1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2024 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
10 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
11 directly via the DNS. When IPv6 is supported, getipnodebyname() and
12 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
13 if the newer functions are available. This module also contains various other
14 functions concerned with hosts and addresses, and a random number function,
15 used for randomizing hosts with equal MXs but available for use in other parts
22 /* Static variable for preserving the list of interface addresses in case it is
23 used more than once. */
25 static ip_address_item *local_interface_data = NULL;
28 #ifdef USE_INET_NTOA_FIX
29 /*************************************************
30 * Replacement for broken inet_ntoa() *
31 *************************************************/
33 /* On IRIX systems, gcc uses a different structure passing convention to the
34 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
35 255.255.255.255. To get round this, we provide a private version of the
36 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
37 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
41 as seen in comp.sys.sgi.admin
43 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
44 should now be set for them as well.
46 Arguments: sa an in_addr structure
47 Returns: pointer to static text string
51 inet_ntoa(struct in_addr sa)
53 static uschar addr[20];
54 sprintf(addr, "%d.%d.%d.%d",
65 /*************************************************
66 * Random number generator *
67 *************************************************/
69 /* This is a simple pseudo-random number generator. It does not have to be
70 very good for the uses to which it is put. When running the regression tests,
71 start with a fixed seed.
73 If you need better, see vaguely_random_number() which is potentially stronger,
74 if a crypto library is available, but might end up just calling this instead.
77 limit: one more than the largest number required
79 Returns: a pseudo-random number in the range 0 to limit-1
83 random_number(int limit)
88 if (f.running_in_test_harness)
92 int p = (int)getpid();
93 random_seed = (int)time(NULL) ^ ((p << 16) | p);
95 random_seed = 1103515245 * random_seed + 12345;
96 return (unsigned int)(random_seed >> 16) % limit;
99 /*************************************************
100 * Wrappers for logging lookup times *
101 *************************************************/
103 /* When the 'slow_lookup_log' variable is enabled, these wrappers will
104 write to the log file all (potential) dns lookups that take more than
105 slow_lookup_log milliseconds
109 log_long_lookup(const uschar * type, const uschar * data, unsigned long msec)
111 log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec",
116 /* returns the current system epoch time in milliseconds. */
120 struct timeval tmp_time;
121 unsigned long seconds, microseconds;
123 gettimeofday(&tmp_time, NULL);
124 seconds = (unsigned long) tmp_time.tv_sec;
125 microseconds = (unsigned long) tmp_time.tv_usec;
126 return seconds*1000 + microseconds/1000;
131 dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type,
132 const uschar **fully_qualified_name)
135 unsigned long time_msec;
137 if (!slow_lookup_log)
138 return dns_lookup(dnsa, name, type, fully_qualified_name);
140 time_msec = get_time_in_ms();
141 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
142 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
143 log_long_lookup(dns_text_type(type), name, time_msec);
148 /*************************************************
149 * Replace gethostbyname() when testing *
150 *************************************************/
152 /* This function is called instead of gethostbyname(), gethostbyname2(), or
153 getipnodebyname() when running in the test harness. . It also
154 recognizes an unqualified "localhost" and forces it to the appropriate loopback
155 address. IP addresses are treated as literals. For other names, it uses the DNS
156 to find the host name. In the test harness, this means it will access only the
160 name the host name or a textual IP address
161 af AF_INET or AF_INET6
162 error_num where to put an error code:
163 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
165 Returns: a hostent structure or NULL for an error
168 static struct hostent *
169 host_fake_gethostbyname(const uschar *name, int af, int *error_num)
172 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
174 int alen = sizeof(struct in_addr);
178 const uschar *lname = name;
181 struct hostent *yield;
182 dns_answer * dnsa = store_get_dns_answer();
186 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
187 af == AF_INET ? "IPv4" : "IPv6");
189 /* Handle unqualified "localhost" */
191 if (Ustrcmp(name, "localhost") == 0)
192 lname = af == AF_INET ? US"127.0.0.1" : US"::1";
194 /* Handle a literal IP address */
196 if ((ipa = string_is_ip_address(lname, NULL)) != 0)
197 if ( ipa == 4 && af == AF_INET
198 || ipa == 6 && af == AF_INET6)
201 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
202 alist = store_get(2 * sizeof(char *), GET_UNTAINTED);
203 adds = store_get(alen, GET_UNTAINTED);
204 yield->h_name = CS name;
205 yield->h_aliases = NULL;
206 yield->h_addrtype = af;
207 yield->h_length = alen;
208 yield->h_addr_list = CSS alist;
210 for (int n = host_aton(lname, x), i = 0; i < n; i++)
213 *adds++ = (y >> 24) & 255;
214 *adds++ = (y >> 16) & 255;
215 *adds++ = (y >> 8) & 255;
221 /* Wrong kind of literal address */
225 *error_num = HOST_NOT_FOUND;
230 /* Handle a host name */
234 int type = af == AF_INET ? T_A:T_AAAA;
235 int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
238 lookup_dnssec_authenticated = NULL;
242 case DNS_SUCCEED: break;
243 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out;
244 case DNS_NODATA: *error_num = NO_DATA; yield = NULL; goto out;
245 case DNS_AGAIN: *error_num = TRY_AGAIN; yield = NULL; goto out;
247 case DNS_FAIL: *error_num = NO_RECOVERY; yield = NULL; goto out;
250 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
252 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
255 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
256 alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED);
257 adds = store_get(count *alen, GET_UNTAINTED);
259 yield->h_name = CS name;
260 yield->h_aliases = NULL;
261 yield->h_addrtype = af;
262 yield->h_length = alen;
263 yield->h_addr_list = CSS alist;
265 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
267 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
271 if (!(da = dns_address_from_rr(dnsa, rr))) break;
273 for (int n = host_aton(da->address, x), i = 0; i < n; i++)
276 *adds++ = (y >> 24) & 255;
277 *adds++ = (y >> 16) & 255;
278 *adds++ = (y >> 8) & 255;
287 store_free_dns_answer(dnsa);
293 /*************************************************
294 * Build chain of host items from list *
295 *************************************************/
297 /* This function builds a chain of host items from a textual list of host
298 names. It does not do any lookups. If randomize is true, the chain is build in
299 a randomized order. There may be multiple groups of independently randomized
300 hosts; they are delimited by a host name consisting of just "+".
303 anchor anchor for the chain
305 randomize TRUE for randomizing
311 host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize)
314 int fake_mx = MX_NONE; /* This value is actually -1 */
318 if (randomize) fake_mx--; /* Start at -2 for randomizing */
322 while ((name = string_nextinlist(&list, &sep, NULL, 0)))
326 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
327 { /* ignore if not randomizing */
328 if (randomize) fake_mx--;
332 h = store_get(sizeof(host_item), GET_UNTAINTED);
337 h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0;
338 h->status = hstatus_unknown;
339 h->why = hwhy_unknown;
349 host_item *hh = *anchor;
350 if (h->sort_key < hh->sort_key)
357 while (hh->next && h->sort_key >= hh->next->sort_key)
367 /*************************************************
368 * Get port from a host item's name *
369 *************************************************/
371 /* This function is called when finding the IP address for a host that is in a
372 list of hosts explicitly configured, such as in the manualroute router, or in a
373 fallback hosts list. We see if there is a port specification at the end of the
374 host name, and if so, remove it. A minimum length of 3 is required for the
375 original name; nothing shorter is recognized as having a port.
377 We test for a name ending with a sequence of digits; if preceded by colon we
378 have a port if the character before the colon is ] and the name starts with [
379 or if there are no other colons in the name (i.e. it's not an IPv6 address).
381 Arguments: pointer to the host item
382 Returns: a port number or PORT_NONE
386 host_item_get_port(host_item *h)
390 int len = Ustrlen(h->name);
392 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
394 /* Extract potential port number */
399 while (p > h->name + 1 && isdigit(*p))
401 port += (*p-- - '0') * x;
405 /* The smallest value of p at this point is h->name + 1. */
407 if (*p != ':') return PORT_NONE;
409 if (p[-1] == ']' && h->name[0] == '[')
410 h->name = string_copyn(h->name + 1, p - h->name - 2);
411 else if (Ustrchr(h->name, ':') == p)
412 h->name = string_copyn(h->name, p - h->name);
413 else return PORT_NONE;
415 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
421 #ifndef STAND_ALONE /* Omit when standalone testing */
423 /*************************************************
424 * Build sender_fullhost and sender_rcvhost *
425 *************************************************/
427 /* This function is called when sender_host_name and/or sender_helo_name
428 have been set. Or might have been set - for a local message read off the spool
429 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
432 (a) No sender_host_name or sender_helo_name: "[ip address]"
433 (b) Just sender_host_name: "host_name [ip address]"
434 (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
435 in which case: "[ip address}"
436 (d) The two are identical: "host_name [ip address]" includes helo = IP
437 (e) The two are different: "host_name (helo_name) [ip address]"
439 If log_incoming_port is set, the sending host's port number is added to the IP
442 This function also builds sender_rcvhost for use in Received: lines, whose
443 syntax is a bit different. This value also includes the RFC 1413 identity.
444 There wouldn't be two different variables if I had got all this right in the
447 Because this data may survive over more than one incoming SMTP message, it has
448 to be in permanent store. However, STARTTLS has to be forgotten and redone
449 on a multi-message conn, so this will be called once per message then. Hence
450 we use malloc, so we can free.
