X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fhost.c;h=208e567a1be7b3f9d9b8d78e114c2aa00125878c;hp=05bde3fb2af371c4a6e2c2bfdd54782190c6e35e;hb=94759fce86e40abab9d6d98034e18707a87878eb;hpb=c5db348c5e29e93e51389fa0079f829967c5da82 diff --git a/src/src/host.c b/src/src/host.c index 05bde3fb2..208e567a1 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2017 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or @@ -84,7 +84,7 @@ if (limit < 1) return 0; if (random_seed == 0) { - if (running_in_test_harness) random_seed = 42; else + if (f.running_in_test_harness) random_seed = 42; else { int p = (int)getpid(); random_seed = (int)time(NULL) ^ ((p << 16) | p); @@ -520,7 +520,9 @@ There wouldn't be two different variables if I had got all this right in the first place. Because this data may survive over more than one incoming SMTP message, it has -to be in permanent store. +to be in permanent store. However, STARTTLS has to be forgotten and redone +on a multi-message conn, so this will be called once per message then. Hence +we use malloc, so we can free. Arguments: none Returns: nothing @@ -530,13 +532,12 @@ void host_build_sender_fullhost(void) { BOOL show_helo = TRUE; -uschar *address; +uschar * address, * fullhost, * rcvhost, * reset_point; int len; -int old_pool = store_pool; -if (sender_host_address == NULL) return; +if (!sender_host_address) return; -store_pool = POOL_PERM; +reset_point = store_get(0); /* Set up address, with or without the port. After discussion, it seems that the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't @@ -549,7 +550,7 @@ if (!LOGGING(incoming_port) || sender_host_port <= 0) /* If there's no EHLO/HELO data, we can't show it. */ -if (sender_helo_name == NULL) show_helo = FALSE; +if (!sender_helo_name) show_helo = FALSE; /* If HELO/EHLO was followed by an IP literal, it's messy because of two features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and @@ -593,13 +594,13 @@ if (!sender_host_name) int adlen; /* Sun compiler doesn't like ++ in initializers */ adlen = portptr ? (++portptr - address) : Ustrlen(address); - sender_fullhost = sender_helo_name + fullhost = sender_helo_name ? string_sprintf("(%s) %s", sender_helo_name, address) : address; g = string_catn(NULL, address, adlen); - if (sender_ident != NULL || show_helo || portptr != NULL) + if (sender_ident || show_helo || portptr) { int firstptr; g = string_catn(g, US" (", 2); @@ -619,12 +620,7 @@ if (!sender_host_name) g = string_catn(g, US")", 1); } - sender_rcvhost = string_from_gstring(g); - - /* Release store, because string_cat allocated a minimum of 100 bytes that - are rarely completely used. */ - - store_reset(sender_rcvhost + g->ptr + 1); + rcvhost = string_from_gstring(g); } /* Host name is known and verified. Unless we've already found that the HELO @@ -637,25 +633,30 @@ else if (show_helo) { - sender_fullhost = string_sprintf("%s (%s) %s", sender_host_name, + fullhost = string_sprintf("%s (%s) %s", sender_host_name, sender_helo_name, address); - sender_rcvhost = (sender_ident == NULL)? - string_sprintf("%s (%s helo=%s)", sender_host_name, - address, sender_helo_name) : - string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name, - address, sender_helo_name, sender_ident); + rcvhost = sender_ident + ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name, + address, sender_helo_name, sender_ident) + : string_sprintf("%s (%s helo=%s)", sender_host_name, + address, sender_helo_name); } else { - sender_fullhost = string_sprintf("%s %s", sender_host_name, address); - sender_rcvhost = (sender_ident == NULL)? - string_sprintf("%s (%s)", sender_host_name, address) : - string_sprintf("%s (%s ident=%s)", sender_host_name, address, - sender_ident); + fullhost = string_sprintf("%s %s", sender_host_name, address); + rcvhost = sender_ident + ? string_sprintf("%s (%s ident=%s)", sender_host_name, address, + sender_ident) + : string_sprintf("%s (%s)", sender_host_name, address); } } -store_pool = old_pool; +if (sender_fullhost) store_free(sender_fullhost); +sender_fullhost = string_copy_malloc(fullhost); +if (sender_rcvhost) store_free(sender_rcvhost); +sender_rcvhost = string_copy_malloc(rcvhost); + +store_reset(reset_point); DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost); DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost); @@ -1673,7 +1674,7 @@ HDEBUG(D_host_lookup) /* For testing the case when a lookup does not complete, we have a special reserved IP address. */ -if (running_in_test_harness && +if (f.running_in_test_harness && Ustrcmp(sender_host_address, "99.99.99.99") == 0) { HDEBUG(D_host_lookup) @@ -1795,9 +1796,9 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) /* If we have failed to find a name, return FAIL and log when required. NB host_lookup_msg must be in permanent store. */ -if (sender_host_name == NULL) +if (!sender_host_name) { - if (host_checking || !log_testing_mode) + if (host_checking || !f.log_testing_mode) log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP " "address %s", sender_host_address); host_lookup_msg = US" (failed to find host name from IP address)"; @@ -1831,17 +1832,11 @@ for (hname = sender_host_name; hname; hname = *aliases++) { int rc; BOOL ok = FALSE; - host_item h; - dnssec_domains d; + host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL }; + dnssec_domains d = + { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL }; - h.next = NULL; - h.name = hname; - h.mx = MX_NONE; - h.address = NULL; - d.request = sender_host_dnssec ? US"*" : NULL;; - d.require = NULL; - - if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A, + if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA, NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND || rc == HOST_FOUND_LOCAL ) @@ -2010,7 +2005,7 @@ lookups here (except when testing standalone). */ /* Initialize the flag that gets set for DNS syntax check errors, so that the interface to this function can be similar to host_find_bydns. */ -host_find_failed_syntax = FALSE; +f.host_find_failed_syntax = FALSE; /* Loop to look up both kinds of address in an IPv6 world */ @@ -2032,7 +2027,7 @@ for (i = 1; i <= times; if (slow_lookup_log) time_msec = get_time_in_ms(); #if HAVE_IPV6 - if (running_in_test_harness) + if (f.running_in_test_harness) hostdata = host_fake_gethostbyname(host->name, af, &error_num); else { @@ -2045,7 +2040,7 @@ for (i = 1; i <= times; } #else /* not HAVE_IPV6 */ - if (running_in_test_harness) + if (f.running_in_test_harness) hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num); else { @@ -2170,7 +2165,7 @@ if (host->address == NULL) HDEBUG(D_host_lookup) debug_printf("%s\n", msg); if (temp_error) goto RETURN_AGAIN; - if (host_checking || !log_testing_mode) + if (host_checking || !f.log_testing_mode) log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg); return HOST_FIND_FAILED; } @@ -2241,9 +2236,7 @@ field set to NULL, fill in its IP address from the DNS. If it is multi-homed, create additional host items for the additional addresses, copying all the other fields, and randomizing the order. -On IPv6 systems, A6 records are sought first (but only if support for A6 is -configured - they may never become mainstream), then AAAA records are sought, -and finally A records are sought as well. +On IPv6 systems, AAAA records are sought first, then A records. The host name may be changed if the DNS returns a different name - e.g. fully qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup @@ -2266,6 +2259,7 @@ Arguments: to something) dnssec_request if TRUE request the AD bit dnssec_require if TRUE require the AD bit + whichrrs select ipv4, ipv6 results Returns: HOST_FIND_FAILED couldn't find A record HOST_FIND_AGAIN try again later @@ -2278,7 +2272,7 @@ static int set_address_from_dns(host_item *host, host_item **lastptr, const uschar *ignore_target_hosts, BOOL allow_ip, const uschar **fully_qualified_name, - BOOL dnssec_request, BOOL dnssec_require) + BOOL dnssec_request, BOOL dnssec_require, int