1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2023 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
10 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
11 directly via the DNS. When IPv6 is supported, getipnodebyname() and
12 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
13 if the newer functions are available. This module also contains various other
14 functions concerned with hosts and addresses, and a random number function,
15 used for randomizing hosts with equal MXs but available for use in other parts
22 /* Static variable for preserving the list of interface addresses in case it is
23 used more than once. */
25 static ip_address_item *local_interface_data = NULL;
28 #ifdef USE_INET_NTOA_FIX
29 /*************************************************
30 * Replacement for broken inet_ntoa() *
31 *************************************************/
33 /* On IRIX systems, gcc uses a different structure passing convention to the
34 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
35 255.255.255.255. To get round this, we provide a private version of the
36 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
37 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
41 as seen in comp.sys.sgi.admin
43 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
44 should now be set for them as well.
46 Arguments: sa an in_addr structure
47 Returns: pointer to static text string
51 inet_ntoa(struct in_addr sa)
53 static uschar addr[20];
54 sprintf(addr, "%d.%d.%d.%d",
65 /*************************************************
66 * Random number generator *
67 *************************************************/
69 /* This is a simple pseudo-random number generator. It does not have to be
70 very good for the uses to which it is put. When running the regression tests,
71 start with a fixed seed.
73 If you need better, see vaguely_random_number() which is potentially stronger,
74 if a crypto library is available, but might end up just calling this instead.
77 limit: one more than the largest number required
79 Returns: a pseudo-random number in the range 0 to limit-1
83 random_number(int limit)
88 if (f.running_in_test_harness)
92 int p = (int)getpid();
93 random_seed = (int)time(NULL) ^ ((p << 16) | p);
95 random_seed = 1103515245 * random_seed + 12345;
96 return (unsigned int)(random_seed >> 16) % limit;
99 /*************************************************
100 * Wrappers for logging lookup times *
101 *************************************************/
103 /* When the 'slow_lookup_log' variable is enabled, these wrappers will
104 write to the log file all (potential) dns lookups that take more than
105 slow_lookup_log milliseconds
109 log_long_lookup(const uschar * type, const uschar * data, unsigned long msec)
111 log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec",
116 /* returns the current system epoch time in milliseconds. */
120 struct timeval tmp_time;
121 unsigned long seconds, microseconds;
123 gettimeofday(&tmp_time, NULL);
124 seconds = (unsigned long) tmp_time.tv_sec;
125 microseconds = (unsigned long) tmp_time.tv_usec;
126 return seconds*1000 + microseconds/1000;
131 dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type,
132 const uschar **fully_qualified_name)
135 unsigned long time_msec;
137 if (!slow_lookup_log)
138 return dns_lookup(dnsa, name, type, fully_qualified_name);
140 time_msec = get_time_in_ms();
141 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
142 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
143 log_long_lookup(dns_text_type(type), name, time_msec);
148 /*************************************************
149 * Replace gethostbyname() when testing *
150 *************************************************/
152 /* This function is called instead of gethostbyname(), gethostbyname2(), or
153 getipnodebyname() when running in the test harness. . It also
154 recognizes an unqualified "localhost" and forces it to the appropriate loopback
155 address. IP addresses are treated as literals. For other names, it uses the DNS
156 to find the host name. In the test harness, this means it will access only the
160 name the host name or a textual IP address
161 af AF_INET or AF_INET6
162 error_num where to put an error code:
163 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
165 Returns: a hostent structure or NULL for an error
168 static struct hostent *
169 host_fake_gethostbyname(const uschar *name, int af, int *error_num)
172 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
174 int alen = sizeof(struct in_addr);
178 const uschar *lname = name;
181 struct hostent *yield;
182 dns_answer * dnsa = store_get_dns_answer();
186 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
187 af == AF_INET ? "IPv4" : "IPv6");
189 /* Handle unqualified "localhost" */
191 if (Ustrcmp(name, "localhost") == 0)
192 lname = af == AF_INET ? US"127.0.0.1" : US"::1";
194 /* Handle a literal IP address */
196 if ((ipa = string_is_ip_address(lname, NULL)) != 0)
197 if ( ipa == 4 && af == AF_INET
198 || ipa == 6 && af == AF_INET6)
201 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
202 alist = store_get(2 * sizeof(char *), GET_UNTAINTED);
203 adds = store_get(alen, GET_UNTAINTED);
204 yield->h_name = CS name;
205 yield->h_aliases = NULL;
206 yield->h_addrtype = af;
207 yield->h_length = alen;
208 yield->h_addr_list = CSS alist;
210 for (int n = host_aton(lname, x), i = 0; i < n; i++)
213 *adds++ = (y >> 24) & 255;
214 *adds++ = (y >> 16) & 255;
215 *adds++ = (y >> 8) & 255;
221 /* Wrong kind of literal address */
225 *error_num = HOST_NOT_FOUND;
230 /* Handle a host name */
234 int type = af == AF_INET ? T_A:T_AAAA;
235 int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
238 lookup_dnssec_authenticated = NULL;
242 case DNS_SUCCEED: break;
243 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out;
244 case DNS_NODATA: *error_num = NO_DATA; yield = NULL; goto out;
245 case DNS_AGAIN: *error_num = TRY_AGAIN; yield = NULL; goto out;
247 case DNS_FAIL: *error_num = NO_RECOVERY; yield = NULL; goto out;
250 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
252 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
255 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
256 alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED);
257 adds = store_get(count *alen, GET_UNTAINTED);
259 yield->h_name = CS name;
260 yield->h_aliases = NULL;
261 yield->h_addrtype = af;
262 yield->h_length = alen;
263 yield->h_addr_list = CSS alist;
265 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
267 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
271 if (!(da = dns_address_from_rr(dnsa, rr))) break;
273 for (int n = host_aton(da->address, x), i = 0; i < n; i++)
276 *adds++ = (y >> 24) & 255;
277 *adds++ = (y >> 16) & 255;
278 *adds++ = (y >> 8) & 255;
287 store_free_dns_answer(dnsa);
293 /*************************************************
294 * Build chain of host items from list *
295 *************************************************/
297 /* This function builds a chain of host items from a textual list of host
298 names. It does not do any lookups. If randomize is true, the chain is build in
299 a randomized order. There may be multiple groups of independently randomized
300 hosts; they are delimited by a host name consisting of just "+".
303 anchor anchor for the chain
305 randomize TRUE for randomizing
311 host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize)
314 int fake_mx = MX_NONE; /* This value is actually -1 */
318 if (randomize) fake_mx--; /* Start at -2 for randomizing */
322 while ((name = string_nextinlist(&list, &sep, NULL, 0)))
326 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
327 { /* ignore if not randomizing */
328 if (randomize) fake_mx--;
332 h = store_get(sizeof(host_item), GET_UNTAINTED);
337 h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0;
338 h->status = hstatus_unknown;
339 h->why = hwhy_unknown;
349 host_item *hh = *anchor;
350 if (h->sort_key < hh->sort_key)
357 while (hh->next && h->sort_key >= hh->next->sort_key)
367 /*************************************************
368 * Get port from a host item's name *
369 *************************************************/
371 /* This function is called when finding the IP address for a host that is in a
372 list of hosts explicitly configured, such as in the manualroute router, or in a
373 fallback hosts list. We see if there is a port specification at the end of the
374 host name, and if so, remove it. A minimum length of 3 is required for the
375 original name; nothing shorter is recognized as having a port.
377 We test for a name ending with a sequence of digits; if preceded by colon we
378 have a port if the character before the colon is ] and the name starts with [
379 or if there are no other colons in the name (i.e. it's not an IPv6 address).
381 Arguments: pointer to the host item
382 Returns: a port number or PORT_NONE
386 host_item_get_port(host_item *h)
390 int len = Ustrlen(h->name);
392 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
394 /* Extract potential port number */
399 while (p > h->name + 1 && isdigit(*p))
401 port += (*p-- - '0') * x;
405 /* The smallest value of p at this point is h->name + 1. */
407 if (*p != ':') return PORT_NONE;
409 if (p[-1] == ']' && h->name[0] == '[')
410 h->name = string_copyn(h->name + 1, p - h->name - 2);
411 else if (Ustrchr(h->name, ':') == p)
412 h->name = string_copyn(h->name, p - h->name);
413 else return PORT_NONE;
415 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
421 #ifndef STAND_ALONE /* Omit when standalone testing */
423 /*************************************************
424 * Build sender_fullhost and sender_rcvhost *
425 *************************************************/
427 /* This function is called when sender_host_name and/or sender_helo_name
428 have been set. Or might have been set - for a local message read off the spool
429 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
432 (a) No sender_host_name or sender_helo_name: "[ip address]"
433 (b) Just sender_host_name: "host_name [ip address]"
434 (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
435 in which case: "[ip address}"
436 (d) The two are identical: "host_name [ip address]" includes helo = IP
437 (e) The two are different: "host_name (helo_name) [ip address]"
439 If log_incoming_port is set, the sending host's port number is added to the IP
442 This function also builds sender_rcvhost for use in Received: lines, whose
443 syntax is a bit different. This value also includes the RFC 1413 identity.
444 There wouldn't be two different variables if I had got all this right in the
447 Because this data may survive over more than one incoming SMTP message, it has
448 to be in permanent store. However, STARTTLS has to be forgotten and redone
449 on a multi-message conn, so this will be called once per message then. Hence
450 we use malloc, so we can free.