457 host_build_sender_fullhost(void)
459 BOOL show_helo = TRUE;
460 uschar * address, * fullhost, * rcvhost;
464 if (!sender_host_address) return;
466 reset_point = store_mark();
468 /* Set up address, with or without the port. After discussion, it seems that
469 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
470 use this directly as the first item for Received: because it ain't an RFC 2822
473 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
474 if (!LOGGING(incoming_port) || sender_host_port <= 0)
475 *(Ustrrchr(address, ':')) = 0;
477 /* If there's no EHLO/HELO data, we can't show it. */
479 if (!sender_helo_name) show_helo = FALSE;
481 /* If HELO/EHLO was followed by an IP literal, it's messy because of two
482 features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
483 doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
484 be given in canonical form, so we have to canonicalize them before comparing. As
485 it happens, the code works for both IPv4 and IPv6. */
487 else if (sender_helo_name[0] == '[' &&
488 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
493 if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
494 if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
496 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
498 if (string_is_ip_address(helo_ip, NULL) != 0)
502 uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
504 sizex = host_aton(helo_ip, x);
505 sizey = host_aton(sender_host_address, y);
507 (void)host_nmtoa(sizex, x, -1, ipx, ':');
508 (void)host_nmtoa(sizey, y, -1, ipy, ':');
510 if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
514 /* Host name is not verified */
516 if (!sender_host_name)
518 uschar *portptr = Ustrstr(address, "]:");
520 int adlen; /* Sun compiler doesn't like ++ in initializers */
522 adlen = portptr ? (++portptr - address) : Ustrlen(address);
523 fullhost = sender_helo_name
524 ? string_sprintf("(%s) %s", sender_helo_name, address)
527 g = string_catn(NULL, address, adlen);
529 if (sender_ident || show_helo || portptr)
532 g = string_catn(g, US" (", 2);
536 g = string_append(g, 2, US"port=", portptr + 1);
539 g = string_append(g, 2,
540 firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name);
543 g = string_append(g, 2,
544 firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident);
546 g = string_catn(g, US")", 1);
549 rcvhost = string_from_gstring(g);
552 /* Host name is known and verified. Unless we've already found that the HELO
553 data matches the IP address, compare it with the name. */
557 if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
562 fullhost = string_sprintf("%s (%s) %s", sender_host_name,
563 sender_helo_name, address);
564 rcvhost = sender_ident
565 ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
566 address, sender_helo_name, sender_ident)
567 : string_sprintf("%s (%s helo=%s)", sender_host_name,
568 address, sender_helo_name);
572 fullhost = string_sprintf("%s %s", sender_host_name, address);
573 rcvhost = sender_ident
574 ? string_sprintf("%s (%s ident=%s)", sender_host_name, address,
576 : string_sprintf("%s (%s)", sender_host_name, address);
580 sender_fullhost = string_copy_perm(fullhost, TRUE);
581 sender_rcvhost = string_copy_perm(rcvhost, TRUE);
583 store_reset(reset_point);
585 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
586 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
591 /*************************************************
592 * Build host+ident message *
593 *************************************************/
595 /* Used when logging rejections and various ACL and SMTP incidents. The text
596 return depends on whether sender_fullhost and sender_ident are set or not:
598 no ident, no host => U=unknown
599 no ident, host set => H=sender_fullhost
600 ident set, no host => U=ident
601 ident set, host set => H=sender_fullhost U=ident
604 useflag TRUE if first item to be flagged (H= or U=); if there are two
605 items, the second is always flagged
607 Returns: pointer to an allocated string
611 host_and_ident(BOOL useflag)
615 if (!sender_fullhost)
618 g = string_catn(g, US"U=", 2);
619 g = string_cat(g, sender_ident ? sender_ident : US"unknown");
624 g = string_catn(g, US"H=", 2);
625 g = string_cat(g, sender_fullhost);
626 if (LOGGING(incoming_interface) && interface_address)
627 g = string_fmt_append(g, " I=[%s]:%d", interface_address, interface_port);
629 g = string_fmt_append(g, " U=%s", sender_ident);
631 if (LOGGING(connection_id))
632 g = string_fmt_append(g, " Ci=%lu", connection_id);
633 gstring_release_unused(g);
634 return string_from_gstring(g);
637 #endif /* STAND_ALONE */
642 /*************************************************
643 * Build list of local interfaces *
644 *************************************************/
646 /* This function interprets the contents of the local_interfaces or
647 extra_local_interfaces options, and creates an ip_address_item block for each
648 item on the list. There is no special interpretation of any IP addresses; in
649 particular, 0.0.0.0 and ::0 are returned without modification. If any address
650 includes a port, it is set in the block. Otherwise the port value is set to
655 name the name of the option being expanded
657 Returns: a chain of ip_address_items, each containing to a textual
658 version of an IP address, and a port number (host order) or
659 zero if no port was given with the address
663 host_build_ifacelist(const uschar *list, uschar *name)
667 ip_address_item * yield = NULL, * last = NULL, * next;
669 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
672 int port = host_address_extract_port(s); /* Leaves just the IP address */
674 if (!(ipv = string_is_ip_address(s, NULL)))
675 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
678 /* Skip IPv6 addresses if IPv6 is disabled. */
680 if (disable_ipv6 && ipv == 6) continue;
682 /* This use of strcpy() is OK because we have checked that s is a valid IP
683 address above. The field in the ip_address_item is large enough to hold an
686 next = store_get(sizeof(ip_address_item), list);
688 Ustrcpy(next->address, s);
690 next->v6_include_v4 = FALSE;
709 /*************************************************
710 * Find addresses on local interfaces *
711 *************************************************/
713 /* This function finds the addresses of local IP interfaces. These are used
714 when testing for routing to the local host. As the function may be called more
715 than once, the list is preserved in permanent store, pointed to by a static
716 variable, to save doing the work more than once per process.
718 The generic list of interfaces is obtained by calling host_build_ifacelist()
719 for local_interfaces and extra_local_interfaces. This list scanned to remove
720 duplicates (which may exist with different ports - not relevant here). If
721 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
722 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
723 obtained from os_find_running_interfaces().
726 Returns: a chain of ip_address_items, each containing to a textual
727 version of an IP address; the port numbers are not relevant
731 /* First, a local subfunction to add an interface to a list in permanent store,
732 but only if there isn't a previous copy of that address on the list. */
734 static ip_address_item *
735 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
737 ip_address_item *ipa2;
738 for (ipa2 = list; ipa2; ipa2 = ipa2->next)
739 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
740 ipa2 = store_get_perm(sizeof(ip_address_item), FALSE);
747 /* This is the globally visible function */
750 host_find_interfaces(void)
752 ip_address_item *running_interfaces = NULL;
754 if (!local_interface_data)
756 void *reset_item = store_mark();
757 ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,
758 US"local_interfaces");
759 ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces,
760 US"extra_local_interfaces");
761 ip_address_item *ipa;
763 if (!dlist) dlist = xlist;
766 for (ipa = dlist; ipa->next; ipa = ipa->next) ;
770 for (ipa = dlist; ipa; ipa = ipa->next)
772 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
773 Ustrcmp(ipa->address, "::0") == 0)
775 BOOL ipv6 = ipa->address[0] == ':';
776 if (!running_interfaces)
777 running_interfaces = os_find_running_interfaces();
778 for (ip_address_item * ipa2 = running_interfaces; ipa2; ipa2 = ipa2->next)
779 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
780 local_interface_data = add_unique_interface(local_interface_data,
785 local_interface_data = add_unique_interface(local_interface_data, ipa);
788 debug_printf("Configured local interface: address=%s", ipa->address);
789 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
794 store_reset(reset_item);
797 return local_interface_data;
804 /*************************************************
805 * Convert network IP address to text *
806 *************************************************/
808 /* Given an IPv4 or IPv6 address in binary, convert it to a text
809 string and return the result in a piece of new store. The address can
810 either be given directly, or passed over in a sockaddr structure. Note
811 that this isn't the converse of host_aton() because of byte ordering
812 differences. See host_nmtoa() below.
815 type if < 0 then arg points to a sockaddr, else
816 either AF_INET or AF_INET6
817 arg points to a sockaddr if type is < 0, or
818 points to an IPv4 address (32 bits), or
819 points to an IPv6 address (128 bits),
820 in both cases, in network byte order
821 buffer if NULL, the result is returned in gotten store;
822 else points to a buffer to hold the answer
823 portptr points to where to put the port number, if non NULL; only
826 Returns: pointer to character string
830 host_ntoa(int type, const void * arg, uschar * buffer, int * portptr)
834 /* The new world. It is annoying that we have to fish out the address from
835 different places in the block, depending on what kind of address it is. It
836 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
837 function inet_ntoa() returns just uschar *, and some picky compilers insist
838 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
841 uschar addr_buffer[46];
844 int family = ((struct sockaddr *)arg)->sa_family;
845 if (family == AF_INET6)
847 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
848 yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
849 sizeof(addr_buffer));
850 if (portptr) *portptr = ntohs(sk->sin6_port);
854 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
855 yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
856 sizeof(addr_buffer));
857 if (portptr) *portptr = ntohs(sk->sin_port);
862 yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
865 /* If the result is a mapped IPv4 address, show it in V4 format. */
867 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
869 #else /* HAVE_IPV6 */
875 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
876 if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
879 yield = US inet_ntoa(*((struct in_addr *)arg));
882 /* If there is no buffer, put the string into some new store. */
884 if (!buffer) buffer = store_get(46, GET_UNTAINTED);
886 /* Callers of this function with a non-NULL buffer must ensure that it is
887 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
888 makes this use of strcpy() OK.
889 If the library returned apparently an apparently tainted string, clean it;
890 we trust IP addresses. */
892 string_format_nt(buffer, 46, "%s", yield);
899 /*************************************************
900 * Convert address text to binary *
901 *************************************************/
903 /* Given the textual form of an IP address, convert it to binary in an
904 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
905 The result has the first byte in the most significant byte of the first int. In
906 other words, the result is not in network byte order, but in host byte order.
907 As a result, this is not the converse of host_ntoa(), which expects network
908 byte order. See host_nmtoa() below.
911 address points to the textual address, checked for syntax
912 bin points to an array of 4 ints
914 Returns: the number of ints used
918 host_aton(const uschar * address, int * bin)
923 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
924 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
925 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
928 if (Ustrchr(address, ':') != NULL)
930 const uschar * p = address;
931 const uschar * component[8];
932 BOOL ipv4_ends = FALSE;
933 int ci = 0, nulloffset = 0, v6count = 8, i;
935 /* If the address starts with a colon, it will start with two colons.
