield; | |
1449 | } | |
1450 | ||
1451 | ||
1452 | ||
1453 | ||
1454 | /************************************************* | |
1455 | * Remove duplicate IPs in host list * | |
1456 | *************************************************/ | |
1457 | ||
1458 | /* You would think that administrators could set up their DNS records so that | |
1459 | one ended up with a list of unique IP addresses after looking up A or MX | |
1460 | records, but apparently duplication is common. So we scan such lists and | |
1461 | remove the later duplicates. Note that we may get lists in which some host | |
1462 | addresses are not set. | |
1463 | ||
1464 | Arguments: | |
1465 | host pointer to the first host in the chain | |
1466 | lastptr pointer to pointer to the last host in the chain (may be updated) | |
1467 | ||
1468 | Returns: nothing | |
1469 | */ | |
1470 | ||
1471 | static void | |
1472 | host_remove_duplicates(host_item *host, host_item **lastptr) | |
1473 | { | |
1474 | while (host != *lastptr) | |
1475 | { | |
1476 | if (host->address != NULL) | |
1477 | { | |
1478 | host_item *h = host; | |
1479 | while (h != *lastptr) | |
1480 | { | |
1481 | if (h->next->address != NULL && | |
1482 | Ustrcmp(h->next->address, host->address) == 0) | |
1483 | { | |
1484 | DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) " | |
1485 | "removed\n", host->address, h->next->mx); | |
1486 | if (h->next == *lastptr) *lastptr = h; | |
1487 | h->next = h->next->next; | |
1488 | } | |
1489 | else h = h->next; | |
1490 | } | |
1491 | } | |
1492 | /* If the last item was removed, host may have become == *lastptr */ | |
1493 | if (host != *lastptr) host = host->next; | |
1494 | } | |
1495 | } | |
1496 | ||
1497 | ||
1498 | ||
1499 | ||
1500 | /************************************************* | |
1501 | * Find sender host name by gethostbyaddr() * | |
1502 | *************************************************/ | |
1503 | ||
1504 | /* This used to be the only way it was done, but it turns out that not all | |
1505 | systems give aliases for calls to gethostbyaddr() - or one of the modern | |
1506 | equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare, | |
1507 | but they can still exist. This function is now used only when a DNS lookup of | |
1508 | the IP address fails, in order to give access to /etc/hosts. | |
1509 | ||
1510 | Arguments: none | |
1511 | Returns: OK, DEFER, FAIL | |
1512 | */ | |
1513 | ||
1514 | static int | |
1515 | host_name_lookup_byaddr(void) | |
1516 | { | |
1517 | int len; | |
1518 | uschar *s, *t; | |
1519 | struct hostent *hosts; | |
1520 | struct in_addr addr; | |
f2cb6292 | 1521 | unsigned long time_msec = 0; /* init to quieten dumb static analysis */ |
846430d9 JH |
1522 | |
1523 | if (slow_lookup_log) time_msec = get_time_in_ms(); | |
059ec3d9 PH |
1524 | |
1525 | /* Lookup on IPv6 system */ | |
1526 | ||
1527 | #if HAVE_IPV6 | |
1528 | if (Ustrchr(sender_host_address, ':') != NULL) | |
1529 | { | |
1530 | struct in6_addr addr6; | |
1531 | if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1) | |
1532 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an " | |
1533 | "IPv6 address", sender_host_address); | |
1534 | #if HAVE_GETIPNODEBYADDR | |
1535 | hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno); | |
1536 | #else | |
1537 | hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6); | |
1538 | #endif | |
1539 | } | |
1540 | else | |
1541 | { | |
1542 | if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1) | |
1543 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an " | |
1544 | "IPv4 address", sender_host_address); | |
1545 | #if HAVE_GETIPNODEBYADDR | |
1546 | hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno); | |
1547 | #else | |
1548 | hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET); | |
1549 | #endif | |
1550 | } | |
1551 | ||
1552 | /* Do lookup on IPv4 system */ | |
1553 | ||
1554 | #else | |
1555 | addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address); | |
1556 | hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET); | |
1557 | #endif | |
1558 | ||
846430d9 JH |
1559 | if ( slow_lookup_log |
1560 | && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log | |
1561 | ) | |
1562 | log_long_lookup(US"name", sender_host_address, time_msec); | |
1563 | ||
059ec3d9 PH |
1564 | /* Failed to look up the host. */ |
1565 | ||
1566 | if (hosts == NULL) | |
1567 | { | |
1568 | HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n", | |
1569 | h_errno); | |
1570 | return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL; | |
1571 | } | |
1572 | ||
1573 | /* It seems there are some records in the DNS that yield an empty name. We | |
1574 | treat this as non-existent. In some operating systems, this is returned as an | |
1575 | empty string; in others as a single dot. */ | |
1576 | ||
8ad076b2 | 1577 | if (hosts->h_name == NULL || hosts->h_name[0] == 0 || hosts->h_name[0] == '.') |
059ec3d9 PH |
1578 | { |
1579 | HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: " | |
1580 | "treated as non-existent host name\n"); | |
1581 | return FAIL; | |
1582 | } | |
1583 | ||
1584 | /* Copy and lowercase the name, which is in static storage in many systems. | |
1585 | Put it in permanent memory. */ | |
1586 | ||
5903c6ff | 1587 | s = US hosts->h_name; |
059ec3d9 PH |
1588 | len = Ustrlen(s) + 1; |
1589 | t = sender_host_name = store_get_perm(len); | |
1590 | while (*s != 0) *t++ = tolower(*s++); | |
1591 | *t = 0; | |
1592 | ||
1593 | /* If the host has aliases, build a copy of the alias list */ | |
1594 | ||
1595 | if (hosts->h_aliases != NULL) | |
1596 | { | |
1597 | int count = 1; | |
1598 | uschar **aliases, **ptr; | |
1599 | for (aliases = USS hosts->h_aliases; *aliases != NULL; aliases++) count++; | |
1600 | ptr = sender_host_aliases = store_get_perm(count * sizeof(uschar *)); | |
1601 | for (aliases = USS hosts->h_aliases; *aliases != NULL; aliases++) | |
1602 | { | |
1603 | uschar *s = *aliases; | |
1604 | int len = Ustrlen(s) + 1; | |
1605 | uschar *t = *ptr++ = store_get_perm(len); | |
1606 | while (*s != 0) *t++ = tolower(*s++); | |
1607 | *t = 0; | |
1608 | } | |
1609 | *ptr = NULL; | |
1610 | } | |
1611 | ||
1612 | return OK; | |
1613 | } | |
1614 | ||
1615 | ||
1616 | ||
1617 | /************************************************* | |
1618 | * Find host name for incoming call * | |
1619 | *************************************************/ | |
1620 | ||
1621 | /* Put the name in permanent store, pointed to by sender_host_name. We also set | |
1622 | up a list of alias names, pointed to by sender_host_alias. The list is | |
1623 | NULL-terminated. The incoming address is in sender_host_address, either in | |
1624 | dotted-quad form for IPv4 or in colon-separated form for IPv6. | |
1625 | ||
1626 | This function does a thorough check that the names it finds point back to the | |
1627 | incoming IP address. Any that do not are discarded. Note that this is relied on | |
1628 | by the ACL reverse_host_lookup check. | |
1629 | ||
1630 | On some systems, get{host,ipnode}byaddr() appears to do this internally, but | |
1631 | this it not universally true. Also, for release 4.30, this function was changed | |
1632 | to do a direct DNS lookup first, by default[1], because it turns out that that | |
1633 | is the only guaranteed way to find all the aliases on some systems. My | |
1634 | experiments indicate that Solaris gethostbyaddr() gives the aliases for but | |
1635 | Linux does not. | |
1636 | ||
1637 | [1] The actual order is controlled by the host_lookup_order option. | |
1638 | ||
1639 | Arguments: none | |
1640 | Returns: OK on success, the answer being placed in the global variable | |
1641 | sender_host_name, with any aliases in a list hung off | |
1642 | sender_host_aliases | |
1643 | FAIL if no host name can be found | |
1644 | DEFER if a temporary error was encountered | |
1645 | ||
4c04137d | 1646 | The variable host_lookup_msg is set to an empty string on success, or to a |
059ec3d9 | 1647 | reason for the failure otherwise, in a form suitable for tagging onto an error |
8e669ac1 | 1648 | message, and also host_lookup_failed is set TRUE if the lookup failed. If there |
b08b24c8 PH |
1649 | was a defer, host_lookup_deferred is set TRUE. |
1650 | ||
1651 | Any dynamically constructed string for host_lookup_msg must be in permanent | |
1652 | store, because it might be used for several incoming messages on the same SMTP | |
059ec3d9 PH |
1653 | connection. */ |
1654 | ||
1655 | int | |
1656 | host_name_lookup(void) | |
1657 | { | |
1658 | int old_pool, rc; | |
1659 | int sep = 0; | |
1660 | uschar *hname, *save_hostname; | |
1661 | uschar **aliases; | |
1662 | uschar buffer[256]; | |
1663 | uschar *ordername; | |
55414b25 | 1664 | const uschar *list = host_lookup_order; |
059ec3d9 PH |
1665 | dns_record *rr; |
1666 | dns_answer dnsa; | |
1667 | dns_scan dnss; | |
1668 | ||
1f4a55da | 1669 | sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE; |
b08b24c8 | 1670 | |
059ec3d9 PH |
1671 | HDEBUG(D_host_lookup) |
1672 | debug_printf("looking up host name for %s\n", sender_host_address); | |
1673 | ||
1674 | /* For testing the case when a lookup does not complete, we have a special | |
1675 | reserved IP address. */ | |
1676 | ||
1677 | if (running_in_test_harness && | |
1678 | Ustrcmp(sender_host_address, "99.99.99.99") == 0) | |
1679 | { | |
1680 | HDEBUG(D_host_lookup) | |
1681 | debug_printf("Test harness: host name lookup returns DEFER\n"); | |
8e669ac1 | 1682 | host_lookup_deferred = TRUE; |
059ec3d9 PH |
1683 | return DEFER; |
1684 | } | |
1685 | ||
1686 | /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in | |
1687 | the order specified by the host_lookup_order option. */ | |
1688 | ||
1f155f8e | 1689 | while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) |
059ec3d9 PH |
1690 | { |
1691 | if (strcmpic(ordername, US"bydns") == 0) | |
1692 | { | |
9d9c3746 | 1693 | dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */ |
059ec3d9 | 1694 | dns_build_reverse(sender_host_address, buffer); |
846430d9 | 1695 | rc = dns_lookup_timerwrap(&dnsa, buffer, T_PTR, NULL); |