457 host_build_sender_fullhost(void)
459 BOOL show_helo = TRUE;
460 uschar * address, * fullhost, * rcvhost;
464 if (!sender_host_address) return;
466 reset_point = store_mark();
468 /* Set up address, with or without the port. After discussion, it seems that
469 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
470 use this directly as the first item for Received: because it ain't an RFC 2822
473 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
474 if (!LOGGING(incoming_port) || sender_host_port <= 0)
475 *(Ustrrchr(address, ':')) = 0;
477 /* If there's no EHLO/HELO data, we can't show it. */
479 if (!sender_helo_name) show_helo = FALSE;
481 /* If HELO/EHLO was followed by an IP literal, it's messy because of two
482 features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
483 doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
484 be given in canonical form, so we have to canonicalize them before comparing. As
485 it happens, the code works for both IPv4 and IPv6. */
487 else if (sender_helo_name[0] == '[' &&
488 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
493 if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
494 if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
496 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
498 if (string_is_ip_address(helo_ip, NULL) != 0)
502 uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
504 sizex = host_aton(helo_ip, x);
505 sizey = host_aton(sender_host_address, y);
507 (void)host_nmtoa(sizex, x, -1, ipx, ':');
508 (void)host_nmtoa(sizey, y, -1, ipy, ':');
510 if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
514 /* Host name is not verified */
516 if (!sender_host_name)
518 uschar *portptr = Ustrstr(address, "]:");
520 int adlen; /* Sun compiler doesn't like ++ in initializers */
522 adlen = portptr ? (++portptr - address) : Ustrlen(address);
523 fullhost = sender_helo_name
524 ? string_sprintf("(%s) %s", sender_helo_name, address)
527 g = string_catn(NULL, address, adlen);
529 if (sender_ident || show_helo || portptr)
532 g = string_catn(g, US" (", 2);
536 g = string_append(g, 2, US"port=", portptr + 1);
539 g = string_append(g, 2,
540 firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name);
543 g = string_append(g, 2,
544 firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident);
546 g = string_catn(g, US")", 1);
549 rcvhost = string_from_gstring(g);
552 /* Host name is known and verified. Unless we've already found that the HELO
553 data matches the IP address, compare it with the name. */
557 if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
562 fullhost = string_sprintf("%s (%s) %s", sender_host_name,
563 sender_helo_name, address);
564 rcvhost = sender_ident
565 ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
566 address, sender_helo_name, sender_ident)
567 : string_sprintf("%s (%s helo=%s)", sender_host_name,
568 address, sender_helo_name);
572 fullhost = string_sprintf("%s %s", sender_host_name, address);
573 rcvhost = sender_ident
574 ? string_sprintf("%s (%s ident=%s)", sender_host_name, address,
576 : string_sprintf("%s (%s)", sender_host_name, address);
580 sender_fullhost = string_copy_perm(fullhost, TRUE);
581 sender_rcvhost = string_copy_perm(rcvhost, TRUE);
583 store_reset(reset_point);
585 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
586 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
591 /*************************************************
592 * Build host+ident message *
593 *************************************************/
595 /* Used when logging rejections and various ACL and SMTP incidents. The text
596 return depends on whether sender_fullhost and sender_ident are set or not:
598 no ident, no host => U=unknown
599 no ident, host set => H=sender_fullhost
600 ident set, no host => U=ident
601 ident set, host set => H=sender_fullhost U=ident
604 useflag TRUE if first item to be flagged (H= or U=); if there are two
605 items, the second is always flagged
607 Returns: pointer to an allocated string
611 host_and_ident(BOOL useflag)
615 if (!sender_fullhost)
618 g = string_catn(g, US"U=", 2);
619 g = string_cat(g, sender_ident ? sender_ident : US"unknown");
624 g = string_catn(g, US"H=", 2);
625 g = string_cat(g, sender_fullhost);
626 if (LOGGING(incoming_interface) && interface_address)
627 g = string_fmt_append(g, " I=[%s]:%d", interface_address, interface_port);
629 g = string_fmt_append(g, " U=%s", sender_ident);
631 if (LOGGING(connection_id))
632 g = string_fmt_append(g, " Ci=%lu", connection_id);
633 gstring_release_unused(g);
634 return string_from_gstring(g);
637 #endif /* STAND_ALONE */
642 /*************************************************
643 * Build list of local interfaces *
644 *************************************************/
646 /* This function interprets the contents of the local_interfaces or
647 extra_local_interfaces options, and creates an ip_address_item block for each
648 item on the list. There is no special interpretation of any IP addresses; in
649 particular, 0.0.0.0 and ::0 are returned without modification. If any address
650 includes a port, it is set in the block. Otherwise the port value is set to
655 name the name of the option being expanded
657 Returns: a chain of ip_address_items, each containing to a textual
658 version of an IP address, and a port number (host order) or
659 zero if no port was given with the address
663 host_build_ifacelist(const uschar *list, uschar *name)
667 ip_address_item * yield = NULL, * last = NULL, * next;
669 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
672 int port = host_address_extract_port(s); /* Leaves just the IP address */
674 if (!(ipv = string_is_ip_address(s, NULL)))
675 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
678 /* Skip IPv6 addresses if IPv6 is disabled. */
680 if (disable_ipv6 && ipv == 6) continue;
682 /* This use of strcpy() is OK because we have checked that s is a valid IP
683 address above. The field in the ip_address_item is large enough to hold an
686 next = store_get(sizeof(ip_address_item), list);
688 Ustrcpy(next->address, s);
690 next->v6_include_v4 = FALSE;
709 /*************************************************
710 * Find addresses on local interfaces *
711 *************************************************/
713 /* This function finds the addresses of local IP interfaces. These are used
714 when testing for routing to the local host. As the function may be called more
715 than once, the list is preserved in permanent store, pointed to by a static
716 variable, to save doing the work more than once per process.
718 The generic list of interfaces is obtained by calling host_build_ifacelist()
719 for local_interfaces and extra_local_interfaces. This list scanned to remove
720 duplicates (which may exist with different ports - not relevant here). If
721 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
722 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
723 obtained from os_find_running_interfaces().
726 Returns: a chain of ip_address_items, each containing to a textual
727 version of an IP address; the port numbers are not relevant
731 /* First, a local subfunction to add an interface to a list in permanent store,
732 but only if there isn't a previous copy of that address on the list. */
734 static ip_address_item *
735 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
737 ip_address_item *ipa2;
738 for (ipa2 = list; ipa2; ipa2 = ipa2->next)
739 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
740 ipa2 = store_get_perm(sizeof(ip_address_item), FALSE);
747 /* This is the globally visible function */
750 host_find_interfaces(void)
752 ip_address_item *running_interfaces = NULL;
754 if (!local_interface_data)
756 void *reset_item = store_mark();
757 ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,
758 US"local_interfaces");
759 ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces,
760 US"extra_local_interfaces");
761 ip_address_item *ipa;
763 if (!dlist) dlist = xlist;
766 for (ipa = dlist; ipa->next; ipa = ipa->next) ;
770 for (ipa = dlist; ipa; ipa = ipa->next)
772 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
773 Ustrcmp(ipa->address, "::0") == 0)
775 BOOL ipv6 = ipa->address[0] == ':';
776 if (!running_interfaces)
777 running_interfaces = os_find_running_interfaces();
778 for (ip_address_item * ipa2 = running_interfaces; ipa2; ipa2 = ipa2->next)
779 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
780 local_interface_data = add_unique_interface(local_interface_data,
785 local_interface_data = add_unique_interface(local_interface_data, ipa);
788 debug_printf("Configured local interface: address=%s", ipa->address);
789 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
794 store_reset(reset_item);
797 return local_interface_data;
804 /*************************************************
805 * Convert network IP address to text *
806 *************************************************/
808 /* Given an IPv4 or IPv6 address in binary, convert it to a text
809 string and return the result in a piece of new store. The address can
810 either be given directly, or passed over in a sockaddr structure. Note
811 that this isn't the converse of host_aton() because of byte ordering
812 differences. See host_nmtoa() below.
815 type if < 0 then arg points to a sockaddr, else
816 either AF_INET or AF_INET6
817 arg points to a sockaddr if type is < 0, or
818 points to an IPv4 address (32 bits), or
819 points to an IPv6 address (128 bits),
820 in both cases, in network byte order
821 buffer if NULL, the result is returned in gotten store;
822 else points to a buffer to hold the answer
823 portptr points to where to put the port number, if non NULL; only
826 Returns: pointer to character string
830 host_ntoa(int type, const void * arg, uschar * buffer, int * portptr)
834 /* The new world. It is annoying that we have to fish out the address from
835 different places in the block, depending on what kind of address it is. It
836 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
837 function inet_ntoa() returns just uschar *, and some picky compilers insist
838 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
841 uschar addr_buffer[46];
844 int family = ((struct sockaddr *)arg)->sa_family;
845 if (family == AF_INET6)
847 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
848 yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
849 sizeof(addr_buffer));
850 if (portptr) *portptr = ntohs(sk->sin6_port);
854 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
855 yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
856 sizeof(addr_buffer));
857 if (portptr) *portptr = ntohs(sk->sin_port);
862 yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
865 /* If the result is a mapped IPv4 address, show it in V4 format. */
867 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
869 #else /* HAVE_IPV6 */
875 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
876 if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
879 yield = US inet_ntoa(*((struct in_addr *)arg));
882 /* If there is no buffer, put the string into some new store. */
884 if (!buffer) buffer = store_get(46, GET_UNTAINTED);
886 /* Callers of this function with a non-NULL buffer must ensure that it is
887 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
888 makes this use of strcpy() OK.
889 If the library returned apparently an apparently tainted string, clean it;
890 we trust IP addresses. */
892 string_format_nt(buffer, 46, "%s", yield);
899 /*************************************************
900 * Convert address text to binary *
901 *************************************************/
903 /* Given the textual form of an IP address, convert it to binary in an
904 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
905 The result has the first byte in the most significant byte of the first int. In
906 other words, the result is not in network byte order, but in host byte order.
907 As a result, this is not the converse of host_ntoa(), which expects network
908 byte order. See host_nmtoa() below.