936 Just lose the first one, which will leave a null first component. */
940 /* Split the address into components separated by colons. The input address
941 is supposed to be checked for syntax. There was a case where this was
942 overlooked; to guard against that happening again, check here and crash if
943 there are too many components. */
945 while (*p && *p != '%')
947 int len = Ustrcspn(p, ":%");
948 if (len == 0) nulloffset = ci;
949 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
950 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
957 /* If the final component contains a dot, it is a trailing v4 address.
958 As the syntax is known to be checked, just set up for a trailing
959 v4 address and restrict the v6 part to 6 components. */
961 if (Ustrchr(component[ci-1], '.') != NULL)
963 address = component[--ci];
969 /* If there are fewer than 6 or 8 components, we have to insert some
970 more empty ones in the middle. */
974 int insert_count = v6count - ci;
975 for (i = v6count-1; i > nulloffset + insert_count; i--)
976 component[i] = component[i - insert_count];
977 while (i > nulloffset) component[i--] = US"";
980 /* Now turn the components into binary in pairs and bung them
981 into the vector of ints. */
983 for (i = 0; i < v6count; i += 2)
984 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
985 Ustrtol(component[i+1], NULL, 16);
987 /* If there was no terminating v4 component, we are done. */
989 if (!ipv4_ends) return 4;
992 /* Handle IPv4 address */
994 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
995 bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
1000 /*************************************************
1001 * Apply mask to an IP address *
1002 *************************************************/
1004 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1008 count the number of ints
1009 binary points to the ints to be masked
1010 mask the count of ms bits to leave, or -1 if no masking
1016 host_mask(int count, int *binary, int mask)
1018 if (mask < 0) mask = 99999;
1019 for (int i = 0; i < count; i++)
1022 if (mask == 0) wordmask = 0;
1025 wordmask = (uint)(-1) << (32 - mask);
1033 binary[i] &= wordmask;
1040 /*************************************************
1041 * Convert masked IP address in ints to text *
1042 *************************************************/
1044 /* We can't use host_ntoa() because it assumes the binary values are in network
1045 byte order, and these are the result of host_aton(), which puts them in ints in
1046 host byte order. Also, we really want IPv6 addresses to be in a canonical
1047 format, so we output them with no abbreviation. In a number of cases we can't
1048 use the normal colon separator in them because it terminates keys in lsearch
1049 files, so we want to use dot instead. There's an argument that specifies what
1050 to use for IPv6 addresses.
1053 count 1 or 4 (number of ints)
1054 binary points to the ints
1055 mask mask value; if < 0 don't add to result
1056 buffer big enough to hold the result
1057 sep component separator character for IPv6 addresses
1059 Returns: the number of characters placed in buffer, not counting
1064 host_nmtoa(int count, const int * binary, int mask, uschar * buffer, int sep)
1066 uschar * tt = buffer;
1069 for (int j = binary[0], i = 24; i >= 0; i -= 8)
1070 tt += sprintf(CS tt, "%d.", (j >> i) & 255);
1072 for (int j, i = 0; i < 4; i++)
1075 tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1078 tt--; /* lose final separator */
1083 tt += sprintf(CS tt, "/%d", mask);
1089 /* Like host_nmtoa() but: ipv6-only, canonical output, no mask
1092 binary points to the ints
1093 buffer big enough to hold the result
1095 Returns: the number of characters placed in buffer, not counting
1100 ipv6_nmtoa(int * binary, uschar * buffer)
1103 uschar * c = buffer;
1104 uschar * d = NULL; /* shut insufficiently "clever" compiler up */
1106 for (i = 0; i < 4; i++)
1107 { /* expand to text */
1109 c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff);
1112 for (c = buffer, k = -1, i = 0; i < 8; i++)
1113 { /* find longest 0-group sequence */
1114 if (*c == '0') /* must be "0:" */
1118 while (c[2] == '0') i++, c += 2;
1121 k = i-j; /* length of sequence */
1122 d = s; /* start of sequence */
1125 while (*++c != ':') ;
1129 *--c = '\0'; /* drop trailing colon */
1131 /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */
1135 if (d == buffer) c--; /* need extra colon */
1136 *d++ = ':'; /* 1st 0 */
1137 while ((*d++ = *c++)) ;
1147 /*************************************************
1148 * Check port for tls_on_connect *
1149 *************************************************/
1151 /* This function checks whether a given incoming port is configured for tls-
1152 on-connect. It is called from the daemon and from inetd handling. If the global
1153 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1154 check the tls_on_connect_ports option for a list of ports.
1156 Argument: a port number
1157 Returns: TRUE or FALSE
1161 host_is_tls_on_connect_port(int port)
1164 const uschar * list = tls_in.on_connect_ports;
1166 if (tls_in.on_connect) return TRUE;
1168 for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
1169 if (Ustrtol(s, &end, 10) == port)
1177 /*************************************************
1178 * Check whether host is in a network *
1179 *************************************************/
1181 /* This function checks whether a given IP address matches a pattern that
1182 represents either a single host, or a network (using CIDR notation). The caller
1183 of this function must check the syntax of the arguments before calling it.
1186 host string representation of the ip-address to check
1187 net string representation of the network, with optional CIDR mask
1188 maskoffset offset to the / that introduces the mask in the key
1189 zero if there is no mask
1192 TRUE the host is inside the network
1193 FALSE the host is NOT inside the network
1197 host_is_in_net(const uschar *host, const uschar *net, int maskoffset)
1202 int size = host_aton(net, address);
1205 /* No mask => all bits to be checked */
1207 if (maskoffset == 0) mlen = 99999; /* Big number */
1208 else mlen = Uatoi(net + maskoffset + 1);
1210 /* Convert the incoming address to binary. */
1212 insize = host_aton(host, incoming);
1214 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1215 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1216 ::ffff:<v4address>, to IPv4 format. */
1218 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1219 incoming[2] == 0xffff)
1222 incoming[0] = incoming[3];
1225 /* No match if the sizes don't agree. */
1227 if (insize != size) return FALSE;
1229 /* Else do the masked comparison. */
1231 for (int i = 0; i < size; i++)
1234 if (mlen == 0) mask = 0;
1237 mask = (uint)(-1) << (32 - mlen);
1245 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1253 /*************************************************
1254 * Scan host list for local hosts *
1255 *************************************************/
1257 /* Scan through a chain of addresses and check whether any of them is the
1258 address of an interface on the local machine. If so, remove that address and
1259 any previous ones with the same MX value, and all subsequent ones (which will
1260 have greater or equal MX values) from the chain. Note: marking them as unusable
1261 is NOT the right thing to do because it causes the hosts not to be used for
1262 other domains, for which they may well be correct.
1264 The hosts may be part of a longer chain; we only process those between the
1265 initial pointer and the "last" pointer.
1267 There is also a list of "pseudo-local" host names which are checked against the
1268 host names. Any match causes that host item to be treated the same as one which
1269 matches a local IP address.
1271 If the very first host is a local host, then all MX records had a precedence
1272 greater than or equal to that of the local host. Either there's a problem in
1273 the DNS, or an apparently remote name turned out to be an abbreviation for the
1274 local host. Give a specific return code, and let the caller decide what to do.
1275 Otherwise, give a success code if at least one host address has been found.
1278 host pointer to the first host in the chain
1279 lastptr pointer to pointer to the last host in the chain (may be updated)
1280 removed if not NULL, set TRUE if some local addresses were removed
1284 HOST_FOUND if there is at least one host with an IP address on the chain
1285 and an MX value less than any MX value associated with the
1287 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1288 the host addresses were obtained from A records or
1289 gethostbyname(), the MX values are set to -1.
1290 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1294 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1296 int yield = HOST_FIND_FAILED;
1297 host_item *last = *lastptr;
1298 host_item *prev = NULL;
1301 if (removed) *removed = FALSE;
1303 if (!local_interface_data) local_interface_data = host_find_interfaces();
1305 for (h = host; h != last->next; h = h->next)
1308 if (hosts_treat_as_local)
1311 const uschar * save = deliver_domain;
1312 deliver_domain = h->name; /* set $domain */
1313 rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0,
1314 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1315 deliver_domain = save;
1316 if (rc == OK) goto FOUND_LOCAL;
1320 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1321 for 127.0.0.1 and refers to the local host. We therefore force it always to
1322 be treated as local. */
1326 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1327 for (ip_address_item * ip = local_interface_data; ip; ip = ip->next)
1328 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1329 yield = HOST_FOUND; /* At least one remote address has been found */
1332 /* Update prev to point to the last host item before any that have
1333 the same MX value as the one we have just considered. */
1335 if (!h->next || h->next->mx != h->mx)
1339 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1341 /* A host whose IP address matches a local IP address, or whose name matches
1342 something in hosts_treat_as_local has been found. */
1348 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1349 "local host has lowest MX\n" :
1350 "local host found for non-MX address\n");
1351 return HOST_FOUND_LOCAL;
1354 HDEBUG(D_host_lookup)
1356 debug_printf("local host in host list - removed hosts:\n");
1357 for (h = prev->next; h != last->next; h = h->next)
1358 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1361 if (removed) *removed = TRUE;
1362 prev->next = last->next;
1370 /*************************************************
1371 * Remove duplicate IPs in host list *
1372 *************************************************/
1374 /* You would think that administrators could set up their DNS records so that
1375 one ended up with a list of unique IP addresses after looking up A or MX
1376 records, but apparently duplication is common. So we scan such lists and
1377 remove the later duplicates. Note that we may get lists in which some host
1378 addresses are not set.
1381 host pointer to the first host in the chain
1382 lastptr pointer to pointer to the last host in the chain (may be updated)
1388 host_remove_duplicates(host_item *host, host_item **lastptr)
1390 while (host != *lastptr)
1392 if (host->address != NULL)
1394 host_item *h = host;
1395 while (h != *lastptr)
1397 if (h->next->address != NULL &&
1398 Ustrcmp(h->next->address, host->address) == 0)
1400 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1401 "removed\n", host->address, h->next->mx);
1402 if (h->next == *lastptr) *lastptr = h;
1403 h->next = h->next->next;
1408 /* If the last item was removed, host may have become == *lastptr */
1409 if (host != *lastptr) host = host->next;
1416 /*************************************************
1417 * Find sender host name by gethostbyaddr() *
1418 *************************************************/
1420 /* This used to be the only way it was done, but it turns out that not all
1421 systems give aliases for calls to gethostbyaddr() - or one of the modern
1422 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1423 but they can still exist. This function is now used only when a DNS lookup of
1424 the IP address fails, in order to give access to /etc/hosts.