059ec3d9 PH |
1696 | |
1697 | /* The first record we come across is used for the name; others are | |
1698 | considered to be aliases. We have to scan twice, in order to find out the | |
1699 | number of aliases. However, if all the names are empty, we will behave as | |
1700 | if failure. (PTR records that yield empty names have been encountered in | |
1701 | the DNS.) */ | |
1702 | ||
1703 | if (rc == DNS_SUCCEED) | |
1704 | { | |
1705 | uschar **aptr = NULL; | |
1706 | int ssize = 264; | |
1707 | int count = 0; | |
1708 | int old_pool = store_pool; | |
1709 | ||
1f4a55da PP |
1710 | sender_host_dnssec = dns_is_secure(&dnsa); |
1711 | DEBUG(D_dns) | |
1712 | debug_printf("Reverse DNS security status: %s\n", | |
1713 | sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified"); | |
1714 | ||
059ec3d9 PH |
1715 | store_pool = POOL_PERM; /* Save names in permanent storage */ |
1716 | ||
1717 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
1705dd20 | 1718 | rr; |
059ec3d9 | 1719 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) |
1705dd20 JH |
1720 | if (rr->type == T_PTR) |
1721 | count++; | |
059ec3d9 PH |
1722 | |
1723 | /* Get store for the list of aliases. For compatibility with | |
1724 | gethostbyaddr, we make an empty list if there are none. */ | |
1725 | ||
1726 | aptr = sender_host_aliases = store_get(count * sizeof(uschar *)); | |
1727 | ||
1728 | /* Re-scan and extract the names */ | |
1729 | ||
1730 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
1705dd20 | 1731 | rr; |
059ec3d9 PH |
1732 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) |
1733 | { | |
1734 | uschar *s = NULL; | |
1735 | if (rr->type != T_PTR) continue; | |
1736 | s = store_get(ssize); | |
1737 | ||
1738 | /* If an overlong response was received, the data will have been | |
1739 | truncated and dn_expand may fail. */ | |
1740 | ||
1741 | if (dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, | |
5903c6ff | 1742 | US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0) |
059ec3d9 PH |
1743 | { |
1744 | log_write(0, LOG_MAIN, "host name alias list truncated for %s", | |
1745 | sender_host_address); | |
1746 | break; | |
1747 | } | |
1748 | ||
1749 | store_reset(s + Ustrlen(s) + 1); | |
1750 | if (s[0] == 0) | |
1751 | { | |
1752 | HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an " | |
1753 | "empty name: treated as non-existent host name\n"); | |
1754 | continue; | |
1755 | } | |
1f155f8e JH |
1756 | if (!sender_host_name) sender_host_name = s; |
1757 | else *aptr++ = s; | |
059ec3d9 PH |
1758 | while (*s != 0) { *s = tolower(*s); s++; } |
1759 | } | |
1760 | ||
1761 | *aptr = NULL; /* End of alias list */ | |
1762 | store_pool = old_pool; /* Reset store pool */ | |
1763 | ||
1764 | /* If we've found a names, break out of the "order" loop */ | |
1765 | ||
1766 | if (sender_host_name != NULL) break; | |
1767 | } | |
1768 | ||
1769 | /* If the DNS lookup deferred, we must also defer. */ | |
1770 | ||
1771 | if (rc == DNS_AGAIN) | |
1772 | { | |
1773 | HDEBUG(D_host_lookup) | |
1774 | debug_printf("IP address PTR lookup gave temporary error\n"); | |
8e669ac1 | 1775 | host_lookup_deferred = TRUE; |
059ec3d9 PH |
1776 | return DEFER; |
1777 | } | |
1778 | } | |
1779 | ||
1780 | /* Do a lookup using gethostbyaddr() - or equivalent */ | |
1781 | ||
1782 | else if (strcmpic(ordername, US"byaddr") == 0) | |
1783 | { | |
1784 | HDEBUG(D_host_lookup) | |
1785 | debug_printf("IP address lookup using gethostbyaddr()\n"); | |
059ec3d9 | 1786 | rc = host_name_lookup_byaddr(); |
8e669ac1 | 1787 | if (rc == DEFER) |
b08b24c8 | 1788 | { |
8e669ac1 | 1789 | host_lookup_deferred = TRUE; |
b08b24c8 | 1790 | return rc; /* Can't carry on */ |
8e669ac1 | 1791 | } |
059ec3d9 PH |
1792 | if (rc == OK) break; /* Found a name */ |
1793 | } | |
1794 | } /* Loop for bydns/byaddr scanning */ | |
1795 | ||
1796 | /* If we have failed to find a name, return FAIL and log when required. | |
1797 | NB host_lookup_msg must be in permanent store. */ | |
1798 | ||
1799 | if (sender_host_name == NULL) | |
1800 | { | |
1801 | if (host_checking || !log_testing_mode) | |
1802 | log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP " | |
1803 | "address %s", sender_host_address); | |
1804 | host_lookup_msg = US" (failed to find host name from IP address)"; | |
b08b24c8 | 1805 | host_lookup_failed = TRUE; |
059ec3d9 PH |
1806 | return FAIL; |
1807 | } | |
1808 | ||
059ec3d9 PH |
1809 | HDEBUG(D_host_lookup) |
1810 | { | |
1811 | uschar **aliases = sender_host_aliases; | |
de11307f JH |
1812 | debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name); |
1813 | while (*aliases != NULL) debug_printf(" alias \"%s\"\n", *aliases++); | |
059ec3d9 PH |
1814 | } |
1815 | ||
1816 | /* We need to verify that a forward lookup on the name we found does indeed | |
1817 | correspond to the address. This is for security: in principle a malefactor who | |
1818 | happened to own a reverse zone could set it to point to any names at all. | |
1819 | ||
1820 | This code was present in versions of Exim before 3.20. At that point I took it | |
1821 | out because I thought that gethostbyaddr() did the check anyway. It turns out | |
1822 | that this isn't always the case, so it's coming back in at 4.01. This version | |
1823 | is actually better, because it also checks aliases. | |
1824 | ||
1825 | The code was made more robust at release 4.21. Prior to that, it accepted all | |
1826 | the names if any of them had the correct IP address. Now the code checks all | |
1827 | the names, and accepts only those that have the correct IP address. */ | |
1828 | ||
1829 | save_hostname = sender_host_name; /* Save for error messages */ | |
1830 | aliases = sender_host_aliases; | |
2546388c | 1831 | for (hname = sender_host_name; hname; hname = *aliases++) |
059ec3d9 PH |
1832 | { |
1833 | int rc; | |
1834 | BOOL ok = FALSE; | |
1835 | host_item h; | |
1f155f8e JH |
1836 | dnssec_domains d; |
1837 | ||
059ec3d9 PH |
1838 | h.next = NULL; |
1839 | h.name = hname; | |
1840 | h.mx = MX_NONE; | |
1841 | h.address = NULL; | |
1f155f8e JH |
1842 | d.request = sender_host_dnssec ? US"*" : NULL;; |
1843 | d.require = NULL; | |
059ec3d9 | 1844 | |
66387a73 | 1845 | if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA, |
1f155f8e JH |
1846 | NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND |
1847 | || rc == HOST_FOUND_LOCAL | |
1848 | ) | |
059ec3d9 PH |
1849 | { |
1850 | host_item *hh; | |
059ec3d9 | 1851 | HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname); |
1f155f8e JH |
1852 | |
1853 | /* If the forward lookup was not secure we cancel the is-secure variable */ | |
1854 | ||
1855 | DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n", | |
1856 | h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified"); | |
1857 | if (h.dnssec != DS_YES) sender_host_dnssec = FALSE; | |
1858 | ||
2546388c | 1859 | for (hh = &h; hh; hh = hh->next) |
d27f1df3 | 1860 | if (host_is_in_net(hh->address, sender_host_address, 0)) |
059ec3d9 PH |
1861 | { |
1862 | HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address); | |
1863 | ok = TRUE; | |
1864 | break; | |
1865 | } | |
1866 | else | |
059ec3d9 | 1867 | HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address); |
1f155f8e | 1868 | |
059ec3d9 PH |
1869 | if (!ok) HDEBUG(D_host_lookup) |
1870 | debug_printf("no IP address for %s matched %s\n", hname, | |
1871 | sender_host_address); | |
1872 | } | |
1873 | else if (rc == HOST_FIND_AGAIN) | |
1874 | { | |
1875 | HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n"); | |
8e669ac1 | 1876 | host_lookup_deferred = TRUE; |
55728a4f | 1877 | sender_host_name = NULL; |
059ec3d9 PH |
1878 | return DEFER; |
1879 | } | |
1880 | else | |
059ec3d9 | 1881 | HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname); |
059ec3d9 PH |
1882 | |
1883 | /* If this name is no good, and it's the sender name, set it null pro tem; | |
1884 | if it's an alias, just remove it from the list. */ | |
1885 | ||
1886 | if (!ok) | |
1887 | { | |
1888 | if (hname == sender_host_name) sender_host_name = NULL; else | |
1889 | { | |
1890 | uschar **a; /* Don't amalgamate - some */ | |
1891 | a = --aliases; /* compilers grumble */ | |
1892 | while (*a != NULL) { *a = a[1]; a++; } | |
1893 | } | |
1894 | } | |
1895 | } | |
1896 | ||
1897 | /* If sender_host_name == NULL, it means we didn't like the name. Replace | |
1898 | it with the first alias, if there is one. */ | |
1899 | ||
1900 | if (sender_host_name == NULL && *sender_host_aliases != NULL) | |
1901 | sender_host_name = *sender_host_aliases++; | |
1902 | ||
1903 | /* If we now have a main name, all is well. */ | |
1904 | ||
1905 | if (sender_host_name != NULL) return OK; | |
1906 | ||
1907 | /* We have failed to find an address that matches. */ | |
1908 | ||
1909 | HDEBUG(D_host_lookup) | |
1910 | debug_printf("%s does not match any IP address for %s\n", | |
1911 | sender_host_address, save_hostname); | |
1912 | ||
1913 | /* This message must be in permanent store */ | |
1914 | ||
1915 | old_pool = store_pool; | |
1916 | store_pool = POOL_PERM; | |
1917 | host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)", | |
1918 | sender_host_address, save_hostname); | |
1919 | store_pool = old_pool; | |
059ec3d9 PH |
1920 | host_lookup_failed = TRUE; |
1921 | return FAIL; | |
1922 | } | |
1923 | ||
1924 | ||
1925 | ||
1926 | ||
1927 | /************************************************* | |
1928 | * Find IP address(es) for host by name * | |
1929 | *************************************************/ | |
1930 | ||
1931 | /* The input is a host_item structure with the name filled in and the address | |
322050c2 PH |
1932 | field set to NULL. We use gethostbyname() or getipnodebyname() or |
1933 | gethostbyname2(), as appropriate. Of course, these functions may use the DNS, | |
1934 | but they do not do MX processing. It appears, however, that in some systems the | |
1935 | current setting of resolver options is used when one of these functions calls | |
1936 | the resolver. For this reason, we call dns_init() at the start, with arguments | |