whichrrs) { dns_record *rr; host_item *thishostlast = NULL; /* Indicates not yet filled in anything */ @@ -2293,8 +2287,8 @@ those sites that feel they have to flaunt the RFC rules. */ if (allow_ip && string_is_ip_address(host->name, NULL) != 0) { #ifndef STAND_ALONE - if (ignore_target_hosts != NULL && - verify_check_this_host(&ignore_target_hosts, NULL, host->name, + if ( ignore_target_hosts + && verify_check_this_host(&ignore_target_hosts, NULL, host->name, host->name, NULL) == OK) return HOST_IGNORED; #endif @@ -2304,16 +2298,18 @@ if (allow_ip && string_is_ip_address(host->name, NULL) != 0) } /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice, -looking for AAAA records the first time. However, unless -doing standalone testing, we force an IPv4 lookup if the domain matches -dns_ipv4_lookup is set. On an IPv4 system, go round the -loop once only, looking only for A records. */ +looking for AAAA records the first time. However, unless doing standalone +testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global. +On an IPv4 system, go round the loop once only, looking only for A records. */ #if HAVE_IPV6 #ifndef STAND_ALONE - if (disable_ipv6 || (dns_ipv4_lookup != NULL && - match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, - MCL_DOMAIN, TRUE, NULL) == OK)) + if ( disable_ipv6 + || !(whichrrs & HOST_FIND_BY_AAAA) + || (dns_ipv4_lookup + && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL, + MCL_DOMAIN, TRUE, NULL) == OK) + ) i = 0; /* look up A records only */ else #endif /* STAND_ALONE */ @@ -2330,7 +2326,8 @@ for (; i >= 0; i--) { static int types[] = { T_A, T_AAAA }; int type = types[i]; - int randoffset = (i == 0)? 500 : 0; /* Ensures v6 sorts before v4 */ + int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0) + ? 500 : 0; /* Ensures v6/4 sort order */ dns_answer dnsa; dns_scan dnss; @@ -2532,10 +2529,13 @@ Arguments: whichrrs flags indicating which RRs to look for: HOST_FIND_BY_SRV => look for SRV HOST_FIND_BY_MX => look for MX - HOST_FIND_BY_A => look for A or AAAA + HOST_FIND_BY_A => look for A + HOST_FIND_BY_AAAA => look for AAAA also flags indicating how the lookup is done HOST_FIND_QUALIFY_SINGLE ) passed to the HOST_FIND_SEARCH_PARENTS ) resolver + HOST_FIND_IPV4_FIRST => reverse usual result ordering + HOST_FIND_IPV4_ONLY => MX results elide ipv6 srv_service when SRV used, the service name srv_fail_domains DNS errors for these domains => assume nonexist mx_fail_domains DNS errors for these domains => assume nonexist @@ -2586,13 +2586,13 @@ if (fully_qualified_name != NULL) *fully_qualified_name = host->name; dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0, (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0, dnssec_request); -host_find_failed_syntax = FALSE; +f.host_find_failed_syntax = FALSE; /* First, if requested, look for SRV records. The service name is given; we assume TCP protocol. DNS domain names are constrained to a maximum of 256 characters, so the code below should be safe. */ -if ((whichrrs & HOST_FIND_BY_SRV) != 0) +if (whichrrs & HOST_FIND_BY_SRV) { uschar buffer[300]; uschar *temp_fully_qualified_name = buffer; @@ -2612,8 +2612,8 @@ if ((whichrrs & HOST_FIND_BY_SRV) != 0) DEBUG(D_dns) if ((dnssec_request || dnssec_require) - & !dns_is_secure(&dnsa) - & dns_is_aa(&dnsa)) + && !dns_is_secure(&dnsa) + && dns_is_aa(&dnsa)) debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name); if (dnssec_request) @@ -2716,7 +2716,7 @@ host. */ if (rc != DNS_SUCCEED) { - if ((whichrrs & HOST_FIND_BY_A) == 0) + if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA))) { DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n"); yield = HOST_FIND_FAILED; @@ -2729,7 +2729,7 @@ if (rc != DNS_SUCCEED) host->dnssec = DS_UNK; lookup_dnssec_authenticated = NULL; rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE, - fully_qualified_name, dnssec_request, dnssec_require); + fully_qualified_name, dnssec_request, dnssec_require, whichrrs); /* If one or more address records have been