911 address points to the textual address, checked for syntax
912 bin points to an array of 4 ints
914 Returns: the number of ints used
918 host_aton(const uschar * address, int * bin)
923 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
924 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
925 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
928 if (Ustrchr(address, ':') != NULL)
930 const uschar * p = address;
931 const uschar * component[8];
932 BOOL ipv4_ends = FALSE;
933 int ci = 0, nulloffset = 0, v6count = 8, i;
935 /* If the address starts with a colon, it will start with two colons.
936 Just lose the first one, which will leave a null first component. */
940 /* Split the address into components separated by colons. The input address
941 is supposed to be checked for syntax. There was a case where this was
942 overlooked; to guard against that happening again, check here and crash if
943 there are too many components. */
945 while (*p && *p != '%')
947 int len = Ustrcspn(p, ":%");
948 if (len == 0) nulloffset = ci;
949 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
950 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
957 /* If the final component contains a dot, it is a trailing v4 address.
958 As the syntax is known to be checked, just set up for a trailing
959 v4 address and restrict the v6 part to 6 components. */
961 if (Ustrchr(component[ci-1], '.') != NULL)
963 address = component[--ci];
969 /* If there are fewer than 6 or 8 components, we have to insert some
970 more empty ones in the middle. */
974 int insert_count = v6count - ci;
975 for (i = v6count-1; i > nulloffset + insert_count; i--)
976 component[i] = component[i - insert_count];
977 while (i > nulloffset) component[i--] = US"";
980 /* Now turn the components into binary in pairs and bung them
981 into the vector of ints. */
983 for (i = 0; i < v6count; i += 2)
984 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
985 Ustrtol(component[i+1], NULL, 16);
987 /* If there was no terminating v4 component, we are done. */
989 if (!ipv4_ends) return 4;
992 /* Handle IPv4 address */
994 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
995 bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
1000 /*************************************************
1001 * Apply mask to an IP address *
1002 *************************************************/
1004 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1008 count the number of ints
1009 binary points to the ints to be masked
1010 mask the count of ms bits to leave, or -1 if no masking
1016 host_mask(int count, int *binary, int mask)
1018 if (mask < 0) mask = 99999;
1019 for (int i = 0; i < count; i++)
1022 if (mask == 0) wordmask = 0;
1025 wordmask = (uint)(-1) << (32 - mask);
1033 binary[i] &= wordmask;
1040 /*************************************************
1041 * Convert masked IP address in ints to text *
1042 *************************************************/
1044 /* We can't use host_ntoa() because it assumes the binary values are in network
1045 byte order, and these are the result of host_aton(), which puts them in ints in
1046 host byte order. Also, we really want IPv6 addresses to be in a canonical
1047 format, so we output them with no abbreviation. In a number of cases we can't
1048 use the normal colon separator in them because it terminates keys in lsearch
1049 files, so we want to use dot instead. There's an argument that specifies what
1050 to use for IPv6 addresses.
1053 count 1 or 4 (number of ints)
1054 binary points to the ints
1055 mask mask value; if < 0 don't add to result
1056 buffer big enough to hold the result
1057 sep component separator character for IPv6 addresses
1059 Returns: the number of characters placed in buffer, not counting
1064 host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
1067 uschar *tt = buffer;
1072 for (int i = 24; i >= 0; i -= 8)
1073 tt += sprintf(CS tt, "%d.", (j >> i) & 255);
1076 for (int i = 0; i < 4; i++)
1079 tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1082 tt--; /* lose final separator */
1087 tt += sprintf(CS tt, "/%d", mask);
1093 /* Like host_nmtoa() but: ipv6-only, canonical output, no mask
1096 binary points to the ints
1097 buffer big enough to hold the result
1099 Returns: the number of characters placed in buffer, not counting
1104 ipv6_nmtoa(int * binary, uschar * buffer)
1107 uschar * c = buffer;
1108 uschar * d = NULL; /* shut insufficiently "clever" compiler up */
1110 for (i = 0; i < 4; i++)
1111 { /* expand to text */
1113 c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff);
1116 for (c = buffer, k = -1, i = 0; i < 8; i++)
1117 { /* find longest 0-group sequence */
1118 if (*c == '0') /* must be "0:" */
1122 while (c[2] == '0') i++, c += 2;
1125 k = i-j; /* length of sequence */
1126 d = s; /* start of sequence */
1129 while (*++c != ':') ;
1133 *--c = '\0'; /* drop trailing colon */
1135 /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */
1139 if (d == buffer) c--; /* need extra colon */
1140 *d++ = ':'; /* 1st 0 */
1141 while ((*d++ = *c++)) ;
1151 /*************************************************
1152 * Check port for tls_on_connect *
1153 *************************************************/
1155 /* This function checks whether a given incoming port is configured for tls-
1156 on-connect. It is called from the daemon and from inetd handling. If the global
1157 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1158 check the tls_on_connect_ports option for a list of ports.
1160 Argument: a port number
1161 Returns: TRUE or FALSE
1165 host_is_tls_on_connect_port(int port)
1168 const uschar * list = tls_in.on_connect_ports;
1170 if (tls_in.on_connect) return TRUE;
1172 for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
1173 if (Ustrtol(s, &end, 10) == port)
1181 /*************************************************
1182 * Check whether host is in a network *
1183 *************************************************/
1185 /* This function checks whether a given IP address matches a pattern that
1186 represents either a single host, or a network (using CIDR notation). The caller
1187 of this function must check the syntax of the arguments before calling it.
1190 host string representation of the ip-address to check
1191 net string representation of the network, with optional CIDR mask
1192 maskoffset offset to the / that introduces the mask in the key
1193 zero if there is no mask
1196 TRUE the host is inside the network
1197 FALSE the host is NOT inside the network
1201 host_is_in_net(const uschar *host, const uschar *net, int maskoffset)
1206 int size = host_aton(net, address);
1209 /* No mask => all bits to be checked */
1211 if (maskoffset == 0) mlen = 99999; /* Big number */
1212 else mlen = Uatoi(net + maskoffset + 1);
1214 /* Convert the incoming address to binary. */
1216 insize = host_aton(host, incoming);
1218 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1219 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1220 ::ffff:<v4address>, to IPv4 format. */
1222 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1223 incoming[2] == 0xffff)
1226 incoming[0] = incoming[3];
1229 /* No match if the sizes don't agree. */
1231 if (insize != size) return FALSE;
1233 /* Else do the masked comparison. */
1235 for (int i = 0; i < size; i++)
1238 if (mlen == 0) mask = 0;
1241 mask = (uint)(-1) << (32 - mlen);
1249 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1257 /*************************************************
1258 * Scan host list for local hosts *
1259 *************************************************/
1261 /* Scan through a chain of addresses and check whether any of them is the
1262 address of an interface on the local machine. If so, remove that address and
1263 any previous ones with the same MX value, and all subsequent ones (which will
1264 have greater or equal MX values) from the chain. Note: marking them as unusable
1265 is NOT the right thing to do because it causes the hosts not to be used for
1266 other domains, for which they may well be correct.
1268 The hosts may be part of a longer chain; we only process those between the
1269 initial pointer and the "last" pointer.
1271 There is also a list of "pseudo-local" host names which are checked against the
1272 host names. Any match causes that host item to be treated the same as one which
1273 matches a local IP address.
1275 If the very first host is a local host, then all MX records had a precedence
1276 greater than or equal to that of the local host. Either there's a problem in
1277 the DNS, or an apparently remote name turned out to be an abbreviation for the
1278 local host. Give a specific return code, and let the caller decide what to do.
1279 Otherwise, give a success code if at least one host address has been found.
1282 host pointer to the first host in the chain
1283 lastptr pointer to pointer to the last host in the chain (may be updated)
1284 removed if not NULL, set TRUE if some local addresses were removed
1288 HOST_FOUND if there is at least one host with an IP address on the chain
1289 and an MX value less than any MX value associated with the
1291 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1292 the host addresses were obtained from A records or
1293 gethostbyname(), the MX values are set to -1.
1294 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1298 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1300 int yield = HOST_FIND_FAILED;
1301 host_item *last = *lastptr;
1302 host_item *prev = NULL;
1305 if (removed != NULL) *removed = FALSE;
1307 if (local_interface_data == NULL) local_interface_data = host_find_interfaces();
1309 for (h = host; h != last->next; h = h->next)
1312 if (hosts_treat_as_local != NULL)
1315 const uschar *save = deliver_domain;
1316 deliver_domain = h->name; /* set $domain */
1317 rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0,
1318 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1319 deliver_domain = save;
1320 if (rc == OK) goto FOUND_LOCAL;
1324 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1325 for 127.0.0.1 and refers to the local host. We therefore force it always to
1326 be treated as local. */
1328 if (h->address != NULL)
1330 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1331 for (ip_address_item * ip = local_interface_data; ip; ip = ip->next)
1332 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1333 yield = HOST_FOUND; /* At least one remote address has been found */
1336 /* Update prev to point to the last host item before any that have
1337 the same MX value as the one we have just considered. */
1339 if (h->next == NULL || h->next->mx != h->mx) prev = h;
1342 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1344 /* A host whose IP address matches a local IP address, or whose name matches
1345 something in hosts_treat_as_local has been found. */
1351 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1352 "local host has lowest MX\n" :
1353 "local host found for non-MX address\n");
1354 return HOST_FOUND_LOCAL;
1357 HDEBUG(D_host_lookup)
1359 debug_printf("local host in host list - removed hosts:\n");
1360 for (h = prev->next; h != last->next; h = h->next)
1361 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1364 if (removed != NULL) *removed = TRUE;
1365 prev->next = last->next;
1373 /*************************************************
1374 * Remove duplicate IPs in host list *
1375 *************************************************/
1377 /* You would think that administrators could set up their DNS records so that
1378 one ended up with a list of unique IP addresses after looking up A or MX
1379 records, but apparently duplication is common. So we scan such lists and
1380 remove the later duplicates. Note that we may get lists in which some host
1381 addresses are not set.