1937 | influenced by bits in "flags", just as we do for host_find_bydns(). | |
059ec3d9 PH |
1938 | |
1939 | The second argument provides a host list (usually an IP list) of hosts to | |
1940 | ignore. This makes it possible to ignore IPv6 link-local addresses or loopback | |
1941 | addresses in unreasonable places. | |
1942 | ||
1943 | The lookup may result in a change of name. For compatibility with the dns | |
1944 | lookup, return this via fully_qualified_name as well as updating the host item. | |
1945 | The lookup may also yield more than one IP address, in which case chain on | |
1946 | subsequent host_item structures. | |
1947 | ||
1948 | Arguments: | |
1949 | host a host item with the name and MX filled in; | |
1950 | the address is to be filled in; | |
1951 | multiple IP addresses cause other host items to be | |
1952 | chained on. | |
1953 | ignore_target_hosts a list of hosts to ignore | |
322050c2 PH |
1954 | flags HOST_FIND_QUALIFY_SINGLE ) passed to |
1955 | HOST_FIND_SEARCH_PARENTS ) dns_init() | |
059ec3d9 PH |
1956 | fully_qualified_name if not NULL, set to point to host name for |
1957 | compatibility with host_find_bydns | |
1958 | local_host_check TRUE if a check for the local host is wanted | |
1959 | ||
1960 | Returns: HOST_FIND_FAILED Failed to find the host or domain | |
1961 | HOST_FIND_AGAIN Try again later | |
1962 | HOST_FOUND Host found - data filled in | |
1963 | HOST_FOUND_LOCAL Host found and is the local host | |
1964 | */ | |
1965 | ||
1966 | int | |
55414b25 JH |
1967 | host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags, |
1968 | const uschar **fully_qualified_name, BOOL local_host_check) | |
059ec3d9 PH |
1969 | { |
1970 | int i, yield, times; | |
1971 | uschar **addrlist; | |
1972 | host_item *last = NULL; | |
1973 | BOOL temp_error = FALSE; | |
b08b24c8 PH |
1974 | #if HAVE_IPV6 |
1975 | int af; | |
1976 | #endif | |
1977 | ||
322050c2 PH |
1978 | /* Make sure DNS options are set as required. This appears to be necessary in |
1979 | some circumstances when the get..byname() function actually calls the DNS. */ | |
1980 | ||
1981 | dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0, | |
8c51eead | 1982 | (flags & HOST_FIND_SEARCH_PARENTS) != 0, |
7cd171b7 | 1983 | FALSE); /* Cannot retrieve dnssec status so do not request */ |
322050c2 | 1984 | |
7e66e54d PH |
1985 | /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both |
1986 | kinds of address, so go round the loop twice. Note that we have ensured that | |
1987 | AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier | |
1988 | code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4 | |
1989 | lookups here (except when testing standalone). */ | |
059ec3d9 PH |
1990 | |
1991 | #if HAVE_IPV6 | |
322050c2 PH |
1992 | #ifdef STAND_ALONE |
1993 | if (disable_ipv6) | |
1994 | #else | |
1995 | if (disable_ipv6 || | |
1996 | (dns_ipv4_lookup != NULL && | |
55414b25 JH |
1997 | match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, |
1998 | MCL_DOMAIN, TRUE, NULL) == OK)) | |
322050c2 PH |
1999 | #endif |
2000 | ||
059ec3d9 PH |
2001 | { af = AF_INET; times = 1; } |
2002 | else | |
059ec3d9 PH |
2003 | { af = AF_INET6; times = 2; } |
2004 | ||
2005 | /* No IPv6 support */ | |
2006 | ||
2007 | #else /* HAVE_IPV6 */ | |
2008 | times = 1; | |
2009 | #endif /* HAVE_IPV6 */ | |
2010 | ||
2011 | /* Initialize the flag that gets set for DNS syntax check errors, so that the | |
2012 | interface to this function can be similar to host_find_bydns. */ | |
2013 | ||
2014 | host_find_failed_syntax = FALSE; | |
2015 | ||
2016 | /* Loop to look up both kinds of address in an IPv6 world */ | |
2017 | ||
2018 | for (i = 1; i <= times; | |
2019 | #if HAVE_IPV6 | |
2020 | af = AF_INET, /* If 2 passes, IPv4 on the second */ | |
2021 | #endif | |
2022 | i++) | |
2023 | { | |
2024 | BOOL ipv4_addr; | |
91ecef39 | 2025 | int error_num = 0; |
059ec3d9 | 2026 | struct hostent *hostdata; |
0539a19d | 2027 | unsigned long time_msec = 0; /* compiler quietening */ |
059ec3d9 | 2028 | |
322050c2 PH |
2029 | #ifdef STAND_ALONE |
2030 | printf("Looking up: %s\n", host->name); | |
2031 | #endif | |
2032 | ||
846430d9 JH |
2033 | if (slow_lookup_log) time_msec = get_time_in_ms(); |
2034 | ||
059ec3d9 | 2035 | #if HAVE_IPV6 |
e7726cbf PH |
2036 | if (running_in_test_harness) |
2037 | hostdata = host_fake_gethostbyname(host->name, af, &error_num); | |
2038 | else | |
2039 | { | |
059ec3d9 PH |
2040 | #if HAVE_GETIPNODEBYNAME |
2041 | hostdata = getipnodebyname(CS host->name, af, 0, &error_num); | |
2042 | #else | |
2043 | hostdata = gethostbyname2(CS host->name, af); | |
2044 | error_num = h_errno; | |
2045 | #endif | |
e7726cbf PH |
2046 | } |
2047 | ||
2048 | #else /* not HAVE_IPV6 */ | |
2049 | if (running_in_test_harness) | |
2050 | hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num); | |
2051 | else | |
2052 | { | |
2053 | hostdata = gethostbyname(CS host->name); | |
2054 | error_num = h_errno; | |
2055 | } | |
2056 | #endif /* HAVE_IPV6 */ | |
059ec3d9 | 2057 | |
0539a19d | 2058 | if ( slow_lookup_log |
abe1353e HSHR |
2059 | && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log) |
2060 | log_long_lookup(US"name", host->name, time_msec); | |
846430d9 | 2061 | |
059ec3d9 PH |
2062 | if (hostdata == NULL) |
2063 | { | |
2064 | uschar *error; | |
2065 | switch (error_num) | |
2066 | { | |
2067 | case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break; | |
4a452c43 JH |
2068 | case TRY_AGAIN: error = US"TRY_AGAIN"; break; |
2069 | case NO_RECOVERY: error = US"NO_RECOVERY"; break; | |
2070 | case NO_DATA: error = US"NO_DATA"; break; | |
059ec3d9 | 2071 | #if NO_DATA != NO_ADDRESS |
4a452c43 | 2072 | case NO_ADDRESS: error = US"NO_ADDRESS"; break; |
059ec3d9 PH |
2073 | #endif |
2074 | default: error = US"?"; break; | |
2075 | } | |
2076 | ||
2077 | DEBUG(D_host_lookup) debug_printf("%s returned %d (%s)\n", | |
2078 | #if HAVE_IPV6 | |
2079 | #if HAVE_GETIPNODEBYNAME | |
2080 | (af == AF_INET6)? "getipnodebyname(af=inet6)" : "getipnodebyname(af=inet)", | |
2081 | #else | |
2082 | (af == AF_INET6)? "gethostbyname2(af=inet6)" : "gethostbyname2(af=inet)", | |
2083 | #endif | |
2084 | #else | |
2085 | "gethostbyname", | |
2086 | #endif | |
2087 | error_num, error); | |
2088 | ||
2089 | if (error_num == TRY_AGAIN || error_num == NO_RECOVERY) temp_error = TRUE; | |
2090 | continue; | |
2091 | } | |
2092 | if ((hostdata->h_addr_list)[0] == NULL) continue; | |
2093 | ||
2094 | /* Replace the name with the fully qualified one if necessary, and fill in | |
2095 | the fully_qualified_name pointer. */ | |
2096 | ||
2097 | if (hostdata->h_name[0] != 0 && | |
2098 | Ustrcmp(host->name, hostdata->h_name) != 0) | |
5903c6ff | 2099 | host->name = string_copy_dnsdomain(US hostdata->h_name); |
059ec3d9 PH |
2100 | if (fully_qualified_name != NULL) *fully_qualified_name = host->name; |
2101 | ||
2102 | /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished | |
2103 | by their different lengths. Scan the list, ignoring any that are to be | |
2104 | ignored, and build a chain from the rest. */ | |
2105 | ||
2106 | ipv4_addr = hostdata->h_length == sizeof(struct in_addr); | |
2107 | ||
2108 | for (addrlist = USS hostdata->h_addr_list; *addrlist != NULL; addrlist++) | |
2109 | { | |
2110 | uschar *text_address = | |
2111 | host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL); | |
2112 | ||
2113 | #ifndef STAND_ALONE | |
2114 | if (ignore_target_hosts != NULL && | |
2115 | verify_check_this_host(&ignore_target_hosts, NULL, host->name, | |
2116 | text_address, NULL) == OK) | |
2117 | { | |
2118 | DEBUG(D_host_lookup) | |
2119 | debug_printf("ignored host %s [%s]\n", host->name, text_address); | |
2120 | continue; | |
2121 | } | |
2122 | #endif | |
2123 | ||
2124 | /* If this is the first address, last == NULL and we put the data in the | |
2125 | original block. */ | |
2126 | ||
2127 | if (last == NULL) | |
2128 | { | |
2129 | host->address = text_address; | |
2130 | host->port = PORT_NONE; | |
2131 | host->status = hstatus_unknown; | |
2132 | host->why = hwhy_unknown; | |
783b385f | 2133 | host->dnssec = DS_UNK; |
059ec3d9 PH |
2134 | last = host; |
2135 | } | |
2136 | ||
2137 | /* Else add further host item blocks for any other addresses, keeping | |
2138 | the order. */ | |
2139 | ||
2140 | else | |
2141 | { | |
2142 | host_item *next = store_get(sizeof(host_item)); | |
2143 | next->name = host->name; | |
2144 | next->mx = host->mx; | |
2145 | next->address = text_address; | |
2146 | next->port = PORT_NONE; | |
2147 | next->status = hstatus_unknown; | |
2148 | next->why = hwhy_unknown; | |
783b385f | 2149 | next->dnssec = DS_UNK; |
059ec3d9 PH |
2150 | next->last_try = 0; |
2151 | next->next = last->next; | |
2152 | last->next = next; | |
2153 | last = next; | |
2154 | } | |
2155 | } | |
2156 | } | |
2157 | ||
2158 | /* If no hosts were found, the address field in the original host block will be | |
2159 | NULL. If temp_error is set, at least one of the lookups gave a temporary error, | |
2160 | so we pass that back. */ | |
2161 | ||
2162 | if (host->address == NULL) | |
2163 | { | |
2164 | uschar *msg = | |
2165 | #ifndef STAND_ALONE | |
2166 | (message_id[0] == 0 && smtp_in != NULL)? | |
2167 | string_sprintf("no IP address found for host %s (during %s)", host->name, | |
2168 | smtp_get_connection_info()) : | |
2169 | #endif | |
2170 | string_sprintf("no IP address found for host %s", host->name); | |
2171 | ||
2172 | HDEBUG(D_host_lookup) debug_printf("%s\n", msg); | |
9b8fadde | 2173 | if (temp_error) goto RETURN_AGAIN; |
059ec3d9 PH |
2174 | if (host_checking || !log_testing_mode) |
2175 | log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg); | |
2176 | return HOST_FIND_FAILED; | |
2177 | } | |
2178 | ||
2179 | /* Remove any duplicate IP addresses, then check to see if this is the local | |
2180 | host if required. */ | |
2181 | ||
2182 | host_remove_duplicates(host, &last); | |
2183 | yield = local_host_check? | |
2184 | host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND; | |
2185 | ||
059ec3d9 PH |
2186 | HDEBUG(D_host_lookup) |
2187 | { | |
55414b25 | 2188 | const host_item *h; |