1427 Returns: OK, DEFER, FAIL
1431 host_name_lookup_byaddr(void)
1433 struct hostent * hosts;
1434 struct in_addr addr;
1435 unsigned long time_msec = 0; /* init to quieten dumb static analysis */
1437 if (slow_lookup_log) time_msec = get_time_in_ms();
1439 /* Lookup on IPv6 system */
1442 if (Ustrchr(sender_host_address, ':') != NULL)
1444 struct in6_addr addr6;
1445 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1446 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1447 "IPv6 address", sender_host_address);
1448 #if HAVE_GETIPNODEBYADDR
1449 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1451 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1456 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1457 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1458 "IPv4 address", sender_host_address);
1459 #if HAVE_GETIPNODEBYADDR
1460 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1462 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1466 /* Do lookup on IPv4 system */
1469 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1470 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1473 if ( slow_lookup_log
1474 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
1476 log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
1478 /* Failed to look up the host. */
1482 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1484 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1487 /* It seems there are some records in the DNS that yield an empty name. We
1488 treat this as non-existent. In some operating systems, this is returned as an
1489 empty string; in others as a single dot. */
1491 if (!hosts->h_name || !hosts->h_name[0] || hosts->h_name[0] == '.')
1493 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1494 "treated as non-existent host name\n");
1498 /* Copy and lowercase the name, which is in static storage in many systems.
1499 Put it in permanent memory. */
1502 int old_pool = store_pool;
1503 store_pool = POOL_TAINT_PERM; /* names are tainted */
1505 sender_host_name = string_copylc(US hosts->h_name);
1507 /* If the host has aliases, build a copy of the alias list */
1509 if (hosts->h_aliases)
1511 int count = 1; /* need 1 more for terminating NULL */
1514 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
1515 store_pool = POOL_PERM;
1516 ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1517 store_pool = POOL_TAINT_PERM;
1519 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)
1520 *ptr++ = string_copylc(*aliases);
1523 store_pool = old_pool;
1531 /*************************************************
1532 * Find host name for incoming call *
1533 *************************************************/
1535 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1536 up a list of alias names, pointed to by sender_host_alias. The list is
1537 NULL-terminated. The incoming address is in sender_host_address, either in
1538 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1540 This function does a thorough check that the names it finds point back to the
1541 incoming IP address. Any that do not are discarded. Note that this is relied on
1542 by the ACL reverse_host_lookup check.
1544 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1545 this it not universally true. Also, for release 4.30, this function was changed
1546 to do a direct DNS lookup first, by default[1], because it turns out that that
1547 is the only guaranteed way to find all the aliases on some systems. My
1548 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1551 [1] The actual order is controlled by the host_lookup_order option.
1554 Returns: OK on success, the answer being placed in the global variable
1555 sender_host_name, with any aliases in a list hung off
1557 FAIL if no host name can be found
1558 DEFER if a temporary error was encountered
1560 The variable host_lookup_msg is set to an empty string on success, or to a
1561 reason for the failure otherwise, in a form suitable for tagging onto an error
1562 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1563 was a defer, host_lookup_deferred is set TRUE.
1565 Any dynamically constructed string for host_lookup_msg must be in permanent
1566 store, because it might be used for several incoming messages on the same SMTP
1570 host_name_lookup(void)
1572 int sep = 0, old_pool, rc, yield;
1573 uschar *save_hostname;
1576 const uschar *list = host_lookup_order;
1577 dns_answer * dnsa = store_get_dns_answer();
1580 sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
1582 HDEBUG(D_host_lookup)
1583 debug_printf("looking up host name for %s\n", sender_host_address);
1586 /* For testing the case when a lookup does not complete, we have a special
1587 reserved IP address. */
1589 if (f.running_in_test_harness &&
1590 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1592 HDEBUG(D_host_lookup)
1593 debug_printf("Test harness: host name lookup returns DEFER\n");
1594 host_lookup_deferred = TRUE;
1599 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1600 the order specified by the host_lookup_order option. */
1602 while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
1604 if (strcmpic(ordername, US"bydns") == 0)
1606 uschar * name = dns_build_reverse(sender_host_address);
1608 dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
1609 rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
1611 /* The first record we come across is used for the name; others are
1612 considered to be aliases. We have to scan twice, in order to find out the
1613 number of aliases. However, if all the names are empty, we will behave as
1614 if failure. (PTR records that yield empty names have been encountered in
1617 if (rc == DNS_SUCCEED)
1619 uschar **aptr = NULL;
1621 int count = 1; /* need 1 more for terminating NULL */
1622 int old_pool = store_pool;
1624 sender_host_dnssec = dns_is_secure(dnsa);
1626 debug_printf("Reverse DNS security status: %s\n",
1627 sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
1629 store_pool = POOL_PERM; /* Save names in permanent storage */
1631 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1633 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1636 /* Get store for the list of aliases. For compatibility with
1637 gethostbyaddr, we make an empty list if there are none. */
1639 aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1641 /* Re-scan and extract the names */
1643 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1645 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1647 uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */
1650 /* If an overlong response was received, the data will have been
1651 truncated and dn_expand may fail. */
1653 if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1654 US rr->data, (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1656 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1657 sender_host_address);
1661 store_release_above(s + (slen = Ustrlen(s)) + 1);
1664 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1665 "empty name: treated as non-existent host name\n");
1668 if (Ustrspn(s, letter_digit_hyphen_dot) != slen)
1670 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1671 "illegal name (bad char): treated as non-existent host name\n");
1674 if (!sender_host_name) sender_host_name = s;
1676 while (*s) { *s = tolower(*s); s++; }
1679 *aptr = NULL; /* End of alias list */
1680 store_pool = old_pool; /* Reset store pool */
1682 /* If we've found a name, break out of the "order" loop */
1684 if (sender_host_name) break;
1687 /* If the DNS lookup deferred, we must also defer. */
1689 if (rc == DNS_AGAIN)
1691 HDEBUG(D_host_lookup)
1692 debug_printf("IP address PTR lookup gave temporary error\n");
1693 host_lookup_deferred = TRUE;
1699 /* Do a lookup using gethostbyaddr() - or equivalent */
1701 else if (strcmpic(ordername, US"byaddr") == 0)
1703 HDEBUG(D_host_lookup)
1704 debug_printf("IP address lookup using gethostbyaddr()\n");
1705 rc = host_name_lookup_byaddr();
1708 host_lookup_deferred = TRUE;
1709 yield = rc; /* Can't carry on */
1712 if (rc == OK) break; /* Found a name */
1714 } /* Loop for bydns/byaddr scanning */
1716 /* If we have failed to find a name, return FAIL and log when required.
1717 NB host_lookup_msg must be in permanent store. */
1719 if (!sender_host_name)
1721 if (host_checking || !f.log_testing_mode)
1722 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1723 "address %s", sender_host_address);
1724 host_lookup_msg = US" (failed to find host name from IP address)";
1725 host_lookup_failed = TRUE;
1730 HDEBUG(D_host_lookup)
1732 uschar **aliases = sender_host_aliases;
1733 debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
1734 while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++);
1737 /* We need to verify that a forward lookup on the name we found does indeed
1738 correspond to the address. This is for security: in principle a malefactor who
1739 happened to own a reverse zone could set it to point to any names at all.
1741 This code was present in versions of Exim before 3.20. At that point I took it
1742 out because I thought that gethostbyaddr() did the check anyway. It turns out
1743 that this isn't always the case, so it's coming back in at 4.01. This version
1744 is actually better, because it also checks aliases.
1746 The code was made more robust at release 4.21. Prior to that, it accepted all
1747 the names if any of them had the correct IP address. Now the code checks all
1748 the names, and accepts only those that have the correct IP address. */
1750 save_hostname = sender_host_name; /* Save for error messages */
1751 aliases = sender_host_aliases;
1752 for (uschar * hname = sender_host_name; hname; hname = *aliases++)
1756 host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL };
1758 { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL };
1760 if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA,
1761 NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
1762 || rc == HOST_FOUND_LOCAL
1765 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1767 /* If the forward lookup was not secure we cancel the is-secure variable */
1769 DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
1770 h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
1771 if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
1773 for (host_item * hh = &h; hh; hh = hh->next)
1774 if (host_is_in_net(hh->address, sender_host_address, 0))
1776 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1781 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1783 if (!ok) HDEBUG(D_host_lookup)
1784 debug_printf("no IP address for %s matched %s\n", hname,
1785 sender_host_address);
1787 else if (rc == HOST_FIND_AGAIN)
1789 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1790 host_lookup_deferred = TRUE;
1791 sender_host_name = NULL;
1796 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1798 /* If this name is no good, and it's the sender name, set it null pro tem;
1799 if it's an alias, just remove it from the list. */
1803 if (hname == sender_host_name) sender_host_name = NULL; else
1805 uschar **a; /* Don't amalgamate - some */
1806 a = --aliases; /* compilers grumble */
1807 while (*a != NULL) { *a = a[1]; a++; }
1812 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1813 it with the first alias, if there is one. */
1815 if (!sender_host_name && *sender_host_aliases)
1816 sender_host_name = *sender_host_aliases++;
1818 /* If we now have a main name, all is well. */
1820 if (sender_host_name) { yield = OK; goto out; }
1822 /* We have failed to find an address that matches. */
1824 HDEBUG(D_host_lookup)
1825 debug_printf("%s does not match any IP address for %s\n",
1826 sender_host_address, save_hostname);
1828 /* This message must be in permanent store */
1830 old_pool = store_pool;
1831 store_pool = POOL_PERM;
1832 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1833 sender_host_address, save_hostname);
1834 store_pool = old_pool;
1835 host_lookup_failed = TRUE;
1846 /*************************************************
1847 * Find IP address(es) for host by name *
1848 *************************************************/
1850 /* The input is a host_item structure with the name filled in and the address
1851 field set to NULL. We use gethostbyname() or getipnodebyname() or
1852 gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
1853 but they do not do MX processing. It appears, however, that in some systems the
1854 current setting of resolver options is used when one of these functions calls
1855 the resolver. For this reason, we call dns_init() at the start, with arguments
1856 influenced by bits in "flags", just as we do for host_find_bydns().