1384 host pointer to the first host in the chain
1385 lastptr pointer to pointer to the last host in the chain (may be updated)
1391 host_remove_duplicates(host_item *host, host_item **lastptr)
1393 while (host != *lastptr)
1395 if (host->address != NULL)
1397 host_item *h = host;
1398 while (h != *lastptr)
1400 if (h->next->address != NULL &&
1401 Ustrcmp(h->next->address, host->address) == 0)
1403 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1404 "removed\n", host->address, h->next->mx);
1405 if (h->next == *lastptr) *lastptr = h;
1406 h->next = h->next->next;
1411 /* If the last item was removed, host may have become == *lastptr */
1412 if (host != *lastptr) host = host->next;
1419 /*************************************************
1420 * Find sender host name by gethostbyaddr() *
1421 *************************************************/
1423 /* This used to be the only way it was done, but it turns out that not all
1424 systems give aliases for calls to gethostbyaddr() - or one of the modern
1425 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1426 but they can still exist. This function is now used only when a DNS lookup of
1427 the IP address fails, in order to give access to /etc/hosts.
1430 Returns: OK, DEFER, FAIL
1434 host_name_lookup_byaddr(void)
1436 struct hostent * hosts;
1437 struct in_addr addr;
1438 unsigned long time_msec = 0; /* init to quieten dumb static analysis */
1440 if (slow_lookup_log) time_msec = get_time_in_ms();
1442 /* Lookup on IPv6 system */
1445 if (Ustrchr(sender_host_address, ':') != NULL)
1447 struct in6_addr addr6;
1448 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1449 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1450 "IPv6 address", sender_host_address);
1451 #if HAVE_GETIPNODEBYADDR
1452 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1454 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1459 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1460 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1461 "IPv4 address", sender_host_address);
1462 #if HAVE_GETIPNODEBYADDR
1463 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1465 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1469 /* Do lookup on IPv4 system */
1472 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1473 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1476 if ( slow_lookup_log
1477 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
1479 log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
1481 /* Failed to look up the host. */
1485 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1487 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1490 /* It seems there are some records in the DNS that yield an empty name. We
1491 treat this as non-existent. In some operating systems, this is returned as an
1492 empty string; in others as a single dot. */
1494 if (!hosts->h_name || !hosts->h_name[0] || hosts->h_name[0] == '.')
1496 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1497 "treated as non-existent host name\n");
1501 /* Copy and lowercase the name, which is in static storage in many systems.
1502 Put it in permanent memory. */
1505 int old_pool = store_pool;
1506 store_pool = POOL_TAINT_PERM; /* names are tainted */
1508 sender_host_name = string_copylc(US hosts->h_name);
1510 /* If the host has aliases, build a copy of the alias list */
1512 if (hosts->h_aliases)
1514 int count = 1; /* need 1 more for terminating NULL */
1517 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
1518 store_pool = POOL_PERM;
1519 ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1520 store_pool = POOL_TAINT_PERM;
1522 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)
1523 *ptr++ = string_copylc(*aliases);
1526 store_pool = old_pool;
1534 /*************************************************
1535 * Find host name for incoming call *
1536 *************************************************/
1538 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1539 up a list of alias names, pointed to by sender_host_alias. The list is
1540 NULL-terminated. The incoming address is in sender_host_address, either in
1541 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1543 This function does a thorough check that the names it finds point back to the
1544 incoming IP address. Any that do not are discarded. Note that this is relied on
1545 by the ACL reverse_host_lookup check.
1547 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1548 this it not universally true. Also, for release 4.30, this function was changed
1549 to do a direct DNS lookup first, by default[1], because it turns out that that
1550 is the only guaranteed way to find all the aliases on some systems. My
1551 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1554 [1] The actual order is controlled by the host_lookup_order option.
1557 Returns: OK on success, the answer being placed in the global variable
1558 sender_host_name, with any aliases in a list hung off
1560 FAIL if no host name can be found
1561 DEFER if a temporary error was encountered
1563 The variable host_lookup_msg is set to an empty string on success, or to a
1564 reason for the failure otherwise, in a form suitable for tagging onto an error
1565 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1566 was a defer, host_lookup_deferred is set TRUE.
1568 Any dynamically constructed string for host_lookup_msg must be in permanent
1569 store, because it might be used for several incoming messages on the same SMTP
1573 host_name_lookup(void)
1577 uschar *save_hostname;
1580 const uschar *list = host_lookup_order;
1581 dns_answer * dnsa = store_get_dns_answer();
1584 sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
1586 HDEBUG(D_host_lookup)
1587 debug_printf("looking up host name for %s\n", sender_host_address);
1589 /* For testing the case when a lookup does not complete, we have a special
1590 reserved IP address. */
1592 if (f.running_in_test_harness &&
1593 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1595 HDEBUG(D_host_lookup)
1596 debug_printf("Test harness: host name lookup returns DEFER\n");
1597 host_lookup_deferred = TRUE;
1601 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1602 the order specified by the host_lookup_order option. */
1604 while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
1606 if (strcmpic(ordername, US"bydns") == 0)
1608 uschar * name = dns_build_reverse(sender_host_address);
1610 dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
1611 rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
1613 /* The first record we come across is used for the name; others are
1614 considered to be aliases. We have to scan twice, in order to find out the
1615 number of aliases. However, if all the names are empty, we will behave as
1616 if failure. (PTR records that yield empty names have been encountered in
1619 if (rc == DNS_SUCCEED)
1621 uschar **aptr = NULL;
1623 int count = 1; /* need 1 more for terminating NULL */
1624 int old_pool = store_pool;
1626 sender_host_dnssec = dns_is_secure(dnsa);
1628 debug_printf("Reverse DNS security status: %s\n",
1629 sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
1631 store_pool = POOL_PERM; /* Save names in permanent storage */
1633 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1635 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1638 /* Get store for the list of aliases. For compatibility with
1639 gethostbyaddr, we make an empty list if there are none. */
1641 aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1643 /* Re-scan and extract the names */
1645 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1647 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1649 uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */
1652 /* If an overlong response was received, the data will have been
1653 truncated and dn_expand may fail. */
1655 if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1656 US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1658 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1659 sender_host_address);
1663 store_release_above(s + (slen = Ustrlen(s)) + 1);
1666 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1667 "empty name: treated as non-existent host name\n");
1670 if (Ustrspn(s, letter_digit_hyphen_dot) != slen)
1672 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1673 "illegal name (bad char): treated as non-existent host name\n");
1676 if (!sender_host_name) sender_host_name = s;
1678 while (*s) { *s = tolower(*s); s++; }
1681 *aptr = NULL; /* End of alias list */
1682 store_pool = old_pool; /* Reset store pool */
1684 /* If we've found a name, break out of the "order" loop */
1686 if (sender_host_name) break;
1689 /* If the DNS lookup deferred, we must also defer. */
1691 if (rc == DNS_AGAIN)
1693 HDEBUG(D_host_lookup)
1694 debug_printf("IP address PTR lookup gave temporary error\n");
1695 host_lookup_deferred = TRUE;
1700 /* Do a lookup using gethostbyaddr() - or equivalent */
1702 else if (strcmpic(ordername, US"byaddr") == 0)
1704 HDEBUG(D_host_lookup)
1705 debug_printf("IP address lookup using gethostbyaddr()\n");
1706 rc = host_name_lookup_byaddr();
1709 host_lookup_deferred = TRUE;
1710 return rc; /* Can't carry on */
1712 if (rc == OK) break; /* Found a name */
1714 } /* Loop for bydns/byaddr scanning */
1716 /* If we have failed to find a name, return FAIL and log when required.
1717 NB host_lookup_msg must be in permanent store. */
1719 if (!sender_host_name)
1721 if (host_checking || !f.log_testing_mode)
1722 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1723 "address %s", sender_host_address);
1724 host_lookup_msg = US" (failed to find host name from IP address)";
1725 host_lookup_failed = TRUE;
1729 HDEBUG(D_host_lookup)
1731 uschar **aliases = sender_host_aliases;
1732 debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
1733 while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++);
1736 /* We need to verify that a forward lookup on the name we found does indeed
1737 correspond to the address. This is for security: in principle a malefactor who
1738 happened to own a reverse zone could set it to point to any names at all.
1740 This code was present in versions of Exim before 3.20. At that point I took it
1741 out because I thought that gethostbyaddr() did the check anyway. It turns out
1742 that this isn't always the case, so it's coming back in at 4.01. This version
1743 is actually better, because it also checks aliases.
1745 The code was made more robust at release 4.21. Prior to that, it accepted all
1746 the names if any of them had the correct IP address. Now the code checks all
1747 the names, and accepts only those that have the correct IP address. */
1749 save_hostname = sender_host_name; /* Save for error messages */
1750 aliases = sender_host_aliases;
1751 for (uschar * hname = sender_host_name; hname; hname = *aliases++)
1755 host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL };
1757 { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL };
1759 if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA,
1760 NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
1761 || rc == HOST_FOUND_LOCAL
1764 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1766 /* If the forward lookup was not secure we cancel the is-secure variable */
1768 DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
1769 h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
1770 if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
1772 for (host_item * hh = &h; hh; hh = hh->next)
1773 if (host_is_in_net(hh->address, sender_host_address, 0))
1775 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1780 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1782 if (!ok) HDEBUG(D_host_lookup)
1783 debug_printf("no IP address for %s matched %s\n", hname,
1784 sender_host_address);
1786 else if (rc == HOST_FIND_AGAIN)
1788 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1789 host_lookup_deferred = TRUE;
1790 sender_host_name = NULL;
1794 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1796 /* If this name is no good, and it's the sender name, set it null pro tem;
1797 if it's an alias, just remove it from the list. */
1801 if (hname == sender_host_name) sender_host_name = NULL; else
1803 uschar **a; /* Don't amalgamate - some */
1804 a = --aliases; /* compilers grumble */
1805 while (*a != NULL) { *a = a[1]; a++; }
1810 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1811 it with the first alias, if there is one. */
1813 if (sender_host_name == NULL && *sender_host_aliases != NULL)
1814 sender_host_name = *sender_host_aliases++;
1816 /* If we now have a main name, all is well. */
1818 if (sender_host_name != NULL) return OK;
1820 /* We have failed to find an address that matches. */
1822 HDEBUG(D_host_lookup)
1823 debug_printf("%s does not match any IP address for %s\n",
1824 sender_host_address, save_hostname);
1826 /* This message must be in permanent store */
1828 old_pool = store_pool;
1829 store_pool = POOL_PERM;
1830 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1831 sender_host_address, save_hostname);
1832 store_pool = old_pool;
1833 host_lookup_failed = TRUE;
1840 /*************************************************
1841 * Find IP address(es) for host by name *
1842 *************************************************/
1844 /* The input is a host_item structure with the name filled in and the address
1845 field set to NULL. We use gethostbyname() or getipnodebyname() or
1846 gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
1847 but they do not do MX processing. It appears, however, that in some systems the
1848 current setting of resolver options is used when one of these functions calls
1849 the resolver. For this reason, we call dns_init() at the start, with arguments
1850 influenced by bits in "flags", just as we do for host_find_bydns().