059ec3d9 PH |
2189 | if (fully_qualified_name != NULL) |
2190 | debug_printf("fully qualified name = %s\n", *fully_qualified_name); | |
2191 | debug_printf("%s looked up these IP addresses:\n", | |
2192 | #if HAVE_IPV6 | |
2193 | #if HAVE_GETIPNODEBYNAME | |
2194 | "getipnodebyname" | |
2195 | #else | |
2196 | "gethostbyname2" | |
2197 | #endif | |
2198 | #else | |
2199 | "gethostbyname" | |
2200 | #endif | |
2201 | ); | |
2202 | for (h = host; h != last->next; h = h->next) | |
2203 | debug_printf(" name=%s address=%s\n", h->name, | |
2204 | (h->address == NULL)? US"<null>" : h->address); | |
2205 | } | |
2206 | ||
2207 | /* Return the found status. */ | |
2208 | ||
2209 | return yield; | |
9b8fadde PH |
2210 | |
2211 | /* Handle the case when there is a temporary error. If the name matches | |
2212 | dns_again_means_nonexist, return permanent rather than temporary failure. */ | |
2213 | ||
2214 | RETURN_AGAIN: | |
2215 | { | |
2216 | #ifndef STAND_ALONE | |
2217 | int rc; | |
55414b25 | 2218 | const uschar *save = deliver_domain; |
9b8fadde | 2219 | deliver_domain = host->name; /* set $domain */ |
55414b25 | 2220 | rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, NULL, NULL, |
9b8fadde PH |
2221 | MCL_DOMAIN, TRUE, NULL); |
2222 | deliver_domain = save; | |
2223 | if (rc == OK) | |
2224 | { | |
2225 | DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: " | |
2226 | "returning HOST_FIND_FAILED\n", host->name); | |
2227 | return HOST_FIND_FAILED; | |
2228 | } | |
2229 | #endif | |
2230 | return HOST_FIND_AGAIN; | |
2231 | } | |
059ec3d9 PH |
2232 | } |
2233 | ||
2234 | ||
2235 | ||
2236 | /************************************************* | |
2237 | * Fill in a host address from the DNS * | |
2238 | *************************************************/ | |
2239 | ||
1349e1e5 PH |
2240 | /* Given a host item, with its name, port and mx fields set, and its address |
2241 | field set to NULL, fill in its IP address from the DNS. If it is multi-homed, | |
2242 | create additional host items for the additional addresses, copying all the | |
2243 | other fields, and randomizing the order. | |
059ec3d9 | 2244 | |
66387a73 | 2245 | On IPv6 systems, AAAA records are sought first, then A records. |
059ec3d9 PH |
2246 | |
2247 | The host name may be changed if the DNS returns a different name - e.g. fully | |
2248 | qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup | |
2249 | ensures that it points to the fully qualified name. However, this is the fully | |
2250 | qualified version of the original name; if a CNAME is involved, the actual | |
2251 | canonical host name may be different again, and so we get it directly from the | |
2252 | relevant RR. Note that we do NOT change the mx field of the host item in this | |
2253 | function as it may be called to set the addresses of hosts taken from MX | |
2254 | records. | |
2255 | ||
2256 | Arguments: | |
2257 | host points to the host item we're filling in | |
2258 | lastptr points to pointer to last host item in a chain of | |
2259 | host items (may be updated if host is last and gets | |
2260 | extended because multihomed) | |
2261 | ignore_target_hosts list of hosts to ignore | |
2262 | allow_ip if TRUE, recognize an IP address and return it | |
2263 | fully_qualified_name if not NULL, return fully qualified name here if | |
2264 | the contents are different (i.e. it must be preset | |
2265 | to something) | |
221dff13 HSHR |
2266 | dnssec_request if TRUE request the AD bit |
2267 | dnssec_require if TRUE require the AD bit | |
66387a73 | 2268 | whichrrs select ipv4, ipv6 results |
059ec3d9 PH |
2269 | |
2270 | Returns: HOST_FIND_FAILED couldn't find A record | |
2271 | HOST_FIND_AGAIN try again later | |
2546388c | 2272 | HOST_FIND_SECURITY dnssec required but not acheived |
059ec3d9 PH |
2273 | HOST_FOUND found AAAA and/or A record(s) |
2274 | HOST_IGNORED found, but all IPs ignored | |
2275 | */ | |
2276 | ||
2277 | static int | |
2278 | set_address_from_dns(host_item *host, host_item **lastptr, | |
55414b25 JH |
2279 | const uschar *ignore_target_hosts, BOOL allow_ip, |
2280 | const uschar **fully_qualified_name, | |
66387a73 | 2281 | BOOL dnssec_request, BOOL dnssec_require, int whichrrs) |
059ec3d9 PH |
2282 | { |
2283 | dns_record *rr; | |
2284 | host_item *thishostlast = NULL; /* Indicates not yet filled in anything */ | |
2285 | BOOL v6_find_again = FALSE; | |
2546388c | 2286 | BOOL dnssec_fail = FALSE; |
059ec3d9 PH |
2287 | int i; |
2288 | ||
2289 | /* If allow_ip is set, a name which is an IP address returns that value | |
2290 | as its address. This is used for MX records when allow_mx_to_ip is set, for | |
2291 | those sites that feel they have to flaunt the RFC rules. */ | |
2292 | ||
2293 | if (allow_ip && string_is_ip_address(host->name, NULL) != 0) | |
2294 | { | |
2295 | #ifndef STAND_ALONE | |
66387a73 JH |
2296 | if ( ignore_target_hosts |
2297 | && verify_check_this_host(&ignore_target_hosts, NULL, host->name, | |
059ec3d9 PH |
2298 | host->name, NULL) == OK) |
2299 | return HOST_IGNORED; | |
2300 | #endif | |
2301 | ||
2302 | host->address = host->name; | |
059ec3d9 PH |
2303 | return HOST_FOUND; |
2304 | } | |
2305 | ||
0539a19d | 2306 | /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice, |
66387a73 JH |
2307 | looking for AAAA records the first time. However, unless doing standalone |
2308 | testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global. | |
2309 | On an IPv4 system, go round the loop once only, looking only for A records. */ | |
059ec3d9 PH |
2310 | |
2311 | #if HAVE_IPV6 | |
059ec3d9 | 2312 | #ifndef STAND_ALONE |
66387a73 JH |
2313 | if ( disable_ipv6 |
2314 | || !(whichrrs & HOST_FIND_BY_AAAA) | |
2315 | || (dns_ipv4_lookup | |
2316 | && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, | |
2317 | MCL_DOMAIN, TRUE, NULL) == OK) | |
2318 | ) | |
059ec3d9 PH |
2319 | i = 0; /* look up A records only */ |
2320 | else | |
2321 | #endif /* STAND_ALONE */ | |
2322 | ||
059ec3d9 | 2323 | i = 1; /* look up AAAA and A records */ |
059ec3d9 PH |
2324 | |
2325 | /* The IPv4 world */ | |
2326 | ||
2327 | #else /* HAVE_IPV6 */ | |
2328 | i = 0; /* look up A records only */ | |
2329 | #endif /* HAVE_IPV6 */ | |
2330 | ||
2331 | for (; i >= 0; i--) | |
2332 | { | |
0539a19d | 2333 | static int types[] = { T_A, T_AAAA }; |
059ec3d9 | 2334 | int type = types[i]; |
66387a73 JH |
2335 | int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0) |
2336 | ? 500 : 0; /* Ensures v6/4 sort order */ | |
059ec3d9 PH |
2337 | dns_answer dnsa; |
2338 | dns_scan dnss; | |
2339 | ||
846430d9 | 2340 | int rc = dns_lookup_timerwrap(&dnsa, host->name, type, fully_qualified_name); |
cf2b569e | 2341 | lookup_dnssec_authenticated = !dnssec_request ? NULL |
4e0983dc | 2342 | : dns_is_secure(&dnsa) ? US"yes" : US"no"; |
059ec3d9 | 2343 | |
221dff13 | 2344 | DEBUG(D_dns) |
0539a19d JH |
2345 | if ( (dnssec_request || dnssec_require) |
2346 | && !dns_is_secure(&dnsa) | |
2347 | && dns_is_aa(&dnsa) | |
2348 | ) | |
2349 | debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name); | |
221dff13 | 2350 | |
0539a19d | 2351 | /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups |
059ec3d9 PH |
2352 | fails or times out, but not if another one succeeds. (In the early |
2353 | IPv6 days there are name servers that always fail on AAAA, but are happy | |
2354 | to give out an A record. We want to proceed with that A record.) */ | |
8e669ac1 | 2355 | |
059ec3d9 PH |
2356 | if (rc != DNS_SUCCEED) |
2357 | { | |
2358 | if (i == 0) /* Just tried for an A record, i.e. end of loop */ | |
2359 | { | |
0539a19d | 2360 | if (host->address != NULL) return HOST_FOUND; /* AAAA was found */ |
059ec3d9 PH |
2361 | if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again) |
2362 | return HOST_FIND_AGAIN; | |
2363 | return HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */ | |
2364 | } | |
2365 | ||
0539a19d | 2366 | /* Tried for an AAAA record: remember if this was a temporary |
059ec3d9 PH |
2367 | error, and look for the next record type. */ |
2368 | ||
2369 | if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE; | |
2370 | continue; | |
2371 | } | |
cf2b569e JH |
2372 | |
2373 | if (dnssec_request) | |
8c51eead | 2374 | { |
cf2b569e JH |
2375 | if (dns_is_secure(&dnsa)) |
2376 | { | |
2377 | DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name); | |
2378 | if (host->dnssec == DS_UNK) /* set in host_find_bydns() */ | |
2379 | host->dnssec = DS_YES; | |
2380 | } | |
2381 | else | |
2382 | { | |
2383 | if (dnssec_require) | |
2384 | { | |
2546388c JH |
2385 | dnssec_fail = TRUE; |
2386 | DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s", | |
0539a19d | 2387 | i>0 ? "AAAA" : "A", host->name); |
cf2b569e JH |
2388 | continue; |
2389 | } | |
2390 | if (host->dnssec == DS_YES) /* set in host_find_bydns() */ | |
2391 | { | |
2392 | DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name); | |
2393 | host->dnssec = DS_NO; | |
2394 | lookup_dnssec_authenticated = US"no"; | |
2395 | } | |
2396 | } | |
8c51eead | 2397 | } |
059ec3d9 PH |
2398 | |
2399 | /* Lookup succeeded: fill in the given host item with the first non-ignored | |
2400 | address found; create additional items for any others. A single A6 record | |
8241d8dd JH |
2401 | may generate more than one address. The lookup had a chance to update the |
2402 | fqdn; we do not want any later times round the loop to do so. */ | |
2403 | ||
2404 | fully_qualified_name = NULL; | |
059ec3d9 PH |
2405 | |
2406 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
e1a3f32f | 2407 | rr; |
059ec3d9 PH |
2408 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) |
2409 | { | |
2410 | if (rr->type == type) | |
2411 | { | |
d57d474f | 2412 | dns_address *da = dns_address_from_rr(&dnsa, rr); |
059ec3d9 PH |
2413 | |
2414 | DEBUG(D_host_lookup) | |
e1a3f32f | 2415 | if (!da) debug_printf("no addresses extracted from A6 RR for %s\n", |
059ec3d9 | 2416 | host->name); |
059ec3d9 PH |
2417 | |
2418 | /* This loop runs only once for A and AAAA records, but may run | |
2419 | several times for an A6 record that generated multiple addresses. */ | |