1858 The second argument provides a host list (usually an IP list) of hosts to
1859 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1860 addresses in unreasonable places.
1862 The lookup may result in a change of name. For compatibility with the dns
1863 lookup, return this via fully_qualified_name as well as updating the host item.
1864 The lookup may also yield more than one IP address, in which case chain on
1865 subsequent host_item structures.
1868 host a host item with the name and MX filled in;
1869 the address is to be filled in;
1870 multiple IP addresses cause other host items to be
1872 ignore_target_hosts a list of hosts to ignore
1873 flags HOST_FIND_QUALIFY_SINGLE ) passed to
1874 HOST_FIND_SEARCH_PARENTS ) dns_init()
1875 fully_qualified_name if not NULL, set to point to host name for
1876 compatibility with host_find_bydns
1877 local_host_check TRUE if a check for the local host is wanted
1879 Returns: HOST_FIND_FAILED Failed to find the host or domain
1880 HOST_FIND_AGAIN Try again later
1881 HOST_FOUND Host found - data filled in
1882 HOST_FOUND_LOCAL Host found and is the local host
1886 host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags,
1887 const uschar **fully_qualified_name, BOOL local_host_check)
1890 host_item *last = NULL;
1891 BOOL temp_error = FALSE;
1895 /* Copy the host name at this point to the value which is used for
1896 TLS certificate name checking, before anything modifies it. */
1898 host->certname = host->name;
1901 /* Make sure DNS options are set as required. This appears to be necessary in
1902 some circumstances when the get..byname() function actually calls the DNS. */
1904 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
1905 (flags & HOST_FIND_SEARCH_PARENTS) != 0,
1906 FALSE); /* Cannot retrieve dnssec status so do not request */
1908 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
1909 kinds of address, so go round the loop twice. Note that we have ensured that
1910 AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
1911 code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
1912 lookups here (except when testing standalone). */
1920 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
1921 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
1924 { af = AF_INET; times = 1; }
1926 { af = AF_INET6; times = 2; }
1928 /* No IPv6 support */
1930 #else /* HAVE_IPV6 */
1931 af = AF_INET; times = 1;
1932 #endif /* HAVE_IPV6 */
1934 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1935 interface to this function can be similar to host_find_bydns. */
1937 f.host_find_failed_syntax = FALSE;
1939 /* Loop to look up both kinds of address in an IPv6 world */
1941 for (int i = 1; i <= times;
1943 af = AF_INET, /* If 2 passes, IPv4 on the second */
1949 struct hostent *hostdata;
1950 unsigned long time_msec = 0; /* compiler quietening */
1953 printf("Looking up: %s\n", host->name);
1956 if (slow_lookup_log) time_msec = get_time_in_ms();
1959 if (f.running_in_test_harness)
1960 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1963 #if HAVE_GETIPNODEBYNAME
1964 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
1966 hostdata = gethostbyname2(CS host->name, af);
1967 error_num = h_errno;
1971 #else /* not HAVE_IPV6 */
1972 if (f.running_in_test_harness)
1973 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1976 hostdata = gethostbyname(CS host->name);
1977 error_num = h_errno;
1979 #endif /* HAVE_IPV6 */
1981 if ( slow_lookup_log
1982 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
1983 log_long_lookup(US"gethostbyname", host->name, time_msec);
1990 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
1991 case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
1992 case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
1993 case NO_DATA: error = US"NO_DATA"; break;
1994 #if NO_DATA != NO_ADDRESS
1995 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
1997 default: error = US"?"; break;
2000 DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
2001 f.running_in_test_harness ? "host_fake_gethostbyname" :
2003 # if HAVE_GETIPNODEBYNAME
2011 af == AF_INET ? "inet" : "inet6", error_num, error);
2015 if (!(hostdata->h_addr_list)[0]) continue;
2017 /* Replace the name with the fully qualified one if necessary, and fill in
2018 the fully_qualified_name pointer. */
2020 if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
2021 host->name = string_copy_dnsdomain(US hostdata->h_name);
2022 if (fully_qualified_name) *fully_qualified_name = host->name;
2024 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2025 by their different lengths. Scan the list, ignoring any that are to be
2026 ignored, and build a chain from the rest. */
2028 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2030 for (uschar ** addrlist = USS hostdata->h_addr_list; *addrlist; addrlist++)
2032 uschar *text_address =
2033 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2036 if ( ignore_target_hosts
2037 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2038 text_address, NULL) == OK)
2040 DEBUG(D_host_lookup)
2041 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2046 /* If this is the first address, last is NULL and we put the data in the
2051 host->address = text_address;
2052 host->port = PORT_NONE;
2053 host->status = hstatus_unknown;
2054 host->why = hwhy_unknown;
2055 host->dnssec = DS_UNK;
2059 /* Else add further host item blocks for any other addresses, keeping
2064 host_item *next = store_get(sizeof(host_item), GET_UNTAINTED);
2065 next->name = host->name;
2067 next->certname = host->certname;
2069 next->mx = host->mx;
2070 next->address = text_address;
2071 next->port = PORT_NONE;
2072 next->status = hstatus_unknown;
2073 next->why = hwhy_unknown;
2074 next->dnssec = DS_UNK;
2076 next->next = last->next;
2083 /* If no hosts were found, the address field in the original host block will be
2084 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2085 so we pass that back. */
2091 !message_id[0] && smtp_in
2092 ? string_sprintf("no IP address found for host %s (during %s)", host->name,
2093 smtp_get_connection_info()) :
2095 string_sprintf("no IP address found for host %s", host->name);
2097 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2098 if (temp_error) goto RETURN_AGAIN;
2099 if (host_checking || !f.log_testing_mode)
2100 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2101 return HOST_FIND_FAILED;
2104 /* Remove any duplicate IP addresses, then check to see if this is the local
2105 host if required. */
2107 host_remove_duplicates(host, &last);
2108 yield = local_host_check?
2109 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2111 HDEBUG(D_host_lookup)
2113 if (fully_qualified_name)
2114 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2115 debug_printf("%s looked up these IP addresses:\n",
2117 #if HAVE_GETIPNODEBYNAME
2126 for (const host_item * h = host; h != last->next; h = h->next)
2127 debug_printf(" name=%s address=%s\n", h->name,
2128 h->address ? h->address : US"<null>");
2131 /* Return the found status. */
2135 /* Handle the case when there is a temporary error. If the name matches
2136 dns_again_means_nonexist, return permanent rather than temporary failure. */
2142 const uschar *save = deliver_domain;
2143 deliver_domain = host->name; /* set $domain */
2144 rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
2145 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
2146 deliver_domain = save;
2149 DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: "
2150 "returning HOST_FIND_FAILED\n", host->name);
2151 return HOST_FIND_FAILED;
2154 return HOST_FIND_AGAIN;
2160 /*************************************************
2161 * Fill in a host address from the DNS *
2162 *************************************************/
2164 /* Given a host item, with its name, port and mx fields set, and its address
2165 field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
2166 create additional host items for the additional addresses, copying all the
2167 other fields, and randomizing the order.
2169 On IPv6 systems, AAAA records are sought first, then A records.
2171 The host name may be changed if the DNS returns a different name - e.g. fully
2172 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2173 ensures that it points to the fully qualified name. However, this is the fully
2174 qualified version of the original name; if a CNAME is involved, the actual
2175 canonical host name may be different again, and so we get it directly from the
2176 relevant RR. Note that we do NOT change the mx field of the host item in this
2177 function as it may be called to set the addresses of hosts taken from MX
2181 host points to the host item we're filling in
2182 lastptr points to pointer to last host item in a chain of
2183 host items (may be updated if host is last and gets
2184 extended because multihomed)
2185 ignore_target_hosts list of hosts to ignore
2186 allow_ip if TRUE, recognize an IP address and return it
2187 fully_qualified_name if not NULL, return fully qualified name here if
2188 the contents are different (i.e. it must be preset
2190 dnssec_request if TRUE request the AD bit
2191 dnssec_require if TRUE require the AD bit
2192 whichrrs select ipv4, ipv6 results
2194 Returns: HOST_FIND_FAILED couldn't find A record
2195 HOST_FIND_AGAIN try again later
2196 HOST_FIND_SECURITY dnssec required but not acheived
2197 HOST_FOUND found AAAA and/or A record(s)
2198 HOST_IGNORED found, but all IPs ignored
2202 set_address_from_dns(host_item *host, host_item **lastptr,
2203 const uschar *ignore_target_hosts, BOOL allow_ip,
2204 const uschar **fully_qualified_name,
2205 BOOL dnssec_request, BOOL dnssec_require, int whichrrs)
2207 host_item * thishostlast = NULL; /* Indicates not yet filled in anything */
2208 BOOL v6_find_again = FALSE;
2209 BOOL dnssec_fail = FALSE;
2214 /* Copy the host name at this point to the value which is used for
2215 TLS certificate name checking, before any CNAME-following modifies it. */
2217 host->certname = host->name;
2220 /* If allow_ip is set, a name which is an IP address returns that value
2221 as its address. This is used for MX records when allow_mx_to_ip is set, for
2222 those sites that feel they have to flaunt the RFC rules. */
2224 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2227 if ( ignore_target_hosts
2228 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2229 host->name, NULL) == OK)
2230 return HOST_IGNORED;
2233 host->address = host->name;
2237 dnsa = store_get_dns_answer();
2239 /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
2240 looking for AAAA records the first time. However, unless doing standalone
2241 testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.