1852 The second argument provides a host list (usually an IP list) of hosts to
1853 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1854 addresses in unreasonable places.
1856 The lookup may result in a change of name. For compatibility with the dns
1857 lookup, return this via fully_qualified_name as well as updating the host item.
1858 The lookup may also yield more than one IP address, in which case chain on
1859 subsequent host_item structures.
1862 host a host item with the name and MX filled in;
1863 the address is to be filled in;
1864 multiple IP addresses cause other host items to be
1866 ignore_target_hosts a list of hosts to ignore
1867 flags HOST_FIND_QUALIFY_SINGLE ) passed to
1868 HOST_FIND_SEARCH_PARENTS ) dns_init()
1869 fully_qualified_name if not NULL, set to point to host name for
1870 compatibility with host_find_bydns
1871 local_host_check TRUE if a check for the local host is wanted
1873 Returns: HOST_FIND_FAILED Failed to find the host or domain
1874 HOST_FIND_AGAIN Try again later
1875 HOST_FOUND Host found - data filled in
1876 HOST_FOUND_LOCAL Host found and is the local host
1880 host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags,
1881 const uschar **fully_qualified_name, BOOL local_host_check)
1884 host_item *last = NULL;
1885 BOOL temp_error = FALSE;
1889 /* Copy the host name at this point to the value which is used for
1890 TLS certificate name checking, before anything modifies it. */
1892 host->certname = host->name;
1895 /* Make sure DNS options are set as required. This appears to be necessary in
1896 some circumstances when the get..byname() function actually calls the DNS. */
1898 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
1899 (flags & HOST_FIND_SEARCH_PARENTS) != 0,
1900 FALSE); /* Cannot retrieve dnssec status so do not request */
1902 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
1903 kinds of address, so go round the loop twice. Note that we have ensured that
1904 AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
1905 code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
1906 lookups here (except when testing standalone). */
1914 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
1915 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
1918 { af = AF_INET; times = 1; }
1920 { af = AF_INET6; times = 2; }
1922 /* No IPv6 support */
1924 #else /* HAVE_IPV6 */
1925 af = AF_INET; times = 1;
1926 #endif /* HAVE_IPV6 */
1928 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1929 interface to this function can be similar to host_find_bydns. */
1931 f.host_find_failed_syntax = FALSE;
1933 /* Loop to look up both kinds of address in an IPv6 world */
1935 for (int i = 1; i <= times;
1937 af = AF_INET, /* If 2 passes, IPv4 on the second */
1943 struct hostent *hostdata;
1944 unsigned long time_msec = 0; /* compiler quietening */
1947 printf("Looking up: %s\n", host->name);
1950 if (slow_lookup_log) time_msec = get_time_in_ms();
1953 if (f.running_in_test_harness)
1954 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1957 #if HAVE_GETIPNODEBYNAME
1958 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
1960 hostdata = gethostbyname2(CS host->name, af);
1961 error_num = h_errno;
1965 #else /* not HAVE_IPV6 */
1966 if (f.running_in_test_harness)
1967 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1970 hostdata = gethostbyname(CS host->name);
1971 error_num = h_errno;
1973 #endif /* HAVE_IPV6 */
1975 if ( slow_lookup_log
1976 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
1977 log_long_lookup(US"gethostbyname", host->name, time_msec);
1984 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
1985 case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
1986 case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
1987 case NO_DATA: error = US"NO_DATA"; break;
1988 #if NO_DATA != NO_ADDRESS
1989 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
1991 default: error = US"?"; break;
1994 DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
1995 f.running_in_test_harness ? "host_fake_gethostbyname" :
1997 # if HAVE_GETIPNODEBYNAME
2005 af == AF_INET ? "inet" : "inet6", error_num, error);
2009 if (!(hostdata->h_addr_list)[0]) continue;
2011 /* Replace the name with the fully qualified one if necessary, and fill in
2012 the fully_qualified_name pointer. */
2014 if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
2015 host->name = string_copy_dnsdomain(US hostdata->h_name);
2016 if (fully_qualified_name) *fully_qualified_name = host->name;
2018 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2019 by their different lengths. Scan the list, ignoring any that are to be
2020 ignored, and build a chain from the rest. */
2022 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2024 for (uschar ** addrlist = USS hostdata->h_addr_list; *addrlist; addrlist++)
2026 uschar *text_address =
2027 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2030 if ( ignore_target_hosts
2031 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2032 text_address, NULL) == OK)
2034 DEBUG(D_host_lookup)
2035 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2040 /* If this is the first address, last is NULL and we put the data in the
2045 host->address = text_address;
2046 host->port = PORT_NONE;
2047 host->status = hstatus_unknown;
2048 host->why = hwhy_unknown;
2049 host->dnssec = DS_UNK;
2053 /* Else add further host item blocks for any other addresses, keeping
2058 host_item *next = store_get(sizeof(host_item), GET_UNTAINTED);
2059 next->name = host->name;
2061 next->certname = host->certname;
2063 next->mx = host->mx;
2064 next->address = text_address;
2065 next->port = PORT_NONE;
2066 next->status = hstatus_unknown;
2067 next->why = hwhy_unknown;
2068 next->dnssec = DS_UNK;
2070 next->next = last->next;
2077 /* If no hosts were found, the address field in the original host block will be
2078 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2079 so we pass that back. */
2085 !message_id[0] && smtp_in
2086 ? string_sprintf("no IP address found for host %s (during %s)", host->name,
2087 smtp_get_connection_info()) :
2089 string_sprintf("no IP address found for host %s", host->name);
2091 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2092 if (temp_error) goto RETURN_AGAIN;
2093 if (host_checking || !f.log_testing_mode)
2094 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2095 return HOST_FIND_FAILED;
2098 /* Remove any duplicate IP addresses, then check to see if this is the local
2099 host if required. */
2101 host_remove_duplicates(host, &last);
2102 yield = local_host_check?
2103 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2105 HDEBUG(D_host_lookup)
2107 if (fully_qualified_name)
2108 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2109 debug_printf("%s looked up these IP addresses:\n",
2111 #if HAVE_GETIPNODEBYNAME
2120 for (const host_item * h = host; h != last->next; h = h->next)
2121 debug_printf(" name=%s address=%s\n", h->name,
2122 h->address ? h->address : US"<null>");
2125 /* Return the found status. */
2129 /* Handle the case when there is a temporary error. If the name matches
2130 dns_again_means_nonexist, return permanent rather than temporary failure. */
2136 const uschar *save = deliver_domain;
2137 deliver_domain = host->name; /* set $domain */
2138 rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
2139 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
2140 deliver_domain = save;
2143 DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: "
2144 "returning HOST_FIND_FAILED\n", host->name);
2145 return HOST_FIND_FAILED;
2148 return HOST_FIND_AGAIN;
2154 /*************************************************
2155 * Fill in a host address from the DNS *
2156 *************************************************/
2158 /* Given a host item, with its name, port and mx fields set, and its address
2159 field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
2160 create additional host items for the additional addresses, copying all the
2161 other fields, and randomizing the order.
2163 On IPv6 systems, AAAA records are sought first, then A records.
2165 The host name may be changed if the DNS returns a different name - e.g. fully
2166 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2167 ensures that it points to the fully qualified name. However, this is the fully
2168 qualified version of the original name; if a CNAME is involved, the actual
2169 canonical host name may be different again, and so we get it directly from the
2170 relevant RR. Note that we do NOT change the mx field of the host item in this
2171 function as it may be called to set the addresses of hosts taken from MX
2175 host points to the host item we're filling in
2176 lastptr points to pointer to last host item in a chain of
2177 host items (may be updated if host is last and gets
2178 extended because multihomed)
2179 ignore_target_hosts list of hosts to ignore
2180 allow_ip if TRUE, recognize an IP address and return it
2181 fully_qualified_name if not NULL, return fully qualified name here if
2182 the contents are different (i.e. it must be preset
2184 dnssec_request if TRUE request the AD bit
2185 dnssec_require if TRUE require the AD bit
2186 whichrrs select ipv4, ipv6 results
2188 Returns: HOST_FIND_FAILED couldn't find A record
2189 HOST_FIND_AGAIN try again later
2190 HOST_FIND_SECURITY dnssec required but not acheived
2191 HOST_FOUND found AAAA and/or A record(s)
2192 HOST_IGNORED found, but all IPs ignored
2196 set_address_from_dns(host_item *host, host_item **lastptr,
2197 const uschar *ignore_target_hosts, BOOL allow_ip,
2198 const uschar **fully_qualified_name,
2199 BOOL dnssec_request, BOOL dnssec_require, int whichrrs)
2201 host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
2202 BOOL v6_find_again = FALSE;
2203 BOOL dnssec_fail = FALSE;
2208 /* Copy the host name at this point to the value which is used for
2209 TLS certificate name checking, before any CNAME-following modifies it. */
2211 host->certname = host->name;
2214 /* If allow_ip is set, a name which is an IP address returns that value
2215 as its address. This is used for MX records when allow_mx_to_ip is set, for
2216 those sites that feel they have to flaunt the RFC rules. */
2218 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2221 if ( ignore_target_hosts
2222 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2223 host->name, NULL) == OK)
2224 return HOST_IGNORED;
2227 host->address = host->name;
2231 dnsa = store_get_dns_answer();
2233 /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
2234 looking for AAAA records the first time. However, unless doing standalone
2235 testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.