2420 | ||
e1a3f32f | 2421 | for (; da; da = da->next) |
059ec3d9 PH |
2422 | { |
2423 | #ifndef STAND_ALONE | |
2424 | if (ignore_target_hosts != NULL && | |
2425 | verify_check_this_host(&ignore_target_hosts, NULL, | |
2426 | host->name, da->address, NULL) == OK) | |
2427 | { | |
2428 | DEBUG(D_host_lookup) | |
2429 | debug_printf("ignored host %s [%s]\n", host->name, da->address); | |
2430 | continue; | |
2431 | } | |
2432 | #endif | |
2433 | ||
2434 | /* If this is the first address, stick it in the given host block, | |
2435 | and change the name if the returned RR has a different name. */ | |
2436 | ||
2437 | if (thishostlast == NULL) | |
2438 | { | |
2439 | if (strcmpic(host->name, rr->name) != 0) | |
2440 | host->name = string_copy_dnsdomain(rr->name); | |
2441 | host->address = da->address; | |
059ec3d9 PH |
2442 | host->sort_key = host->mx * 1000 + random_number(500) + randoffset; |
2443 | host->status = hstatus_unknown; | |
2444 | host->why = hwhy_unknown; | |
2445 | thishostlast = host; | |
2446 | } | |
2447 | ||
2448 | /* Not the first address. Check for, and ignore, duplicates. Then | |
2449 | insert in the chain at a random point. */ | |
2450 | ||
2451 | else | |
2452 | { | |
2453 | int new_sort_key; | |
2454 | host_item *next; | |
2455 | ||
2456 | /* End of our local chain is specified by "thishostlast". */ | |
2457 | ||
2458 | for (next = host;; next = next->next) | |
2459 | { | |
2460 | if (Ustrcmp(CS da->address, next->address) == 0) break; | |
2461 | if (next == thishostlast) { next = NULL; break; } | |
2462 | } | |
2463 | if (next != NULL) continue; /* With loop for next address */ | |
2464 | ||
2465 | /* Not a duplicate */ | |
2466 | ||
2467 | new_sort_key = host->mx * 1000 + random_number(500) + randoffset; | |
2468 | next = store_get(sizeof(host_item)); | |
2469 | ||
2470 | /* New address goes first: insert the new block after the first one | |
2471 | (so as not to disturb the original pointer) but put the new address | |
2472 | in the original block. */ | |
2473 | ||
2474 | if (new_sort_key < host->sort_key) | |
2475 | { | |
1349e1e5 | 2476 | *next = *host; /* Copies port */ |
059ec3d9 PH |
2477 | host->next = next; |
2478 | host->address = da->address; | |
059ec3d9 PH |
2479 | host->sort_key = new_sort_key; |
2480 | if (thishostlast == host) thishostlast = next; /* Local last */ | |
2481 | if (*lastptr == host) *lastptr = next; /* Global last */ | |
2482 | } | |
2483 | ||
2484 | /* Otherwise scan down the addresses for this host to find the | |
2485 | one to insert after. */ | |
2486 | ||
2487 | else | |
2488 | { | |
2489 | host_item *h = host; | |
2490 | while (h != thishostlast) | |
2491 | { | |
2492 | if (new_sort_key < h->next->sort_key) break; | |
2493 | h = h->next; | |
2494 | } | |
1349e1e5 | 2495 | *next = *h; /* Copies port */ |
059ec3d9 PH |
2496 | h->next = next; |
2497 | next->address = da->address; | |
059ec3d9 PH |
2498 | next->sort_key = new_sort_key; |
2499 | if (h == thishostlast) thishostlast = next; /* Local last */ | |
2500 | if (h == *lastptr) *lastptr = next; /* Global last */ | |
2501 | } | |
2502 | } | |
2503 | } | |
2504 | } | |
2505 | } | |
2506 | } | |
2507 | ||
2546388c | 2508 | /* Control gets here only if the second lookup (the A record) succeeded. |
059ec3d9 PH |
2509 | However, the address may not be filled in if it was ignored. */ |
2510 | ||
2546388c JH |
2511 | return host->address |
2512 | ? HOST_FOUND | |
2513 | : dnssec_fail | |
2514 | ? HOST_FIND_SECURITY | |
2515 | : HOST_IGNORED; | |
059ec3d9 PH |
2516 | } |
2517 | ||
2518 | ||
2519 | ||
2520 | ||
2521 | /************************************************* | |
1349e1e5 | 2522 | * Find IP addresses and host names via DNS * |
059ec3d9 PH |
2523 | *************************************************/ |
2524 | ||
1349e1e5 PH |
2525 | /* The input is a host_item structure with the name field filled in and the |
2526 | address field set to NULL. This may be in a chain of other host items. The | |
2527 | lookup may result in more than one IP address, in which case we must created | |
2528 | new host blocks for the additional addresses, and insert them into the chain. | |
2529 | The original name may not be fully qualified. Use the fully_qualified_name | |
2530 | argument to return the official name, as returned by the resolver. | |
059ec3d9 PH |
2531 | |
2532 | Arguments: | |
2533 | host point to initial host item | |
2534 | ignore_target_hosts a list of hosts to ignore | |
2535 | whichrrs flags indicating which RRs to look for: | |
2536 | HOST_FIND_BY_SRV => look for SRV | |
2537 | HOST_FIND_BY_MX => look for MX | |
66387a73 JH |
2538 | HOST_FIND_BY_A => look for A |
2539 | HOST_FIND_BY_AAAA => look for AAAA | |
059ec3d9 PH |
2540 | also flags indicating how the lookup is done |
2541 | HOST_FIND_QUALIFY_SINGLE ) passed to the | |
2542 | HOST_FIND_SEARCH_PARENTS ) resolver | |
66387a73 JH |
2543 | HOST_FIND_IPV4_FIRST => reverse usual result ordering |
2544 | HOST_FIND_IPV4_ONLY => MX results elide ipv6 | |
059ec3d9 PH |
2545 | srv_service when SRV used, the service name |
2546 | srv_fail_domains DNS errors for these domains => assume nonexist | |
2547 | mx_fail_domains DNS errors for these domains => assume nonexist | |
7cd171b7 JH |
2548 | dnssec_d.request => make dnssec request: domainlist |
2549 | dnssec_d.require => ditto and nonexist failures | |
059ec3d9 PH |
2550 | fully_qualified_name if not NULL, return fully-qualified name |
2551 | removed set TRUE if local host was removed from the list | |
2552 | ||
2553 | Returns: HOST_FIND_FAILED Failed to find the host or domain; | |
2554 | if there was a syntax error, | |
2555 | host_find_failed_syntax is set. | |
2556 | HOST_FIND_AGAIN Could not resolve at this time | |
2546388c | 2557 | HOST_FIND_SECURITY dnsssec required but not acheived |
059ec3d9 PH |
2558 | HOST_FOUND Host found |
2559 | HOST_FOUND_LOCAL The lowest MX record points to this | |
2560 | machine, if MX records were found, or | |
2561 | an A record that was found contains | |
2562 | an address of the local host | |
2563 | */ | |
2564 | ||
2565 | int | |
55414b25 | 2566 | host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs, |
059ec3d9 | 2567 | uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains, |
7cd171b7 | 2568 | const dnssec_domains *dnssec_d, |
55414b25 | 2569 | const uschar **fully_qualified_name, BOOL *removed) |
059ec3d9 PH |
2570 | { |
2571 | host_item *h, *last; | |
2572 | dns_record *rr; | |
2573 | int rc = DNS_FAIL; | |
2574 | int ind_type = 0; | |
2575 | int yield; | |
2576 | dns_answer dnsa; | |
2577 | dns_scan dnss; | |
7cd171b7 JH |
2578 | BOOL dnssec_require = dnssec_d |
2579 | && match_isinlist(host->name, CUSS &dnssec_d->require, | |
8c51eead | 2580 | 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK; |
783b385f | 2581 | BOOL dnssec_request = dnssec_require |
7cd171b7 JH |
2582 | || ( dnssec_d |
2583 | && match_isinlist(host->name, CUSS &dnssec_d->request, | |
2584 | 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK); | |
783b385f | 2585 | dnssec_status_t dnssec; |
059ec3d9 PH |
2586 | |
2587 | /* Set the default fully qualified name to the incoming name, initialize the | |
2588 | resolver if necessary, set up the relevant options, and initialize the flag | |
2589 | that gets set for DNS syntax check errors. */ | |
2590 | ||
2591 | if (fully_qualified_name != NULL) *fully_qualified_name = host->name; | |
2592 | dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0, | |
8c51eead | 2593 | (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0, |
1f155f8e | 2594 | dnssec_request); |
059ec3d9 PH |
2595 | host_find_failed_syntax = FALSE; |
2596 | ||
2597 | /* First, if requested, look for SRV records. The service name is given; we | |
221dff13 | 2598 | assume TCP protocol. DNS domain names are constrained to a maximum of 256 |
059ec3d9 PH |
2599 | characters, so the code below should be safe. */ |
2600 | ||
2601 | if ((whichrrs & HOST_FIND_BY_SRV) != 0) | |
2602 | { | |
2603 | uschar buffer[300]; | |
2604 | uschar *temp_fully_qualified_name = buffer; | |
2605 | int prefix_length; | |
2606 | ||
2607 | (void)sprintf(CS buffer, "_%s._tcp.%n%.256s", srv_service, &prefix_length, | |
2608 | host->name); | |
2609 | ind_type = T_SRV; | |
2610 | ||
2611 | /* Search for SRV records. If the fully qualified name is different to | |
2612 | the input name, pass back the new original domain, without the prepended | |
2613 | magic. */ | |
2614 | ||
783b385f JH |
2615 | dnssec = DS_UNK; |
2616 | lookup_dnssec_authenticated = NULL; | |
846430d9 | 2617 | rc = dns_lookup_timerwrap(&dnsa, buffer, ind_type, CUSS &temp_fully_qualified_name); |
783b385f | 2618 | |
221dff13 HSHR |
2619 | DEBUG(D_dns) |
2620 | if ((dnssec_request || dnssec_require) | |
8f07c250 JH |
2621 | && !dns_is_secure(&dnsa) |
2622 | && dns_is_aa(&dnsa)) | |
221dff13 HSHR |
2623 | debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name); |
2624 | ||
783b385f JH |
2625 | if (dnssec_request) |
2626 | { | |
2627 | if (dns_is_secure(&dnsa)) | |
2628 | { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; } | |
2629 | else | |
2630 | { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; } | |
2631 | } | |
4e0983dc | 2632 | |
059ec3d9 PH |
2633 | if (temp_fully_qualified_name != buffer && fully_qualified_name != NULL) |
2634 | *fully_qualified_name = temp_fully_qualified_name + prefix_length; | |
2635 | ||
2636 | /* On DNS failures, we give the "try again" error unless the domain is | |
2637 | listed as one for which we continue. */ | |
2638 | ||
8c51eead JH |
2639 | if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(&dnsa)) |
2640 | { | |
2641 | log_write(L_host_lookup_failed, LOG_MAIN, | |
2642 | "dnssec fail on SRV for %.256s", host->name); | |
2643 | rc = DNS_FAIL; | |
2644 | } | |
059ec3d9 PH |
2645 | if (rc == DNS_FAIL || rc == DNS_AGAIN) |
2646 | { | |
e7726cbf | 2647 | #ifndef STAND_ALONE |
55414b25 JH |
2648 | if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, NULL, NULL, |
2649 | MCL_DOMAIN, TRUE, NULL) != OK) | |
e7726cbf | 2650 | #endif |
8c51eead | 2651 | { yield = HOST_FIND_AGAIN; goto out; } |