2242 On an IPv4 system, go round the loop once only, looking only for A records. */
2245 # ifndef STAND_ALONE
2247 || !(whichrrs & HOST_FIND_BY_AAAA)
2249 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
2250 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
2252 i = 0; /* look up A records only */
2254 # endif /* STAND_ALONE */
2256 i = 1; /* look up AAAA and A records */
2258 /* The IPv4 world */
2260 #else /* HAVE_IPV6 */
2261 i = 0; /* look up A records only */
2262 #endif /* HAVE_IPV6 */
2266 static int types[] = { T_A, T_AAAA };
2267 int type = types[i];
2268 int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
2269 ? 500 : 0; /* Ensures v6/4 sort order */
2272 int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);
2273 lookup_dnssec_authenticated = !dnssec_request ? NULL
2274 : dns_is_secure(dnsa) ? US"yes" : US"no";
2277 if ( (dnssec_request || dnssec_require)
2278 && !dns_is_secure(dnsa)
2281 debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name);
2283 /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups
2284 fails or times out, but not if another one succeeds. (In the early
2285 IPv6 days there are name servers that always fail on AAAA, but are happy
2286 to give out an A record. We want to proceed with that A record.) */
2288 if (rc != DNS_SUCCEED)
2290 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2292 if (host->address != NULL)
2293 i = HOST_FOUND; /* AAAA was found */
2294 else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2295 i = HOST_FIND_AGAIN;
2297 i = HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2301 /* Tried for an AAAA record: remember if this was a temporary
2302 error, and look for the next record type. */
2304 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2310 if (dns_is_secure(dnsa))
2312 DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name);
2313 if (host->dnssec == DS_UNK) /* set in host_find_bydns() */
2314 host->dnssec = DS_YES;
2321 DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
2322 i>0 ? "AAAA" : "A", host->name);
2325 if (host->dnssec == DS_YES) /* set in host_find_bydns() */
2327 DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name);
2328 host->dnssec = DS_NO;
2329 lookup_dnssec_authenticated = US"no";
2334 /* Lookup succeeded: fill in the given host item with the first non-ignored
2335 address found; create additional items for any others. A single A6 record
2336 may generate more than one address. The lookup had a chance to update the
2337 fqdn; we do not want any later times round the loop to do so. */
2339 fully_qualified_name = NULL;
2341 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2343 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
2345 dns_address * da = dns_address_from_rr(dnsa, rr);
2347 DEBUG(D_host_lookup)
2348 if (!da) debug_printf("no addresses extracted from A6 RR for %s\n",
2351 /* This loop runs only once for A and AAAA records, but may run
2352 several times for an A6 record that generated multiple addresses. */
2354 for (; da; da = da->next)
2357 if (ignore_target_hosts != NULL &&
2358 verify_check_this_host(&ignore_target_hosts, NULL,
2359 host->name, da->address, NULL) == OK)
2361 DEBUG(D_host_lookup)
2362 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2367 /* If this is the first address, stick it in the given host block,
2368 and change the name if the returned RR has a different name. */
2370 if (thishostlast == NULL)
2372 if (strcmpic(host->name, rr->name) != 0)
2373 host->name = string_copy_dnsdomain(rr->name);
2374 host->address = da->address;
2375 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2376 host->status = hstatus_unknown;
2377 host->why = hwhy_unknown;
2378 thishostlast = host;
2381 /* Not the first address. Check for, and ignore, duplicates. Then
2382 insert in the chain at a random point. */
2389 /* End of our local chain is specified by "thishostlast". */
2391 for (next = host;; next = next->next)
2393 if (Ustrcmp(CS da->address, next->address) == 0) break;
2394 if (next == thishostlast) { next = NULL; break; }
2396 if (next != NULL) continue; /* With loop for next address */
2398 /* Not a duplicate */
2400 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2401 next = store_get(sizeof(host_item), GET_UNTAINTED);
2403 /* New address goes first: insert the new block after the first one
2404 (so as not to disturb the original pointer) but put the new address
2405 in the original block. */
2407 if (new_sort_key < host->sort_key)
2409 *next = *host; /* Copies port */
2411 host->address = da->address;
2412 host->sort_key = new_sort_key;
2413 if (thishostlast == host) thishostlast = next; /* Local last */
2414 if (*lastptr == host) *lastptr = next; /* Global last */
2417 /* Otherwise scan down the addresses for this host to find the
2418 one to insert after. */
2422 host_item *h = host;
2423 while (h != thishostlast)
2425 if (new_sort_key < h->next->sort_key) break;
2428 *next = *h; /* Copies port */
2430 next->address = da->address;
2431 next->sort_key = new_sort_key;
2432 if (h == thishostlast) thishostlast = next; /* Local last */
2433 if (h == *lastptr) *lastptr = next; /* Global last */
2440 /* Control gets here only if the second lookup (the A record) succeeded.
2441 However, the address may not be filled in if it was ignored. */
2446 ? HOST_FIND_SECURITY
2450 store_free_dns_answer(dnsa);
2457 /*************************************************
2458 * Find IP addresses and host names via DNS *
2459 *************************************************/
2461 /* The input is a host_item structure with the name field filled in and the
2462 address field set to NULL. This may be in a chain of other host items. The
2463 lookup may result in more than one IP address, in which case we must created
2464 new host blocks for the additional addresses, and insert them into the chain.
2465 The original name may not be fully qualified. Use the fully_qualified_name
2466 argument to return the official name, as returned by the resolver.
2469 host point to initial host item
2470 ignore_target_hosts a list of hosts to ignore
2471 whichrrs flags indicating which RRs to look for:
2472 HOST_FIND_BY_SRV => look for SRV
2473 HOST_FIND_BY_MX => look for MX
2474 HOST_FIND_BY_A => look for A
2475 HOST_FIND_BY_AAAA => look for AAAA
2476 also flags indicating how the lookup is done
2477 HOST_FIND_QUALIFY_SINGLE ) passed to the
2478 HOST_FIND_SEARCH_PARENTS ) resolver
2479 HOST_FIND_IPV4_FIRST => reverse usual result ordering
2480 HOST_FIND_IPV4_ONLY => MX results elide ipv6
2481 srv_service when SRV used, the service name
2482 srv_fail_domains DNS errors for these domains => assume nonexist
2483 mx_fail_domains DNS errors for these domains => assume nonexist
2484 dnssec_d.request => make dnssec request: domainlist
2485 dnssec_d.require => ditto and nonexist failures
2486 fully_qualified_name if not NULL, return fully-qualified name
2487 removed set TRUE if local host was removed from the list
2489 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2490 if there was a syntax error,
2491 host_find_failed_syntax is set.
2492 HOST_FIND_AGAIN Could not resolve at this time
2493 HOST_FIND_SECURITY dnsssec required but not acheived
2494 HOST_FOUND Host found
2495 HOST_FOUND_LOCAL The lowest MX record points to this
2496 machine, if MX records were found, or
2497 an A record that was found contains
2498 an address of the local host
2502 host_find_bydns(host_item * host, const uschar * ignore_target_hosts,
2504 uschar * srv_service, uschar * srv_fail_domains, uschar * mx_fail_domains,
2505 const dnssec_domains * dnssec_d,
2506 const uschar ** fully_qualified_name, BOOL * removed)
2508 host_item * h, * last;
2509 int rc = DNS_FAIL, ind_type = 0, yield;
2510 dns_answer * dnsa = store_get_dns_answer();
2512 BOOL dnssec_require, dnssec_request;
2513 dnssec_status_t dnssec;
2515 HDEBUG(D_host_lookup)
2517 debug_printf_indent("check dnssec require list\n");
2520 dnssec_require = dnssec_d
2521 && match_isinlist(host->name, CUSS &dnssec_d->require,
2522 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
2524 HDEBUG(D_host_lookup)
2527 debug_printf_indent("check dnssec request list\n");
2530 dnssec_request = dnssec_require
2532 && match_isinlist(host->name, CUSS &dnssec_d->request,
2533 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
2534 HDEBUG(D_host_lookup)
2537 /* Set the default fully qualified name to the incoming name, initialize the
2538 resolver if necessary, set up the relevant options, and initialize the flag
2539 that gets set for DNS syntax check errors. */
2541 if (fully_qualified_name) *fully_qualified_name = host->name;
2542 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2543 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
2545 f.host_find_failed_syntax = FALSE;
2547 /* First, if requested, look for SRV records. The service name is given; we
2548 assume TCP protocol. DNS domain names are constrained to a maximum of 256
2549 characters, so the code below should be safe. */
2551 if (whichrrs & HOST_FIND_BY_SRV)
2553 uschar * s, * temp_fully_qualified_name;
2556 s = string_sprintf("_%s._tcp.%n%.256s",
2557 srv_service, &prefix_length, host->name);
2558 temp_fully_qualified_name = s;
2561 /* Search for SRV records. If the fully qualified name is different to
2562 the input name, pass back the new original domain, without the prepended
2566 lookup_dnssec_authenticated = NULL;
2567 rc = dns_lookup_timerwrap(dnsa, temp_fully_qualified_name, ind_type,
2568 CUSS &temp_fully_qualified_name);
2571 if ((dnssec_request || dnssec_require)
2572 && !dns_is_secure(dnsa)
2574 debug_printf_indent("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
2578 if (dns_is_secure(dnsa))
2579 { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
2581 { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
2584 if (temp_fully_qualified_name != s && fully_qualified_name)
2585 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2587 /* On DNS failures, we give the "try again" error unless the domain is
2588 listed as one for which we continue. */
2590 if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(dnsa))
2592 log_write(L_host_lookup_failed, LOG_MAIN,
2593 "dnssec fail on SRV for %.256s", host->name);
2596 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2599 if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
2600 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2602 { yield = HOST_FIND_AGAIN; goto out; }
2603 DEBUG(D_host_lookup) debug_printf_indent("DNS_%s treated as DNS_NODATA "
2604 "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
2608 /* If we did not find any SRV records, search the DNS for MX records, if
2609 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2610 domain, and there's no point in going on to look for address records with the
2611 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2612 records. On DNS failures, we give the "try again" error unless the domain is
2613 listed as one for which we continue. */
2615 if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
2619 lookup_dnssec_authenticated = NULL;
2620 rc = dns_lookup_timerwrap(dnsa, host->name, ind_type, fully_qualified_name);