2236 On an IPv4 system, go round the loop once only, looking only for A records. */
2241 || !(whichrrs & HOST_FIND_BY_AAAA)
2243 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
2244 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
2246 i = 0; /* look up A records only */
2248 #endif /* STAND_ALONE */
2250 i = 1; /* look up AAAA and A records */
2252 /* The IPv4 world */
2254 #else /* HAVE_IPV6 */
2255 i = 0; /* look up A records only */
2256 #endif /* HAVE_IPV6 */
2260 static int types[] = { T_A, T_AAAA };
2261 int type = types[i];
2262 int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
2263 ? 500 : 0; /* Ensures v6/4 sort order */
2266 int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);
2267 lookup_dnssec_authenticated = !dnssec_request ? NULL
2268 : dns_is_secure(dnsa) ? US"yes" : US"no";
2271 if ( (dnssec_request || dnssec_require)
2272 && !dns_is_secure(dnsa)
2275 debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name);
2277 /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups
2278 fails or times out, but not if another one succeeds. (In the early
2279 IPv6 days there are name servers that always fail on AAAA, but are happy
2280 to give out an A record. We want to proceed with that A record.) */
2282 if (rc != DNS_SUCCEED)
2284 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2286 if (host->address != NULL)
2287 i = HOST_FOUND; /* AAAA was found */
2288 else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2289 i = HOST_FIND_AGAIN;
2291 i = HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2295 /* Tried for an AAAA record: remember if this was a temporary
2296 error, and look for the next record type. */
2298 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2304 if (dns_is_secure(dnsa))
2306 DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name);
2307 if (host->dnssec == DS_UNK) /* set in host_find_bydns() */
2308 host->dnssec = DS_YES;
2315 DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
2316 i>0 ? "AAAA" : "A", host->name);
2319 if (host->dnssec == DS_YES) /* set in host_find_bydns() */
2321 DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name);
2322 host->dnssec = DS_NO;
2323 lookup_dnssec_authenticated = US"no";
2328 /* Lookup succeeded: fill in the given host item with the first non-ignored
2329 address found; create additional items for any others. A single A6 record
2330 may generate more than one address. The lookup had a chance to update the
2331 fqdn; we do not want any later times round the loop to do so. */
2333 fully_qualified_name = NULL;
2335 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2337 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
2339 dns_address * da = dns_address_from_rr(dnsa, rr);
2341 DEBUG(D_host_lookup)
2342 if (!da) debug_printf("no addresses extracted from A6 RR for %s\n",
2345 /* This loop runs only once for A and AAAA records, but may run
2346 several times for an A6 record that generated multiple addresses. */
2348 for (; da; da = da->next)
2351 if (ignore_target_hosts != NULL &&
2352 verify_check_this_host(&ignore_target_hosts, NULL,
2353 host->name, da->address, NULL) == OK)
2355 DEBUG(D_host_lookup)
2356 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2361 /* If this is the first address, stick it in the given host block,
2362 and change the name if the returned RR has a different name. */
2364 if (thishostlast == NULL)
2366 if (strcmpic(host->name, rr->name) != 0)
2367 host->name = string_copy_dnsdomain(rr->name);
2368 host->address = da->address;
2369 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2370 host->status = hstatus_unknown;
2371 host->why = hwhy_unknown;
2372 thishostlast = host;
2375 /* Not the first address. Check for, and ignore, duplicates. Then
2376 insert in the chain at a random point. */
2383 /* End of our local chain is specified by "thishostlast". */
2385 for (next = host;; next = next->next)
2387 if (Ustrcmp(CS da->address, next->address) == 0) break;
2388 if (next == thishostlast) { next = NULL; break; }
2390 if (next != NULL) continue; /* With loop for next address */
2392 /* Not a duplicate */
2394 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2395 next = store_get(sizeof(host_item), GET_UNTAINTED);
2397 /* New address goes first: insert the new block after the first one
2398 (so as not to disturb the original pointer) but put the new address
2399 in the original block. */
2401 if (new_sort_key < host->sort_key)
2403 *next = *host; /* Copies port */
2405 host->address = da->address;
2406 host->sort_key = new_sort_key;
2407 if (thishostlast == host) thishostlast = next; /* Local last */
2408 if (*lastptr == host) *lastptr = next; /* Global last */
2411 /* Otherwise scan down the addresses for this host to find the
2412 one to insert after. */
2416 host_item *h = host;
2417 while (h != thishostlast)
2419 if (new_sort_key < h->next->sort_key) break;
2422 *next = *h; /* Copies port */
2424 next->address = da->address;
2425 next->sort_key = new_sort_key;
2426 if (h == thishostlast) thishostlast = next; /* Local last */
2427 if (h == *lastptr) *lastptr = next; /* Global last */
2434 /* Control gets here only if the second lookup (the A record) succeeded.
2435 However, the address may not be filled in if it was ignored. */
2440 ? HOST_FIND_SECURITY
2444 store_free_dns_answer(dnsa);
2451 /*************************************************
2452 * Find IP addresses and host names via DNS *
2453 *************************************************/
2455 /* The input is a host_item structure with the name field filled in and the
2456 address field set to NULL. This may be in a chain of other host items. The
2457 lookup may result in more than one IP address, in which case we must created
2458 new host blocks for the additional addresses, and insert them into the chain.
2459 The original name may not be fully qualified. Use the fully_qualified_name
2460 argument to return the official name, as returned by the resolver.
2463 host point to initial host item
2464 ignore_target_hosts a list of hosts to ignore
2465 whichrrs flags indicating which RRs to look for:
2466 HOST_FIND_BY_SRV => look for SRV
2467 HOST_FIND_BY_MX => look for MX
2468 HOST_FIND_BY_A => look for A
2469 HOST_FIND_BY_AAAA => look for AAAA
2470 also flags indicating how the lookup is done
2471 HOST_FIND_QUALIFY_SINGLE ) passed to the
2472 HOST_FIND_SEARCH_PARENTS ) resolver
2473 HOST_FIND_IPV4_FIRST => reverse usual result ordering
2474 HOST_FIND_IPV4_ONLY => MX results elide ipv6
2475 srv_service when SRV used, the service name
2476 srv_fail_domains DNS errors for these domains => assume nonexist
2477 mx_fail_domains DNS errors for these domains => assume nonexist
2478 dnssec_d.request => make dnssec request: domainlist
2479 dnssec_d.require => ditto and nonexist failures
2480 fully_qualified_name if not NULL, return fully-qualified name
2481 removed set TRUE if local host was removed from the list
2483 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2484 if there was a syntax error,
2485 host_find_failed_syntax is set.