059ec3d9 PH |
2652 | DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " |
2653 | "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN"); | |
2654 | } | |
2655 | } | |
2656 | ||
2657 | /* If we did not find any SRV records, search the DNS for MX records, if | |
2658 | requested to do so. If the result is DNS_NOMATCH, it means there is no such | |
2659 | domain, and there's no point in going on to look for address records with the | |
2660 | same domain. The result will be DNS_NODATA if the domain exists but has no MX | |
2661 | records. On DNS failures, we give the "try again" error unless the domain is | |
2662 | listed as one for which we continue. */ | |
2663 | ||
2546388c | 2664 | if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) |
059ec3d9 PH |
2665 | { |
2666 | ind_type = T_MX; | |
783b385f JH |
2667 | dnssec = DS_UNK; |
2668 | lookup_dnssec_authenticated = NULL; | |
846430d9 | 2669 | rc = dns_lookup_timerwrap(&dnsa, host->name, ind_type, fully_qualified_name); |
783b385f | 2670 | |
221dff13 | 2671 | DEBUG(D_dns) |
2546388c JH |
2672 | if ( (dnssec_request || dnssec_require) |
2673 | && !dns_is_secure(&dnsa) | |
2674 | && dns_is_aa(&dnsa)) | |
cf3d165f | 2675 | debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name); |
221dff13 | 2676 | |
783b385f | 2677 | if (dnssec_request) |
783b385f | 2678 | if (dns_is_secure(&dnsa)) |
94431adb | 2679 | { |
cf2b569e JH |
2680 | DEBUG(D_host_lookup) debug_printf("%s MX DNSSEC\n", host->name); |
2681 | dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; | |
2682 | } | |
783b385f | 2683 | else |
cf2b569e JH |
2684 | { |
2685 | dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; | |
2686 | } | |
4e0983dc | 2687 | |
8c51eead JH |
2688 | switch (rc) |
2689 | { | |
2690 | case DNS_NOMATCH: | |
2691 | yield = HOST_FIND_FAILED; goto out; | |
2692 | ||
2693 | case DNS_SUCCEED: | |
2694 | if (!dnssec_require || dns_is_secure(&dnsa)) | |
2695 | break; | |
2546388c JH |
2696 | DEBUG(D_host_lookup) |
2697 | debug_printf("dnssec fail on MX for %.256s", host->name); | |
2698 | #ifndef STAND_ALONE | |
2699 | if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, | |
2700 | MCL_DOMAIN, TRUE, NULL) != OK) | |
2701 | { yield = HOST_FIND_SECURITY; goto out; } | |
2702 | #endif | |
8c51eead | 2703 | rc = DNS_FAIL; |
cf2b569e | 2704 | /*FALLTHROUGH*/ |
8c51eead JH |
2705 | |
2706 | case DNS_FAIL: | |
2707 | case DNS_AGAIN: | |
2546388c | 2708 | #ifndef STAND_ALONE |
55414b25 JH |
2709 | if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, |
2710 | MCL_DOMAIN, TRUE, NULL) != OK) | |
2546388c | 2711 | #endif |
8c51eead JH |
2712 | { yield = HOST_FIND_AGAIN; goto out; } |
2713 | DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " | |
2714 | "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN"); | |
2715 | break; | |
059ec3d9 PH |
2716 | } |
2717 | } | |
2718 | ||
2719 | /* If we haven't found anything yet, and we are requested to do so, try for an | |
2720 | A or AAAA record. If we find it (or them) check to see that it isn't the local | |
2721 | host. */ | |
2722 | ||
2723 | if (rc != DNS_SUCCEED) | |
2724 | { | |
66387a73 | 2725 | if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA))) |
059ec3d9 PH |
2726 | { |
2727 | DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n"); | |
8c51eead JH |
2728 | yield = HOST_FIND_FAILED; |
2729 | goto out; | |
059ec3d9 PH |
2730 | } |
2731 | ||
2732 | last = host; /* End of local chainlet */ | |
2733 | host->mx = MX_NONE; | |
2734 | host->port = PORT_NONE; | |
cf2b569e | 2735 | host->dnssec = DS_UNK; |
783b385f | 2736 | lookup_dnssec_authenticated = NULL; |
059ec3d9 | 2737 | rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE, |
66387a73 | 2738 | fully_qualified_name, dnssec_request, dnssec_require, whichrrs); |
059ec3d9 PH |
2739 | |
2740 | /* If one or more address records have been found, check that none of them | |
2741 | are local. Since we know the host items all have their IP addresses | |
2742 | inserted, host_scan_for_local_hosts() can only return HOST_FOUND or | |
2743 | HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here, | |
2744 | because set_address_from_dns() removes them. */ | |
2745 | ||
2746 | if (rc == HOST_FOUND) | |
2747 | rc = host_scan_for_local_hosts(host, &last, removed); | |
2748 | else | |
2749 | if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */ | |
2750 | ||
2751 | DEBUG(D_host_lookup) | |
2752 | { | |
2753 | host_item *h; | |
2754 | if (host->address != NULL) | |
2755 | { | |
2756 | if (fully_qualified_name != NULL) | |
2757 | debug_printf("fully qualified name = %s\n", *fully_qualified_name); | |
2758 | for (h = host; h != last->next; h = h->next) | |
2759 | debug_printf("%s %s mx=%d sort=%d %s\n", h->name, | |
2760 | (h->address == NULL)? US"<null>" : h->address, h->mx, h->sort_key, | |
2761 | (h->status >= hstatus_unusable)? US"*" : US""); | |
2762 | } | |
2763 | } | |
2764 | ||
8c51eead JH |
2765 | yield = rc; |
2766 | goto out; | |
059ec3d9 PH |
2767 | } |
2768 | ||
2769 | /* We have found one or more MX or SRV records. Sort them according to | |
2770 | precedence. Put the data for the first one into the existing host block, and | |
2771 | insert new host_item blocks into the chain for the remainder. For equal | |
2772 | precedences one is supposed to randomize the order. To make this happen, the | |
2773 | sorting is actually done on the MX value * 1000 + a random number. This is put | |
2774 | into a host field called sort_key. | |
2775 | ||
2776 | In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the | |
2777 | IPv6 address in preference. At this stage, we don't know what kind of address | |
2778 | the host has. We choose a random number < 500; if later we find an A record | |
2779 | first, we add 500 to the random number. Then for any other address records, we | |
2780 | use random numbers in the range 0-499 for AAAA records and 500-999 for A | |
2781 | records. | |
2782 | ||
2783 | At this point we remove any duplicates that point to the same host, retaining | |
2784 | only the one with the lowest precedence. We cannot yet check for precedence | |
2785 | greater than that of the local host, because that test cannot be properly done | |
2786 | until the addresses have been found - an MX record may point to a name for this | |
2787 | host which is not the primary hostname. */ | |
2788 | ||
2789 | last = NULL; /* Indicates that not even the first item is filled yet */ | |
2790 | ||
2791 | for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); | |
dd708fd7 JH |
2792 | rr; |
2793 | rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type) | |
059ec3d9 PH |
2794 | { |
2795 | int precedence; | |
2796 | int weight = 0; /* For SRV records */ | |
1349e1e5 | 2797 | int port = PORT_NONE; |
dd708fd7 | 2798 | const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */ |
059ec3d9 PH |
2799 | uschar data[256]; |
2800 | ||
059ec3d9 PH |
2801 | GETSHORT(precedence, s); /* Pointer s is advanced */ |
2802 | ||
2803 | /* For MX records, we use a random "weight" which causes multiple records of | |
2804 | the same precedence to sort randomly. */ | |
2805 | ||
2806 | if (ind_type == T_MX) | |
059ec3d9 | 2807 | weight = random_number(500); |
059ec3d9 PH |
2808 | |
2809 | /* SRV records are specified with a port and a weight. The weight is used | |
2810 | in a special algorithm. However, to start with, we just use it to order the | |
2811 | records of equal priority (precedence). */ | |
2812 | ||
2813 | else | |
2814 | { | |
2815 | GETSHORT(weight, s); | |
2816 | GETSHORT(port, s); | |
2817 | } | |
2818 | ||
2819 | /* Get the name of the host pointed to. */ | |
2820 | ||
2821 | (void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, s, | |
2822 | (DN_EXPAND_ARG4_TYPE)data, sizeof(data)); | |
2823 | ||
2824 | /* Check that we haven't already got this host on the chain; if we have, | |
2825 | keep only the lower precedence. This situation shouldn't occur, but you | |
2826 | never know what junk might get into the DNS (and this case has been seen on | |
2827 | more than one occasion). */ | |
2828 | ||
2829 | if (last != NULL) /* This is not the first record */ | |
2830 | { | |
2831 | host_item *prev = NULL; | |
2832 | ||
2833 | for (h = host; h != last->next; prev = h, h = h->next) | |
2834 | { | |
2835 | if (strcmpic(h->name, data) == 0) | |
2836 | { | |
2837 | DEBUG(D_host_lookup) | |
2838 | debug_printf("discarded duplicate host %s (MX=%d)\n", data, | |
2839 | (precedence > h->mx)? precedence : h->mx); | |
2840 | if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */ | |
2841 | if (h == host) /* Override first item */ | |
2842 | { | |
2843 | h->mx = precedence; | |
2844 | host->sort_key = precedence * 1000 + weight; | |
2845 | goto NEXT_MX_RR; | |
2846 | } | |
2847 | ||
2848 | /* Unwanted host item is not the first in the chain, so we can get | |
2849 | get rid of it by cutting it out. */ | |
2850 | ||
2851 | prev->next = h->next; | |
2852 | if (h == last) last = prev; | |
2853 | break; | |
2854 | } | |
2855 | } | |
2856 | } | |
2857 | ||
2858 | /* If this is the first MX or SRV record, put the data into the existing host | |
2859 | block. Otherwise, add a new block in the correct place; if it has to be | |
2860 | before the first block, copy the first block's data to a new second block. */ | |
2861 | ||
8ac90765 | 2862 | if (!last) |
059ec3d9 PH |
2863 | { |
2864 | host->name = string_copy_dnsdomain(data); | |
2865 | host->address = NULL; | |
2866 | host->port = port; | |
2867 | host->mx = precedence; | |
2868 | host->sort_key = precedence * 1000 + weight; | |
2869 | host->status = hstatus_unknown; | |
2870 | host->why = hwhy_unknown; | |
783b385f | 2871 | host->dnssec = dnssec; |
059ec3d9 PH |
2872 | last = host; |
2873 | } | |
2874 | ||
2875 | /* Make a new host item and seek the correct insertion place */ | |
2876 | ||
2877 | else | |
2878 | { | |
2879 | int sort_key = precedence * 1000 + weight; | |
2880 | host_item *next = store_get(sizeof(host_item)); | |
2881 | next->name = string_copy_dnsdomain(data); | |
2882 | next->address = NULL; | |
2883 | next->port = port; | |