2623 if ( (dnssec_request || dnssec_require)
2624 && !dns_is_secure(dnsa)
2626 debug_printf_indent("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
2629 if (dns_is_secure(dnsa))
2631 DEBUG(D_host_lookup)
2632 debug_printf_indent("%s (MX resp) DNSSEC\n", host->name);
2633 dnssec = DS_YES; lookup_dnssec_authenticated = US"yes";
2637 dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
2643 yield = HOST_FIND_FAILED;
2647 if (!dnssec_require || dns_is_secure(dnsa))
2649 DEBUG(D_host_lookup)
2650 debug_printf_indent("dnssec fail on MX for %.256s\n", host->name);
2652 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2653 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2654 { yield = HOST_FIND_SECURITY; goto out; }
2662 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2663 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2665 { yield = HOST_FIND_AGAIN; goto out; }
2666 DEBUG(D_host_lookup) debug_printf_indent("DNS_%s treated as DNS_NODATA "
2667 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2672 /* If we haven't found anything yet, and we are requested to do so, try for an
2673 A or AAAA record. If we find it (or them) check to see that it isn't the local
2676 if (rc != DNS_SUCCEED)
2678 if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA)))
2680 DEBUG(D_host_lookup) debug_printf_indent("Address records are not being sought\n");
2681 yield = HOST_FIND_FAILED;
2685 last = host; /* End of local chainlet */
2687 host->port = PORT_NONE;
2688 host->dnssec = DS_UNK;
2689 lookup_dnssec_authenticated = NULL;
2690 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2691 fully_qualified_name, dnssec_request, dnssec_require, whichrrs);
2693 /* If one or more address records have been found, check that none of them
2694 are local. Since we know the host items all have their IP addresses
2695 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2696 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2697 because set_address_from_dns() removes them. */
2699 if (rc == HOST_FOUND)
2700 rc = host_scan_for_local_hosts(host, &last, removed);
2701 else if (rc == HOST_IGNORED)
2702 rc = HOST_FIND_FAILED; /* No special action */
2704 DEBUG(D_host_lookup)
2707 if (fully_qualified_name)
2708 debug_printf_indent("fully qualified name = %s\n", *fully_qualified_name);
2709 for (host_item * h = host; h != last->next; h = h->next)
2710 debug_printf_indent("%s %s mx=%d sort=%d %s\n", h->name,
2711 h->address ? h->address : US"<null>", h->mx, h->sort_key,
2712 h->status >= hstatus_unusable ? US"*" : US"");
2719 /* We have found one or more MX or SRV records. Sort them according to
2720 precedence. Put the data for the first one into the existing host block, and
2721 insert new host_item blocks into the chain for the remainder. For equal
2722 precedences one is supposed to randomize the order. To make this happen, the
2723 sorting is actually done on the MX value * 1000 + a random number. This is put
2724 into a host field called sort_key.
2726 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2727 IPv6 address in preference. At this stage, we don't know what kind of address
2728 the host has. We choose a random number < 500; if later we find an A record
2729 first, we add 500 to the random number. Then for any other address records, we
2730 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2733 At this point we remove any duplicates that point to the same host, retaining
2734 only the one with the lowest precedence. We cannot yet check for precedence
2735 greater than that of the local host, because that test cannot be properly done
2736 until the addresses have been found - an MX record may point to a name for this
2737 host which is not the primary hostname. */
2739 last = NULL; /* Indicates that not even the first item is filled yet */
2741 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2743 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type)
2745 int precedence, weight;
2746 int port = PORT_NONE;
2747 const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
2750 if (rr_bad_size(rr, sizeof(uint16_t))) continue;
2751 GETSHORT(precedence, s); /* Pointer s is advanced */
2753 /* For MX records, we use a random "weight" which causes multiple records of
2754 the same precedence to sort randomly. */
2756 if (ind_type == T_MX)
2757 weight = random_number(500);
2760 /* SRV records are specified with a port and a weight. The weight is used
2761 in a special algorithm. However, to start with, we just use it to order the
2762 records of equal priority (precedence). */
2764 if (rr_bad_increment(rr, s, 2 * sizeof(uint16_t))) continue;
2765 GETSHORT(weight, s);
2769 /* Get the name of the host pointed to. */
2771 (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
2772 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2774 /* Check that we haven't already got this host on the chain; if we have,
2775 keep only the lower precedence. This situation shouldn't occur, but you
2776 never know what junk might get into the DNS (and this case has been seen on
2777 more than one occasion). */
2779 if (last) /* This is not the first record */
2781 host_item *prev = NULL;
2783 for (h = host; h != last->next; prev = h, h = h->next)
2784 if (strcmpic(h->name, data) == 0)
2786 DEBUG(D_host_lookup)
2787 debug_printf_indent("discarded duplicate host %s (MX=%d)\n", data,
2788 precedence > h->mx ? precedence : h->mx);
2789 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2790 if (h == host) /* Override first item */
2793 host->sort_key = precedence * 1000 + weight;
2797 /* Unwanted host item is not the first in the chain, so we can get
2798 get rid of it by cutting it out. */
2800 prev->next = h->next;
2801 if (h == last) last = prev;
2806 /* If this is the first MX or SRV record, put the data into the existing host
2807 block. Otherwise, add a new block in the correct place; if it has to be
2808 before the first block, copy the first block's data to a new second block. */
2812 host->name = string_copy_dnsdomain(data);
2813 host->address = NULL;
2815 host->mx = precedence;
2816 host->sort_key = precedence * 1000 + weight;
2817 host->status = hstatus_unknown;
2818 host->why = hwhy_unknown;
2819 host->dnssec = dnssec;
2824 /* Make a new host item and seek the correct insertion place */
2826 int sort_key = precedence * 1000 + weight;
2827 host_item * next = store_get(sizeof(host_item), GET_UNTAINTED);
2828 next->name = string_copy_dnsdomain(data);
2829 next->address = NULL;
2831 next->mx = precedence;
2832 next->sort_key = sort_key;
2833 next->status = hstatus_unknown;
2834 next->why = hwhy_unknown;
2835 next->dnssec = dnssec;
2838 /* Handle the case when we have to insert before the first item. */
2840 if (sort_key < host->sort_key)
2847 if (last == host) last = next;
2851 /* Else scan down the items we have inserted as part of this exercise;
2852 don't go further. */
2854 for (h = host; h != last; h = h->next)
2855 if (sort_key < h->next->sort_key)
2857 next->next = h->next;
2862 /* Join on after the last host item that's part of this
2863 processing if we haven't stopped sooner. */
2867 next->next = last->next;
2874 NEXT_MX_RR: continue;
2877 if (!last) /* No rr of correct type; give up */
2879 yield = HOST_FIND_FAILED;
2883 /* If the list of hosts was obtained from SRV records, there are two things to
2884 do. First, if there is only one host, and it's name is ".", it means there is
2885 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2886 priority according to their weights, using an algorithm that is defined in RFC
2887 2782. The hosts are currently sorted by priority and weight. For each priority
2888 group we have to pick off one host and put it first, and then repeat for any
2889 remaining in the same priority group. */
2891 if (ind_type == T_SRV)
2895 if (host == last && host->name[0] == 0)
2897 DEBUG(D_host_lookup) debug_printf_indent("the single SRV record is \".\"\n");
2898 yield = HOST_FIND_FAILED;
2902 DEBUG(D_host_lookup)
2904 debug_printf_indent("original ordering of hosts from SRV records:\n");
2905 for (h = host; h != last->next; h = h->next)
2906 debug_printf_indent(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2909 for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
2914 /* Find the last following host that has the same precedence. At the same
2915 time, compute the sum of the weights and the running totals. These can be
2916 stored in the sort_key field. */
2918 for (hh = h; hh != last; hh = hh->next)
2920 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2923 if (hh->mx != hh->next->mx) break;
2926 /* If there's more than one host at this precedence (priority), we need to
2927 pick one to go first. */
2933 int randomizer = random_number(sum + 1);
2935 for (ppptr = pptr, hhh = h;
2937 ppptr = &hhh->next, hhh = hhh->next)
2938 if (hhh->sort_key >= randomizer)
2941 /* hhh now points to the host that should go first; ppptr points to the
2942 place that points to it. Unfortunately, if the start of the minilist is
2943 the start of the entire list, we can't just swap the items over, because
2944 we must not change the value of host, since it is passed in from outside.
2945 One day, this could perhaps be changed.
2947 The special case is fudged by putting the new item *second* in the chain,
2948 and then transferring the data between the first and second items. We
2949 can't just swap the first and the chosen item, because that would mean
2950 that an item with zero weight might no longer be first. */
2954 *ppptr = hhh->next; /* Cuts it out of the chain */
2958 host_item temp = *h;
2961 hhh->next = temp.next;
2966 hhh->next = h; /* The rest of the chain follows it */
2967 *pptr = hhh; /* It takes the place of h */
2968 h = hhh; /* It's now the start of this minilist */
2973 /* A host has been chosen to be first at this priority and h now points
2974 to this host. There may be others at the same priority, or others at a
2975 different priority. Before we leave this host, we need to put back a sort
2976 key of the traditional MX kind, in case this host is multihomed, because
2977 the sort key is used for ordering the multiple IP addresses. We do not need
2978 to ensure that these new sort keys actually reflect the order of the hosts,
2981 h->sort_key = h->mx * 1000 + random_number(500);
2982 } /* Move on to the next host */
2985 /* Now we have to find IP addresses for all the hosts. We have ensured above
2986 that the names in all the host items are unique. Before release 4.61 we used to
2987 process records from the additional section in the DNS packet that returned the
2988 MX or SRV records. However, a DNS name server is free to drop any resource
2989 records from the additional section. In theory, this has always been a
2990 potential problem, but it is exacerbated by the advent of IPv6. If a host had
2991 several IPv4 addresses and some were not in the additional section, at least
2992 Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
2993 and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
2994 connection, and never try an IPv4 address. When there was only IPv4
2995 connectivity, this was a disaster that did in practice occur.