found, check that none of them are local. Since we know the host items all have their IP addresses @@ -2853,7 +2853,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); block. Otherwise, add a new block in the correct place; if it has to be before the first block, copy the first block's data to a new second block. */ - if (last == NULL) + if (!last) { host->name = string_copy_dnsdomain(data); host->address = NULL; @@ -3064,20 +3064,18 @@ for (h = host; h != last->next; h = h->next) if (h->address) continue; /* Inserted by a multihomed host */ rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, - NULL, dnssec_request, dnssec_require); + NULL, dnssec_request, dnssec_require, + whichrrs & HOST_FIND_IPV4_ONLY + ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA); if (rc != HOST_FOUND) { h->status = hstatus_unusable; switch (rc) { - case HOST_FIND_AGAIN: - yield = rc; h->why = hwhy_deferred; break; - case HOST_FIND_SECURITY: - yield = rc; h->why = hwhy_insecure; break; - case HOST_IGNORED: - h->why = hwhy_ignored; break; - default: - h->why = hwhy_failed; break; + case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break; + case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break; + case HOST_IGNORED: h->why = hwhy_ignored; break; + default: h->why = hwhy_failed; break; } } } @@ -3128,12 +3126,22 @@ if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next) host_item temp; host_item *next = h->next; - if (h->mx != next->mx || /* If next is different MX */ - h->address == NULL || /* OR this one is unset */ - Ustrchr(h->address, ':') != NULL || /* OR this one is IPv6 */ - (next->address != NULL && - Ustrchr(next->address, ':') == NULL)) /* OR next is IPv4 */ + if ( h->mx != next->mx /* If next is different MX */ + || !h->address /* OR this one is unset */ + ) + continue; /* move on to next */ + + if ( whichrrs & HOST_FIND_IPV4_FIRST + ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */ + || next->address + && Ustrchr(next->address, ':') /* OR next is IPv6 */ + + : Ustrchr(h->address, ':') /* OR this one is IPv6 */ + || next->address + && !Ustrchr(next->address, ':') /* OR next is IPv4 */ + ) continue; /* move on to next */ + temp = *h; /* otherwise, swap */ temp.next = next->next; *h = *next; @@ -3194,7 +3202,7 @@ return yield; int main(int argc, char **cargv) { host_item h; -int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A; +int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; BOOL byname = FALSE; BOOL qualify_single = TRUE; BOOL search_parents = FALSE; @@ -3236,15 +3244,15 @@ while (Ufgets(buffer, 256, stdin) != NULL) if (Ustrcmp(buffer, "byname") == 0) byname = TRUE; else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE; - else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A; + else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA; else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX; else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV; else if (Ustrcmp(buffer, "srv+a") == 0) - whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A; + whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; else if (Ustrcmp(buffer, "srv+mx") == 0) whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX; else if (Ustrcmp(buffer, "srv+mx+a") == 0) - whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A; + whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA; else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE; else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE; else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE; @@ -3254,7 +3262,7 @@ while (Ufgets(buffer, 256, stdin) != NULL) else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE; else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE; else if (Ustrcmp(buffer, "test_harness") == 0) - running_in_test_harness = !running_in_test_harness; + f.running_in_test_harness = !f.running_in_test_harness; else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6; else if (Ustrcmp(buffer, "res_debug") == 0) {