2884 | next->mx = precedence; | |
2885 | next->sort_key = sort_key; | |
2886 | next->status = hstatus_unknown; | |
2887 | next->why = hwhy_unknown; | |
783b385f | 2888 | next->dnssec = dnssec; |
059ec3d9 PH |
2889 | next->last_try = 0; |
2890 | ||
2891 | /* Handle the case when we have to insert before the first item. */ | |
2892 | ||
2893 | if (sort_key < host->sort_key) | |
2894 | { | |
2895 | host_item htemp; | |
2896 | htemp = *host; | |
2897 | *host = *next; | |
2898 | *next = htemp; | |
2899 | host->next = next; | |
2900 | if (last == host) last = next; | |
2901 | } | |
2902 | ||
2903 | /* Else scan down the items we have inserted as part of this exercise; | |
2904 | don't go further. */ | |
2905 | ||
2906 | else | |
2907 | { | |
2908 | for (h = host; h != last; h = h->next) | |
2909 | { | |
2910 | if (sort_key < h->next->sort_key) | |
2911 | { | |
2912 | next->next = h->next; | |
2913 | h->next = next; | |
2914 | break; | |
2915 | } | |
2916 | } | |
2917 | ||
2918 | /* Join on after the last host item that's part of this | |
2919 | processing if we haven't stopped sooner. */ | |
2920 | ||
2921 | if (h == last) | |
2922 | { | |
2923 | next->next = last->next; | |
2924 | last->next = next; | |
2925 | last = next; | |
2926 | } | |
2927 | } | |
2928 | } | |
2929 | ||
2930 | NEXT_MX_RR: continue; | |
2931 | } | |
2932 | ||
dc8091e7 JH |
2933 | if (!last) /* No rr of correct type; give up */ |
2934 | { | |
2935 | yield = HOST_FIND_FAILED; | |
2936 | goto out; | |
2937 | } | |
2938 | ||
059ec3d9 PH |
2939 | /* If the list of hosts was obtained from SRV records, there are two things to |
2940 | do. First, if there is only one host, and it's name is ".", it means there is | |
2941 | no SMTP service at this domain. Otherwise, we have to sort the hosts of equal | |
2942 | priority according to their weights, using an algorithm that is defined in RFC | |
2943 | 2782. The hosts are currently sorted by priority and weight. For each priority | |
2944 | group we have to pick off one host and put it first, and then repeat for any | |
2945 | remaining in the same priority group. */ | |
2946 | ||
2947 | if (ind_type == T_SRV) | |
2948 | { | |
2949 | host_item **pptr; | |
2950 | ||
2951 | if (host == last && host->name[0] == 0) | |
2952 | { | |
2953 | DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n"); | |
8c51eead JH |
2954 | yield = HOST_FIND_FAILED; |
2955 | goto out; | |
059ec3d9 PH |
2956 | } |
2957 | ||
2958 | DEBUG(D_host_lookup) | |
2959 | { | |
2960 | debug_printf("original ordering of hosts from SRV records:\n"); | |
2961 | for (h = host; h != last->next; h = h->next) | |
2962 | debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000); | |
2963 | } | |
2964 | ||
dc8091e7 | 2965 | for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next) |
059ec3d9 PH |
2966 | { |
2967 | int sum = 0; | |
2968 | host_item *hh; | |
2969 | ||
2970 | /* Find the last following host that has the same precedence. At the same | |
2971 | time, compute the sum of the weights and the running totals. These can be | |
2972 | stored in the sort_key field. */ | |
2973 | ||
2974 | for (hh = h; hh != last; hh = hh->next) | |
2975 | { | |
2976 | int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */ | |
2977 | sum += weight; | |
2978 | hh->sort_key = sum; | |
2979 | if (hh->mx != hh->next->mx) break; | |
2980 | } | |
2981 | ||
2982 | /* If there's more than one host at this precedence (priority), we need to | |
2983 | pick one to go first. */ | |
2984 | ||
2985 | if (hh != h) | |
2986 | { | |
2987 | host_item *hhh; | |
2988 | host_item **ppptr; | |
2989 | int randomizer = random_number(sum + 1); | |
2990 | ||
2991 | for (ppptr = pptr, hhh = h; | |
2992 | hhh != hh; | |
2993 | ppptr = &(hhh->next), hhh = hhh->next) | |
2994 | { | |
2995 | if (hhh->sort_key >= randomizer) break; | |
2996 | } | |
2997 | ||
2998 | /* hhh now points to the host that should go first; ppptr points to the | |
2999 | place that points to it. Unfortunately, if the start of the minilist is | |
3000 | the start of the entire list, we can't just swap the items over, because | |
3001 | we must not change the value of host, since it is passed in from outside. | |
3002 | One day, this could perhaps be changed. | |
3003 | ||
3004 | The special case is fudged by putting the new item *second* in the chain, | |
3005 | and then transferring the data between the first and second items. We | |
3006 | can't just swap the first and the chosen item, because that would mean | |
3007 | that an item with zero weight might no longer be first. */ | |
3008 | ||
3009 | if (hhh != h) | |
3010 | { | |
3011 | *ppptr = hhh->next; /* Cuts it out of the chain */ | |
3012 | ||
3013 | if (h == host) | |
3014 | { | |
3015 | host_item temp = *h; | |
3016 | *h = *hhh; | |
3017 | *hhh = temp; | |
3018 | hhh->next = temp.next; | |
3019 | h->next = hhh; | |
3020 | } | |
3021 | ||
3022 | else | |
3023 | { | |
3024 | hhh->next = h; /* The rest of the chain follows it */ | |
3025 | *pptr = hhh; /* It takes the place of h */ | |
3026 | h = hhh; /* It's now the start of this minilist */ | |
3027 | } | |
3028 | } | |
3029 | } | |
3030 | ||
3031 | /* A host has been chosen to be first at this priority and h now points | |
3032 | to this host. There may be others at the same priority, or others at a | |
3033 | different priority. Before we leave this host, we need to put back a sort | |
3034 | key of the traditional MX kind, in case this host is multihomed, because | |
3035 | the sort key is used for ordering the multiple IP addresses. We do not need | |
3036 | to ensure that these new sort keys actually reflect the order of the hosts, | |
3037 | however. */ | |
3038 | ||
3039 | h->sort_key = h->mx * 1000 + random_number(500); | |
3040 | } /* Move on to the next host */ | |
3041 | } | |
3042 | ||
1349e1e5 PH |
3043 | /* Now we have to find IP addresses for all the hosts. We have ensured above |
3044 | that the names in all the host items are unique. Before release 4.61 we used to | |
3045 | process records from the additional section in the DNS packet that returned the | |
3046 | MX or SRV records. However, a DNS name server is free to drop any resource | |
3047 | records from the additional section. In theory, this has always been a | |
3048 | potential problem, but it is exacerbated by the advent of IPv6. If a host had | |
3049 | several IPv4 addresses and some were not in the additional section, at least | |
3050 | Exim would try the others. However, if a host had both IPv4 and IPv6 addresses | |
3051 | and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6 | |
3052 | connection, and never try an IPv4 address. When there was only IPv4 | |
3053 | connectivity, this was a disaster that did in practice occur. | |
3054 | ||
3055 | So, from release 4.61 onwards, we always search for A and AAAA records | |
3056 | explicitly. The names shouldn't point to CNAMES, but we use the general lookup | |
3057 | function that handles them, just in case. If any lookup gives a soft error, | |
3058 | change the default yield. | |
059ec3d9 PH |
3059 | |
3060 | For these DNS lookups, we must disable qualify_single and search_parents; | |
3061 | otherwise invalid host names obtained from MX or SRV records can cause trouble | |
3062 | if they happen to match something local. */ | |
3063 | ||
1349e1e5 | 3064 | yield = HOST_FIND_FAILED; /* Default yield */ |
8c51eead JH |
3065 | dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */ |
3066 | dnssec_request || dnssec_require); | |
059ec3d9 PH |
3067 | |
3068 | for (h = host; h != last->next; h = h->next) | |
3069 | { | |
dc8091e7 JH |
3070 | if (h->address) continue; /* Inserted by a multihomed host */ |
3071 | ||
8c51eead | 3072 | rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, |
66387a73 JH |
3073 | NULL, dnssec_request, dnssec_require, |
3074 | whichrrs & HOST_FIND_IPV4_ONLY | |
3075 | ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA); | |
059ec3d9 PH |
3076 | if (rc != HOST_FOUND) |
3077 | { | |
3078 | h->status = hstatus_unusable; | |
2546388c | 3079 | switch (rc) |
059ec3d9 | 3080 | { |
66387a73 JH |
3081 | case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break; |
3082 | case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break; | |
3083 | case HOST_IGNORED: h->why = hwhy_ignored; break; | |
3084 | default: h->why = hwhy_failed; break; | |
059ec3d9 | 3085 | } |
059ec3d9 PH |
3086 | } |
3087 | } | |
3088 | ||
3089 | /* Scan the list for any hosts that are marked unusable because they have | |
3090 | been explicitly ignored, and remove them from the list, as if they did not | |
3091 | exist. If we end up with just a single, ignored host, flatten its fields as if | |
3092 | nothing was found. */ | |
3093 | ||
2546388c | 3094 | if (ignore_target_hosts) |
059ec3d9 PH |
3095 | { |
3096 | host_item *prev = NULL; | |
3097 | for (h = host; h != last->next; h = h->next) | |
3098 | { | |
3099 | REDO: | |
3100 | if (h->why != hwhy_ignored) /* Non ignored host, just continue */ | |
3101 | prev = h; | |
3102 | else if (prev == NULL) /* First host is ignored */ | |
3103 | { | |
3104 | if (h != last) /* First is not last */ | |
3105 | { | |
3106 | if (h->next == last) last = h; /* Overwrite it with next */ | |
3107 | *h = *(h->next); /* and reprocess it. */ | |
3108 | goto REDO; /* C should have redo, like Perl */ | |
3109 | } | |
3110 | } | |
3111 | else /* Ignored host is not first - */ | |
3112 | { /* cut it out */ | |
3113 | prev->next = h->next; | |
3114 | if (h == last) last = prev; | |
3115 | } | |
3116 | } | |
3117 | ||
3118 | if (host->why == hwhy_ignored) host->address = NULL; | |
3119 | } | |
3120 | ||
3121 | /* There is still one complication in the case of IPv6. Although the code above | |
3122 | arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed | |
3123 | hosts, it doesn't do this for addresses that apply to different hosts with the | |
3124 | same MX precedence, because the sorting on MX precedence happens first. So we | |
3125 | have to make another pass to check for this case. We ensure that, within a | |
3126 | single MX preference value, IPv6 addresses come first. This can separate the | |