2486 HOST_FIND_AGAIN Could not resolve at this time
2487 HOST_FIND_SECURITY dnsssec required but not acheived
2488 HOST_FOUND Host found
2489 HOST_FOUND_LOCAL The lowest MX record points to this
2490 machine, if MX records were found, or
2491 an A record that was found contains
2492 an address of the local host
2496 host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
2497 uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
2498 const dnssec_domains *dnssec_d,
2499 const uschar **fully_qualified_name, BOOL *removed)
2501 host_item *h, *last;
2505 dns_answer * dnsa = store_get_dns_answer();
2507 BOOL dnssec_require = dnssec_d
2508 && match_isinlist(host->name, CUSS &dnssec_d->require,
2509 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
2510 BOOL dnssec_request = dnssec_require
2512 && match_isinlist(host->name, CUSS &dnssec_d->request,
2513 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
2514 dnssec_status_t dnssec;
2516 /* Set the default fully qualified name to the incoming name, initialize the
2517 resolver if necessary, set up the relevant options, and initialize the flag
2518 that gets set for DNS syntax check errors. */
2520 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2521 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2522 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
2524 f.host_find_failed_syntax = FALSE;
2526 /* First, if requested, look for SRV records. The service name is given; we
2527 assume TCP protocol. DNS domain names are constrained to a maximum of 256
2528 characters, so the code below should be safe. */
2530 if (whichrrs & HOST_FIND_BY_SRV)
2533 uschar * temp_fully_qualified_name;
2536 g = string_fmt_append(NULL, "_%s._tcp.%n%.256s",
2537 srv_service, &prefix_length, host->name);
2538 temp_fully_qualified_name = string_from_gstring(g);
2541 /* Search for SRV records. If the fully qualified name is different to
2542 the input name, pass back the new original domain, without the prepended
2546 lookup_dnssec_authenticated = NULL;
2547 rc = dns_lookup_timerwrap(dnsa, temp_fully_qualified_name, ind_type,
2548 CUSS &temp_fully_qualified_name);
2551 if ((dnssec_request || dnssec_require)
2552 && !dns_is_secure(dnsa)
2554 debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
2558 if (dns_is_secure(dnsa))
2559 { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
2561 { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
2564 if (temp_fully_qualified_name != g->s && fully_qualified_name != NULL)
2565 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2567 /* On DNS failures, we give the "try again" error unless the domain is
2568 listed as one for which we continue. */
2570 if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(dnsa))
2572 log_write(L_host_lookup_failed, LOG_MAIN,
2573 "dnssec fail on SRV for %.256s", host->name);
2576 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2579 if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
2580 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2582 { yield = HOST_FIND_AGAIN; goto out; }
2583 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2584 "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
2588 /* If we did not find any SRV records, search the DNS for MX records, if
2589 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2590 domain, and there's no point in going on to look for address records with the
2591 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2592 records. On DNS failures, we give the "try again" error unless the domain is
2593 listed as one for which we continue. */
2595 if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
2599 lookup_dnssec_authenticated = NULL;
2600 rc = dns_lookup_timerwrap(dnsa, host->name, ind_type, fully_qualified_name);
2603 if ( (dnssec_request || dnssec_require)
2604 && !dns_is_secure(dnsa)
2606 debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
2609 if (dns_is_secure(dnsa))
2611 DEBUG(D_host_lookup) debug_printf("%s (MX resp) DNSSEC\n", host->name);
2612 dnssec = DS_YES; lookup_dnssec_authenticated = US"yes";
2616 dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
2622 yield = HOST_FIND_FAILED; goto out;
2625 if (!dnssec_require || dns_is_secure(dnsa))
2627 DEBUG(D_host_lookup)
2628 debug_printf("dnssec fail on MX for %.256s", host->name);
2630 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2631 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2632 { yield = HOST_FIND_SECURITY; goto out; }
2640 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2641 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2643 { yield = HOST_FIND_AGAIN; goto out; }
2644 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2645 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2650 /* If we haven't found anything yet, and we are requested to do so, try for an
2651 A or AAAA record. If we find it (or them) check to see that it isn't the local
2654 if (rc != DNS_SUCCEED)
2656 if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA)))
2658 DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n");
2659 yield = HOST_FIND_FAILED;
2663 last = host; /* End of local chainlet */
2665 host->port = PORT_NONE;
2666 host->dnssec = DS_UNK;
2667 lookup_dnssec_authenticated = NULL;
2668 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2669 fully_qualified_name, dnssec_request, dnssec_require, whichrrs);
2671 /* If one or more address records have been found, check that none of them
2672 are local. Since we know the host items all have their IP addresses
2673 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2674 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2675 because set_address_from_dns() removes them. */
2677 if (rc == HOST_FOUND)
2678 rc = host_scan_for_local_hosts(host, &last, removed);
2680 if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
2682 DEBUG(D_host_lookup)
2685 if (fully_qualified_name)
2686 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2687 for (host_item * h = host; h != last->next; h = h->next)
2688 debug_printf("%s %s mx=%d sort=%d %s\n", h->name,
2689 h->address ? h->address : US"<null>", h->mx, h->sort_key,
2690 h->status >= hstatus_unusable ? US"*" : US"");
2697 /* We have found one or more MX or SRV records. Sort them according to
2698 precedence. Put the data for the first one into the existing host block, and
2699 insert new host_item blocks into the chain for the remainder. For equal
2700 precedences one is supposed to randomize the order. To make this happen, the
2701 sorting is actually done on the MX value * 1000 + a random number. This is put
2702 into a host field called sort_key.
2704 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2705 IPv6 address in preference. At this stage, we don't know what kind of address
2706 the host has. We choose a random number < 500; if later we find an A record
2707 first, we add 500 to the random number. Then for any other address records, we
2708 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2711 At this point we remove any duplicates that point to the same host, retaining
2712 only the one with the lowest precedence. We cannot yet check for precedence
2713 greater than that of the local host, because that test cannot be properly done
2714 until the addresses have been found - an MX record may point to a name for this
2715 host which is not the primary hostname. */
2717 last = NULL; /* Indicates that not even the first item is filled yet */
2719 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2721 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type)
2723 int precedence, weight;
2724 int port = PORT_NONE;
2725 const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
2728 if (rr_bad_size(rr, sizeof(uint16_t))) continue;
2729 GETSHORT(precedence, s); /* Pointer s is advanced */
2731 /* For MX records, we use a random "weight" which causes multiple records of
2732 the same precedence to sort randomly. */
2734 if (ind_type == T_MX)
2735 weight = random_number(500);
2738 /* SRV records are specified with a port and a weight. The weight is used
2739 in a special algorithm. However, to start with, we just use it to order the
2740 records of equal priority (precedence). */
2742 if (rr_bad_increment(rr, s, 2 * sizeof(uint16_t))) continue;
2743 GETSHORT(weight, s);
2747 /* Get the name of the host pointed to. */
2749 (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
2750 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2752 /* Check that we haven't already got this host on the chain; if we have,
2753 keep only the lower precedence. This situation shouldn't occur, but you
2754 never know what junk might get into the DNS (and this case has been seen on
2755 more than one occasion). */
2757 if (last) /* This is not the first record */
2759 host_item *prev = NULL;
2761 for (h = host; h != last->next; prev = h, h = h->next)
2762 if (strcmpic(h->name, data) == 0)
2764 DEBUG(D_host_lookup)
2765 debug_printf("discarded duplicate host %s (MX=%d)\n", data,
2766 precedence > h->mx ? precedence : h->mx);
2767 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2768 if (h == host) /* Override first item */
2771 host->sort_key = precedence * 1000 + weight;
2775 /* Unwanted host item is not the first in the chain, so we can get
2776 get rid of it by cutting it out. */
2778 prev->next = h->next;
2779 if (h == last) last = prev;
2784 /* If this is the first MX or SRV record, put the data into the existing host
2785 block. Otherwise, add a new block in the correct place; if it has to be
2786 before the first block, copy the first block's data to a new second block. */
2790 host->name = string_copy_dnsdomain(data);
2791 host->address = NULL;
2793 host->mx = precedence;
2794 host->sort_key = precedence * 1000 + weight;
2795 host->status = hstatus_unknown;
2796 host->why = hwhy_unknown;
2797 host->dnssec = dnssec;
2802 /* Make a new host item and seek the correct insertion place */
2804 int sort_key = precedence * 1000 + weight;
2805 host_item * next = store_get(sizeof(host_item), GET_UNTAINTED);
2806 next->name = string_copy_dnsdomain(data);
2807 next->address = NULL;
2809 next->mx = precedence;
2810 next->sort_key = sort_key;
2811 next->status = hstatus_unknown;
2812 next->why = hwhy_unknown;
2813 next->dnssec = dnssec;
2816 /* Handle the case when we have to insert before the first item. */
2818 if (sort_key < host->sort_key)
2825 if (last == host) last = next;
2829 /* Else scan down the items we have inserted as part of this exercise;
2830 don't go further. */
2832 for (h = host; h != last; h = h->next)
2833 if (sort_key < h->next->sort_key)
2835 next->next = h->next;
2840 /* Join on after the last host item that's part of this
2841 processing if we haven't stopped sooner. */
2845 next->next = last->next;
2852 NEXT_MX_RR: continue;
2855 if (!last) /* No rr of correct type; give up */
2857 yield = HOST_FIND_FAILED;
2861 /* If the list of hosts was obtained from SRV records, there are two things to
2862 do. First, if there is only one host, and it's name is ".", it means there is
2863 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2864 priority according to their weights, using an algorithm that is defined in RFC
2865 2782. The hosts are currently sorted by priority and weight. For each priority
2866 group we have to pick off one host and put it first, and then repeat for any
2867 remaining in the same priority group. */
2869 if (ind_type == T_SRV)
2873 if (host == last && host->name[0] == 0)
2875 DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n");
2876 yield = HOST_FIND_FAILED;
2880 DEBUG(D_host_lookup)
2882 debug_printf("original ordering of hosts from SRV records:\n");
2883 for (h = host; h != last->next; h = h->next)
2884 debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2887 for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
2892 /* Find the last following host that has the same precedence. At the same
2893 time, compute the sum of the weights and the running totals. These can be
2894 stored in the sort_key field. */
2896 for (hh = h; hh != last; hh = hh->next)
2898 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2901 if (hh->mx != hh->next->mx) break;
2904 /* If there's more than one host at this precedence (priority), we need to
2905 pick one to go first. */
2911 int randomizer = random_number(sum + 1);
2913 for (ppptr = pptr, hhh = h;
2915 ppptr = &hhh->next, hhh = hhh->next)
2916 if (hhh->sort_key >= randomizer)
2919 /* hhh now points to the host that should go first; ppptr points to the
2920 place that points to it. Unfortunately, if the start of the minilist is
2921 the start of the entire list, we can't just swap the items over, because
2922 we must not change the value of host, since it is passed in from outside.
2923 One day, this could perhaps be changed.
2925 The special case is fudged by putting the new item *second* in the chain,
2926 and then transferring the data between the first and second items. We
2927 can't just swap the first and the chosen item, because that would mean
2928 that an item with zero weight might no longer be first. */
2932 *ppptr = hhh->next; /* Cuts it out of the chain */
2936 host_item temp = *h;
2939 hhh->next = temp.next;
2944 hhh->next = h; /* The rest of the chain follows it */
2945 *pptr = hhh; /* It takes the place of h */
2946 h = hhh; /* It's now the start of this minilist */
2951 /* A host has been chosen to be first at this priority and h now points
2952 to this host. There may be others at the same priority, or others at a
2953 different priority. Before we leave this host, we need to put back a sort
2954 key of the traditional MX kind, in case this host is multihomed, because
2955 the sort key is used for ordering the multiple IP addresses. We do not need
2956 to ensure that these new sort keys actually reflect the order of the hosts,
2959 h->sort_key = h->mx * 1000 + random_number(500);
2960 } /* Move on to the next host */
2963 /* Now we have to find IP addresses for all the hosts. We have ensured above
2964 that the names in all the host items are unique. Before release 4.61 we used to
2965 process records from the additional section in the DNS packet that returned the
2966 MX or SRV records. However, a DNS name server is free to drop any resource
2967 records from the additional section. In theory, this has always been a
2968 potential problem, but it is exacerbated by the advent of IPv6. If a host had
2969 several IPv4 addresses and some were not in the additional section, at least
2970 Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
2971 and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
2972 connection, and never try an IPv4 address. When there was only IPv4
2973 connectivity, this was a disaster that did in practice occur.