2997 So, from release 4.61 onwards, we always search for A and AAAA records
2998 explicitly. The names shouldn't point to CNAMES, but we use the general lookup
2999 function that handles them, just in case. If any lookup gives a soft error,
3000 change the default yield.
3002 For these DNS lookups, we must disable qualify_single and search_parents;
3003 otherwise invalid host names obtained from MX or SRV records can cause trouble
3004 if they happen to match something local. */
3006 yield = HOST_FIND_FAILED; /* Default yield */
3007 dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */
3008 dnssec_request || dnssec_require);
3010 for (h = host; h != last->next; h = h->next)
3012 if (h->address) continue; /* Inserted by a multihomed host */
3014 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
3015 NULL, dnssec_request, dnssec_require,
3016 whichrrs & HOST_FIND_IPV4_ONLY
3017 ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA);
3018 if (rc != HOST_FOUND)
3020 h->status = hstatus_unusable;
3023 case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break;
3024 case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break;
3025 case HOST_IGNORED: h->why = hwhy_ignored; break;
3026 default: h->why = hwhy_failed; break;
3031 /* Scan the list for any hosts that are marked unusable because they have
3032 been explicitly ignored, and remove them from the list, as if they did not
3033 exist. If we end up with just a single, ignored host, flatten its fields as if
3034 nothing was found. */
3036 if (ignore_target_hosts)
3038 host_item *prev = NULL;
3039 for (h = host; h != last->next; h = h->next)
3042 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3044 else if (prev == NULL) /* First host is ignored */
3046 if (h != last) /* First is not last */
3048 if (h->next == last) last = h; /* Overwrite it with next */
3049 *h = *(h->next); /* and reprocess it. */
3050 goto REDO; /* C should have redo, like Perl */
3053 else /* Ignored host is not first - */
3055 prev->next = h->next;
3056 if (h == last) last = prev;
3060 if (host->why == hwhy_ignored) host->address = NULL;
3063 /* There is still one complication in the case of IPv6. Although the code above
3064 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3065 hosts, it doesn't do this for addresses that apply to different hosts with the
3066 same MX precedence, because the sorting on MX precedence happens first. So we
3067 have to make another pass to check for this case. We ensure that, within a
3068 single MX preference value, IPv6 addresses come first. This can separate the
3069 addresses of a multihomed host, but that should not matter. */
3072 if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
3075 host_item *next = h->next;
3077 if ( h->mx != next->mx /* If next is different MX */
3078 || !h->address /* OR this one is unset */
3080 continue; /* move on to next */
3082 if ( whichrrs & HOST_FIND_IPV4_FIRST
3083 ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */
3085 && Ustrchr(next->address, ':') /* OR next is IPv6 */
3087 : Ustrchr(h->address, ':') /* OR this one is IPv6 */
3089 && !Ustrchr(next->address, ':') /* OR next is IPv4 */
3091 continue; /* move on to next */
3093 temp = *h; /* otherwise, swap */
3094 temp.next = next->next;
3099 #endif /*HAVE_IPV6*/
3101 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3102 whose IP addresses are on the local host. If any are found, all hosts with the
3103 same or higher MX values are removed. However, if the local host has the lowest
3104 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3105 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3106 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3107 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3108 be HOST_FIND_FAILED. */
3110 host_remove_duplicates(host, &last);
3111 rc = host_scan_for_local_hosts(host, &last, removed);
3112 if (rc != HOST_FIND_FAILED) yield = rc;
3114 DEBUG(D_host_lookup)
3116 if (fully_qualified_name)
3117 debug_printf_indent("fully qualified name = %s\n", *fully_qualified_name);
3118 debug_printf_indent("host_find_bydns yield = %s (%d); returned hosts:\n",
3119 yield == HOST_FOUND ? "HOST_FOUND" :
3120 yield == HOST_FOUND_LOCAL ? "HOST_FOUND_LOCAL" :
3121 yield == HOST_FIND_SECURITY ? "HOST_FIND_SECURITY" :
3122 yield == HOST_FIND_AGAIN ? "HOST_FIND_AGAIN" :
3123 yield == HOST_FIND_FAILED ? "HOST_FIND_FAILED" : "?",
3125 for (h = host; h != last->next; h = h->next)
3127 debug_printf_indent(" %s %s MX=%d %s", h->name,
3128 !h->address ? US"<null>" : h->address, h->mx,
3129 h->dnssec == DS_YES ? US"DNSSEC " : US"");
3130 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3131 if (h->status >= hstatus_unusable) debug_printf("*");
3138 dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
3139 store_free_dns_answer(dnsa);
3147 /* Lookup TLSA record for host/port.
3148 Return: OK success with dnssec; DANE mode
3149 DEFER Do not use this host now, may retry later
3150 FAIL_FORCED No TLSA record; DANE not usable
3151 FAIL Do not use this connection
3155 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
3158 const uschar * fullname = buffer;
3162 /* TLSA lookup string */
3163 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
3165 rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
3166 sec = dns_is_secure(dnsa);
3168 debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
3173 return DEFER; /* just defer this TLS'd conn */
3181 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
3182 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
3183 if (rr->type == T_TLSA && rr->size > 3)
3185 uint16_t payload_length = rr->size - 3;
3186 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
3188 sp += sprintf(CS sp, "%d ", *p++); /* usage */
3189 sp += sprintf(CS sp, "%d ", *p++); /* selector */
3190 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
3191 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
3192 sp += sprintf(CS sp, "%02x", *p++);
3194 debug_printf(" %s\n", s);
3199 log_write(0, LOG_MAIN,
3200 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
3203 case DNS_NODATA: /* no TLSA RR for this lookup */
3204 case DNS_NOMATCH: /* no records at all for this lookup */
3205 return dane_required ? FAIL : FAIL_FORCED;
3209 return dane_required ? FAIL : DEFER;
3212 #endif /*SUPPORT_DANE*/
3216 /*************************************************
3217 **************************************************
3218 * Stand-alone test program *
3219 **************************************************
3220 *************************************************/
3224 int main(int argc, char **cargv)
3227 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3228 BOOL byname = FALSE;
3229 BOOL qualify_single = TRUE;
3230 BOOL search_parents = FALSE;
3231 BOOL request_dnssec = FALSE;
3232 BOOL require_dnssec = FALSE;
3233 uschar **argv = USS cargv;
3236 disable_ipv6 = FALSE;
3237 primary_hostname = US"";
3239 store_pool = POOL_MAIN;
3240 debug_selector = D_host_lookup|D_interface;
3241 debug_file = stdout;
3242 debug_fd = fileno(debug_file);
3244 printf("Exim stand-alone host functions test\n");
3246 host_find_interfaces();
3247 debug_selector = D_host_lookup | D_dns;
3249 if (argc > 1) primary_hostname = argv[1];
3251 /* So that debug level changes can be done first */
3253 dns_init(qualify_single, search_parents, FALSE);
3255 printf("Testing host lookup\n");
3257 while (Ufgets(buffer, 256, stdin) != NULL)
3260 int len = Ustrlen(buffer);
3261 uschar *fully_qualified_name;
3263 while (len > 0 && isspace(buffer[len-1])) len--;
3266 if (Ustrcmp(buffer, "q") == 0) break;
3268 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3269 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3270 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3271 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3272 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3273 else if (Ustrcmp(buffer, "srv+a") == 0)
3274 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3275 else if (Ustrcmp(buffer, "srv+mx") == 0)
3276 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3277 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3278 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3279 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3280 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3281 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3282 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3283 else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
3284 else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
3285 else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
3286 else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
3287 else if (Ustrcmp(buffer, "test_harness") == 0)
3288 f.running_in_test_harness = !f.running_in_test_harness;
3289 else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
3290 else if (Ustrcmp(buffer, "res_debug") == 0)
3292 _res.options ^= RES_DEBUG;
3294 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3296 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3297 _res.retrans = dns_retrans;
3299 else if (Ustrncmp(buffer, "retry", 5) == 0)
3301 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3302 _res.retry = dns_retry;
3306 int flags = whichrrs;
3313 h.status = hstatus_unknown;
3314 h.why = hwhy_unknown;
3317 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3318 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3320 d.request = request_dnssec ? &h.name : NULL;
3321 d.require = require_dnssec ? &h.name : NULL;
3324 ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
3325 : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3326 &d, &fully_qualified_name, NULL);
3330 case HOST_FIND_FAILED: printf("Failed\n"); break;
3331 case HOST_FIND_AGAIN: printf("Again\n"); break;
3332 case HOST_FIND_SECURITY: printf("Security\n"); break;
3333 case HOST_FOUND_LOCAL: printf("Local\n"); break;
3340 printf("Testing host_aton\n");
3342 while (Ufgets(buffer, 256, stdin) != NULL)
3345 int len = Ustrlen(buffer);
3347 while (len > 0 && isspace(buffer[len-1])) len--;
3350 if (Ustrcmp(buffer, "q") == 0) break;
3352 len = host_aton(buffer, x);
3353 printf("length = %d ", len);
3354 for (int i = 0; i < len; i++)
3356 printf("%04x ", (x[i] >> 16) & 0xffff);
3357 printf("%04x ", x[i] & 0xffff);
3364 printf("Testing host_name_lookup\n");
3366 while (Ufgets(buffer, 256, stdin) != NULL)
3368 int len = Ustrlen(buffer);
3369 while (len > 0 && isspace(buffer[len-1])) len--;
3371 if (Ustrcmp(buffer, "q") == 0) break;
3372 sender_host_address = buffer;
3373 sender_host_name = NULL;
3374 sender_host_aliases = NULL;
3375 host_lookup_msg = US"";
3376 host_lookup_failed = FALSE;
3377 if (host_name_lookup() == FAIL) /* Debug causes printing */
3378 printf("Lookup failed:%s\n", host_lookup_msg);
3386 #endif /* STAND_ALONE */