3127 | addresses of a multihomed host, but that should not matter. */ | |
3128 | ||
3129 | #if HAVE_IPV6 | |
2546388c | 3130 | if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next) |
059ec3d9 | 3131 | { |
2546388c JH |
3132 | host_item temp; |
3133 | host_item *next = h->next; | |
3134 | ||
66387a73 JH |
3135 | if ( h->mx != next->mx /* If next is different MX */ |
3136 | || !h->address /* OR this one is unset */ | |
3137 | ) | |
3138 | continue; /* move on to next */ | |
3139 | ||
3140 | if ( whichrrs & HOST_FIND_IPV4_FIRST | |
3141 | ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */ | |
3142 | || next->address | |
3143 | && Ustrchr(next->address, ':') /* OR next is IPv6 */ | |
3144 | ||
3145 | : Ustrchr(h->address, ':') /* OR this one is IPv6 */ | |
3146 | || next->address | |
3147 | && !Ustrchr(next->address, ':') /* OR next is IPv4 */ | |
3148 | ) | |
2546388c | 3149 | continue; /* move on to next */ |
66387a73 | 3150 | |
2546388c JH |
3151 | temp = *h; /* otherwise, swap */ |
3152 | temp.next = next->next; | |
3153 | *h = *next; | |
3154 | h->next = next; | |
3155 | *next = temp; | |
059ec3d9 PH |
3156 | } |
3157 | #endif | |
3158 | ||
059ec3d9 PH |
3159 | /* Remove any duplicate IP addresses and then scan the list of hosts for any |
3160 | whose IP addresses are on the local host. If any are found, all hosts with the | |
3161 | same or higher MX values are removed. However, if the local host has the lowest | |
3162 | numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host | |
3163 | with an IP address is on the list, HOST_FOUND is returned. Otherwise, | |
3164 | HOST_FIND_FAILED is returned, but in this case do not update the yield, as it | |
3165 | might have been set to HOST_FIND_AGAIN just above here. If not, it will already | |
3166 | be HOST_FIND_FAILED. */ | |
3167 | ||
3168 | host_remove_duplicates(host, &last); | |
3169 | rc = host_scan_for_local_hosts(host, &last, removed); | |
3170 | if (rc != HOST_FIND_FAILED) yield = rc; | |
3171 | ||
3172 | DEBUG(D_host_lookup) | |
3173 | { | |
3174 | if (fully_qualified_name != NULL) | |
3175 | debug_printf("fully qualified name = %s\n", *fully_qualified_name); | |
3176 | debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n", | |
3177 | (yield == HOST_FOUND)? "HOST_FOUND" : | |
3178 | (yield == HOST_FOUND_LOCAL)? "HOST_FOUND_LOCAL" : | |
2546388c | 3179 | (yield == HOST_FIND_SECURITY)? "HOST_FIND_SECURITY" : |
059ec3d9 PH |
3180 | (yield == HOST_FIND_AGAIN)? "HOST_FIND_AGAIN" : |
3181 | (yield == HOST_FIND_FAILED)? "HOST_FIND_FAILED" : "?", | |
3182 | yield); | |
3183 | for (h = host; h != last->next; h = h->next) | |
3184 | { | |
805c9d53 JH |
3185 | debug_printf(" %s %s MX=%d %s", h->name, |
3186 | !h->address ? US"<null>" : h->address, h->mx, | |
3187 | h->dnssec == DS_YES ? US"DNSSEC " : US""); | |
059ec3d9 PH |
3188 | if (h->port != PORT_NONE) debug_printf("port=%d ", h->port); |
3189 | if (h->status >= hstatus_unusable) debug_printf("*"); | |
3190 | debug_printf("\n"); | |
3191 | } | |
3192 | } | |
3193 | ||
8c51eead JH |
3194 | out: |
3195 | ||
3196 | dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */ | |
059ec3d9 PH |
3197 | return yield; |
3198 | } | |
3199 | ||
059ec3d9 PH |
3200 | /************************************************* |
3201 | ************************************************** | |
3202 | * Stand-alone test program * | |
3203 | ************************************************** | |
3204 | *************************************************/ | |
3205 | ||
3206 | #ifdef STAND_ALONE | |
3207 | ||
059ec3d9 PH |
3208 | int main(int argc, char **cargv) |
3209 | { | |
3210 | host_item h; | |
66387a73 | 3211 | int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; |
059ec3d9 PH |
3212 | BOOL byname = FALSE; |
3213 | BOOL qualify_single = TRUE; | |
3214 | BOOL search_parents = FALSE; | |
8c51eead JH |
3215 | BOOL request_dnssec = FALSE; |
3216 | BOOL require_dnssec = FALSE; | |
059ec3d9 PH |
3217 | uschar **argv = USS cargv; |
3218 | uschar buffer[256]; | |
3219 | ||
322050c2 | 3220 | disable_ipv6 = FALSE; |
059ec3d9 PH |
3221 | primary_hostname = US""; |
3222 | store_pool = POOL_MAIN; | |
3223 | debug_selector = D_host_lookup|D_interface; | |
3224 | debug_file = stdout; | |
3225 | debug_fd = fileno(debug_file); | |
3226 | ||
3227 | printf("Exim stand-alone host functions test\n"); | |
3228 | ||
3229 | host_find_interfaces(); | |
3230 | debug_selector = D_host_lookup | D_dns; | |
3231 | ||
3232 | if (argc > 1) primary_hostname = argv[1]; | |
3233 | ||
3234 | /* So that debug level changes can be done first */ | |
3235 | ||
8c51eead | 3236 | dns_init(qualify_single, search_parents, FALSE); |
059ec3d9 PH |
3237 | |
3238 | printf("Testing host lookup\n"); | |
3239 | printf("> "); | |
3240 | while (Ufgets(buffer, 256, stdin) != NULL) | |
3241 | { | |
3242 | int rc; | |
3243 | int len = Ustrlen(buffer); | |
3244 | uschar *fully_qualified_name; | |
3245 | ||
3246 | while (len > 0 && isspace(buffer[len-1])) len--; | |
3247 | buffer[len] = 0; | |
3248 | ||
3249 | if (Ustrcmp(buffer, "q") == 0) break; | |
3250 | ||
3251 | if (Ustrcmp(buffer, "byname") == 0) byname = TRUE; | |
3252 | else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE; | |
66387a73 | 3253 | else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA; |
059ec3d9 PH |
3254 | else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX; |
3255 | else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV; | |
3256 | else if (Ustrcmp(buffer, "srv+a") == 0) | |
66387a73 | 3257 | whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; |
059ec3d9 PH |
3258 | else if (Ustrcmp(buffer, "srv+mx") == 0) |
3259 | whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX; | |
3260 | else if (Ustrcmp(buffer, "srv+mx+a") == 0) | |
66387a73 | 3261 | whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; |
8c51eead | 3262 | else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE; |
059ec3d9 | 3263 | else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE; |
8c51eead | 3264 | else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE; |
059ec3d9 | 3265 | else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE; |
8c51eead JH |
3266 | else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE; |
3267 | else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE; | |
3268 | else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE; | |
f988ce57 | 3269 | else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE; |
e7726cbf PH |
3270 | else if (Ustrcmp(buffer, "test_harness") == 0) |
3271 | running_in_test_harness = !running_in_test_harness; | |
322050c2 | 3272 | else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6; |
e7726cbf PH |
3273 | else if (Ustrcmp(buffer, "res_debug") == 0) |
3274 | { | |
3275 | _res.options ^= RES_DEBUG; | |
3276 | } | |
059ec3d9 PH |
3277 | else if (Ustrncmp(buffer, "retrans", 7) == 0) |
3278 | { | |
ff790e47 | 3279 | (void)sscanf(CS(buffer+8), "%d", &dns_retrans); |
059ec3d9 PH |
3280 | _res.retrans = dns_retrans; |
3281 | } | |
3282 | else if (Ustrncmp(buffer, "retry", 5) == 0) | |
3283 | { | |
ff790e47 | 3284 | (void)sscanf(CS(buffer+6), "%d", &dns_retry); |
059ec3d9 PH |
3285 | _res.retry = dns_retry; |
3286 | } | |
059ec3d9 PH |
3287 | else |
3288 | { | |
3289 | int flags = whichrrs; | |
505d976a | 3290 | dnssec_domains d; |
059ec3d9 PH |
3291 | |
3292 | h.name = buffer; | |
3293 | h.next = NULL; | |
3294 | h.mx = MX_NONE; | |
3295 | h.port = PORT_NONE; | |
3296 | h.status = hstatus_unknown; | |
3297 | h.why = hwhy_unknown; | |
3298 | h.address = NULL; | |
3299 | ||
3300 | if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE; | |
3301 | if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS; | |
3302 | ||
7cd171b7 JH |
3303 | d.request = request_dnssec ? &h.name : NULL; |
3304 | d.require = require_dnssec ? &h.name : NULL; | |
3305 | ||
8c51eead JH |
3306 | rc = byname |
3307 | ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE) | |
3308 | : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL, | |
7cd171b7 | 3309 | &d, &fully_qualified_name, NULL); |
059ec3d9 | 3310 | |
2546388c JH |
3311 | switch (rc) |
3312 | { | |
3313 | case HOST_FIND_FAILED: printf("Failed\n"); break; | |
3314 | case HOST_FIND_AGAIN: printf("Again\n"); break; | |
3315 | case HOST_FIND_SECURITY: printf("Security\n"); break; | |
3316 | case HOST_FOUND_LOCAL: printf("Local\n"); break; | |
3317 | } | |
059ec3d9 PH |
3318 | } |
3319 | ||
3320 | printf("\n> "); | |
3321 | } | |
3322 | ||
3323 | printf("Testing host_aton\n"); | |
3324 | printf("> "); | |
3325 | while (Ufgets(buffer, 256, stdin) != NULL) | |
3326 | { | |
3327 | int i; | |
3328 | int x[4]; | |
3329 | int len = Ustrlen(buffer); | |
3330 | ||
3331 | while (len > 0 && isspace(buffer[len-1])) len--; | |
3332 | buffer[len] = 0; | |
3333 | ||
3334 | if (Ustrcmp(buffer, "q") == 0) break; | |
3335 | ||
3336 | len = host_aton(buffer, x); | |
3337 | printf("length = %d ", len); | |
3338 | for (i = 0; i < len; i++) | |
3339 | { | |
3340 | printf("%04x ", (x[i] >> 16) & 0xffff); | |
3341 | printf("%04x ", x[i] & 0xffff); | |
3342 | } | |
3343 | printf("\n> "); | |
3344 | } | |
3345 | ||
3346 | printf("\n"); | |
3347 | ||
3348 | printf("Testing host_name_lookup\n"); | |
3349 | printf("> "); | |
3350 | while (Ufgets(buffer, 256, stdin) != NULL) | |
3351 | { | |
3352 | int len = Ustrlen(buffer); | |
3353 | while (len > 0 && isspace(buffer[len-1])) len--; | |
3354 | buffer[len] = 0; | |
3355 | if (Ustrcmp(buffer, "q") == 0) break; | |
3356 | sender_host_address = buffer; | |
3357 | sender_host_name = NULL; | |
3358 | sender_host_aliases = NULL; | |
3359 | host_lookup_msg = US""; | |
3360 | host_lookup_failed = FALSE; | |
3361 | if (host_name_lookup() == FAIL) /* Debug causes printing */ | |
3362 | printf("Lookup failed:%s\n", host_lookup_msg); | |
3363 | printf("\n> "); | |
3364 | } | |
3365 | ||
3366 | printf("\n"); | |
3367 | ||
3368 | return 0; | |
3369 | } | |
3370 | #endif /* STAND_ALONE */ | |
3371 | ||
8c51eead JH |
3372 | /* vi: aw ai sw=2 |
3373 | */ | |
059ec3d9 | 3374 | /* End of host.c */ |