2975 So, from release 4.61 onwards, we always search for A and AAAA records
2976 explicitly. The names shouldn't point to CNAMES, but we use the general lookup
2977 function that handles them, just in case. If any lookup gives a soft error,
2978 change the default yield.
2980 For these DNS lookups, we must disable qualify_single and search_parents;
2981 otherwise invalid host names obtained from MX or SRV records can cause trouble
2982 if they happen to match something local. */
2984 yield = HOST_FIND_FAILED; /* Default yield */
2985 dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */
2986 dnssec_request || dnssec_require);
2988 for (h = host; h != last->next; h = h->next)
2990 if (h->address) continue; /* Inserted by a multihomed host */
2992 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
2993 NULL, dnssec_request, dnssec_require,
2994 whichrrs & HOST_FIND_IPV4_ONLY
2995 ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA);
2996 if (rc != HOST_FOUND)
2998 h->status = hstatus_unusable;
3001 case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break;
3002 case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break;
3003 case HOST_IGNORED: h->why = hwhy_ignored; break;
3004 default: h->why = hwhy_failed; break;
3009 /* Scan the list for any hosts that are marked unusable because they have
3010 been explicitly ignored, and remove them from the list, as if they did not
3011 exist. If we end up with just a single, ignored host, flatten its fields as if
3012 nothing was found. */
3014 if (ignore_target_hosts)
3016 host_item *prev = NULL;
3017 for (h = host; h != last->next; h = h->next)
3020 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3022 else if (prev == NULL) /* First host is ignored */
3024 if (h != last) /* First is not last */
3026 if (h->next == last) last = h; /* Overwrite it with next */
3027 *h = *(h->next); /* and reprocess it. */
3028 goto REDO; /* C should have redo, like Perl */
3031 else /* Ignored host is not first - */
3033 prev->next = h->next;
3034 if (h == last) last = prev;
3038 if (host->why == hwhy_ignored) host->address = NULL;
3041 /* There is still one complication in the case of IPv6. Although the code above
3042 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3043 hosts, it doesn't do this for addresses that apply to different hosts with the
3044 same MX precedence, because the sorting on MX precedence happens first. So we
3045 have to make another pass to check for this case. We ensure that, within a
3046 single MX preference value, IPv6 addresses come first. This can separate the
3047 addresses of a multihomed host, but that should not matter. */
3050 if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
3053 host_item *next = h->next;
3055 if ( h->mx != next->mx /* If next is different MX */
3056 || !h->address /* OR this one is unset */
3058 continue; /* move on to next */
3060 if ( whichrrs & HOST_FIND_IPV4_FIRST
3061 ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */
3063 && Ustrchr(next->address, ':') /* OR next is IPv6 */
3065 : Ustrchr(h->address, ':') /* OR this one is IPv6 */
3067 && !Ustrchr(next->address, ':') /* OR next is IPv4 */
3069 continue; /* move on to next */
3071 temp = *h; /* otherwise, swap */
3072 temp.next = next->next;
3079 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3080 whose IP addresses are on the local host. If any are found, all hosts with the
3081 same or higher MX values are removed. However, if the local host has the lowest
3082 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3083 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3084 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3085 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3086 be HOST_FIND_FAILED. */
3088 host_remove_duplicates(host, &last);
3089 rc = host_scan_for_local_hosts(host, &last, removed);
3090 if (rc != HOST_FIND_FAILED) yield = rc;
3092 DEBUG(D_host_lookup)
3094 if (fully_qualified_name)
3095 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
3096 debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
3097 yield == HOST_FOUND ? "HOST_FOUND" :
3098 yield == HOST_FOUND_LOCAL ? "HOST_FOUND_LOCAL" :
3099 yield == HOST_FIND_SECURITY ? "HOST_FIND_SECURITY" :
3100 yield == HOST_FIND_AGAIN ? "HOST_FIND_AGAIN" :
3101 yield == HOST_FIND_FAILED ? "HOST_FIND_FAILED" : "?",
3103 for (h = host; h != last->next; h = h->next)
3105 debug_printf(" %s %s MX=%d %s", h->name,
3106 !h->address ? US"<null>" : h->address, h->mx,
3107 h->dnssec == DS_YES ? US"DNSSEC " : US"");
3108 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3109 if (h->status >= hstatus_unusable) debug_printf("*");
3116 dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
3117 store_free_dns_answer(dnsa);
3125 /* Lookup TLSA record for host/port.
3126 Return: OK success with dnssec; DANE mode
3127 DEFER Do not use this host now, may retry later
3128 FAIL_FORCED No TLSA record; DANE not usable
3129 FAIL Do not use this connection
3133 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
3136 const uschar * fullname = buffer;
3140 /* TLSA lookup string */
3141 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
3143 rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
3144 sec = dns_is_secure(dnsa);
3146 debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
3151 return DEFER; /* just defer this TLS'd conn */
3159 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
3160 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
3161 if (rr->type == T_TLSA && rr->size > 3)
3163 uint16_t payload_length = rr->size - 3;
3164 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
3166 sp += sprintf(CS sp, "%d ", *p++); /* usage */
3167 sp += sprintf(CS sp, "%d ", *p++); /* selector */
3168 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
3169 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
3170 sp += sprintf(CS sp, "%02x", *p++);
3172 debug_printf(" %s\n", s);
3177 log_write(0, LOG_MAIN,
3178 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
3181 case DNS_NODATA: /* no TLSA RR for this lookup */
3182 case DNS_NOMATCH: /* no records at all for this lookup */
3183 return dane_required ? FAIL : FAIL_FORCED;
3187 return dane_required ? FAIL : DEFER;
3190 #endif /*SUPPORT_DANE*/
3194 /*************************************************
3195 **************************************************
3196 * Stand-alone test program *
3197 **************************************************
3198 *************************************************/
3202 int main(int argc, char **cargv)
3205 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3206 BOOL byname = FALSE;
3207 BOOL qualify_single = TRUE;
3208 BOOL search_parents = FALSE;
3209 BOOL request_dnssec = FALSE;
3210 BOOL require_dnssec = FALSE;
3211 uschar **argv = USS cargv;
3214 disable_ipv6 = FALSE;
3215 primary_hostname = US"";
3217 store_pool = POOL_MAIN;
3218 debug_selector = D_host_lookup|D_interface;
3219 debug_file = stdout;
3220 debug_fd = fileno(debug_file);
3222 printf("Exim stand-alone host functions test\n");
3224 host_find_interfaces();
3225 debug_selector = D_host_lookup | D_dns;
3227 if (argc > 1) primary_hostname = argv[1];
3229 /* So that debug level changes can be done first */
3231 dns_init(qualify_single, search_parents, FALSE);
3233 printf("Testing host lookup\n");
3235 while (Ufgets(buffer, 256, stdin) != NULL)
3238 int len = Ustrlen(buffer);
3239 uschar *fully_qualified_name;
3241 while (len > 0 && isspace(buffer[len-1])) len--;
3244 if (Ustrcmp(buffer, "q") == 0) break;
3246 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3247 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3248 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3249 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3250 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3251 else if (Ustrcmp(buffer, "srv+a") == 0)
3252 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3253 else if (Ustrcmp(buffer, "srv+mx") == 0)
3254 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3255 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3256 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3257 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3258 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3259 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3260 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3261 else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
3262 else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
3263 else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
3264 else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
3265 else if (Ustrcmp(buffer, "test_harness") == 0)
3266 f.running_in_test_harness = !f.running_in_test_harness;
3267 else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
3268 else if (Ustrcmp(buffer, "res_debug") == 0)
3270 _res.options ^= RES_DEBUG;
3272 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3274 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3275 _res.retrans = dns_retrans;
3277 else if (Ustrncmp(buffer, "retry", 5) == 0)
3279 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3280 _res.retry = dns_retry;
3284 int flags = whichrrs;
3291 h.status = hstatus_unknown;
3292 h.why = hwhy_unknown;
3295 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3296 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3298 d.request = request_dnssec ? &h.name : NULL;
3299 d.require = require_dnssec ? &h.name : NULL;
3302 ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
3303 : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3304 &d, &fully_qualified_name, NULL);
3308 case HOST_FIND_FAILED: printf("Failed\n"); break;
3309 case HOST_FIND_AGAIN: printf("Again\n"); break;
3310 case HOST_FIND_SECURITY: printf("Security\n"); break;
3311 case HOST_FOUND_LOCAL: printf("Local\n"); break;
3318 printf("Testing host_aton\n");
3320 while (Ufgets(buffer, 256, stdin) != NULL)
3323 int len = Ustrlen(buffer);
3325 while (len > 0 && isspace(buffer[len-1])) len--;
3328 if (Ustrcmp(buffer, "q") == 0) break;
3330 len = host_aton(buffer, x);
3331 printf("length = %d ", len);
3332 for (int i = 0; i < len; i++)
3334 printf("%04x ", (x[i] >> 16) & 0xffff);
3335 printf("%04x ", x[i] & 0xffff);
3342 printf("Testing host_name_lookup\n");
3344 while (Ufgets(buffer, 256, stdin) != NULL)
3346 int len = Ustrlen(buffer);
3347 while (len > 0 && isspace(buffer[len-1])) len--;
3349 if (Ustrcmp(buffer, "q") == 0) break;
3350 sender_host_address = buffer;
3351 sender_host_name = NULL;
3352 sender_host_aliases = NULL;
3353 host_lookup_msg = US"";
3354 host_lookup_failed = FALSE;
3355 if (host_name_lookup() == FAIL) /* Debug causes printing */
3356 printf("Lookup failed:%s\n", host_lookup_msg);
3364 #endif /* STAND_ALONE */