1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2022 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
10 directly via the DNS. When IPv6 is supported, getipnodebyname() and
11 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
12 if the newer functions are available. This module also contains various other
13 functions concerned with hosts and addresses, and a random number function,
14 used for randomizing hosts with equal MXs but available for use in other parts
21 /* Static variable for preserving the list of interface addresses in case it is
22 used more than once. */
24 static ip_address_item *local_interface_data = NULL;
27 #ifdef USE_INET_NTOA_FIX
28 /*************************************************
29 * Replacement for broken inet_ntoa() *
30 *************************************************/
32 /* On IRIX systems, gcc uses a different structure passing convention to the
33 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
34 255.255.255.255. To get round this, we provide a private version of the
35 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
36 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
40 as seen in comp.sys.sgi.admin
42 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
43 should now be set for them as well.
45 Arguments: sa an in_addr structure
46 Returns: pointer to static text string
50 inet_ntoa(struct in_addr sa)
52 static uschar addr[20];
53 sprintf(addr, "%d.%d.%d.%d",
64 /*************************************************
65 * Random number generator *
66 *************************************************/
68 /* This is a simple pseudo-random number generator. It does not have to be
69 very good for the uses to which it is put. When running the regression tests,
70 start with a fixed seed.
72 If you need better, see vaguely_random_number() which is potentially stronger,
73 if a crypto library is available, but might end up just calling this instead.
76 limit: one more than the largest number required
78 Returns: a pseudo-random number in the range 0 to limit-1
82 random_number(int limit)
88 if (f.running_in_test_harness) random_seed = 42; else
90 int p = (int)getpid();
91 random_seed = (int)time(NULL) ^ ((p << 16) | p);
94 random_seed = 1103515245 * random_seed + 12345;
95 return (unsigned int)(random_seed >> 16) % limit;
98 /*************************************************
99 * Wrappers for logging lookup times *
100 *************************************************/
102 /* When the 'slow_lookup_log' variable is enabled, these wrappers will
103 write to the log file all (potential) dns lookups that take more than
104 slow_lookup_log milliseconds
108 log_long_lookup(const uschar * type, const uschar * data, unsigned long msec)
110 log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec",
115 /* returns the current system epoch time in milliseconds. */
119 struct timeval tmp_time;
120 unsigned long seconds, microseconds;
122 gettimeofday(&tmp_time, NULL);
123 seconds = (unsigned long) tmp_time.tv_sec;
124 microseconds = (unsigned long) tmp_time.tv_usec;
125 return seconds*1000 + microseconds/1000;
130 dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type,
131 const uschar **fully_qualified_name)
134 unsigned long time_msec;
136 if (!slow_lookup_log)
137 return dns_lookup(dnsa, name, type, fully_qualified_name);
139 time_msec = get_time_in_ms();
140 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
141 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
142 log_long_lookup(dns_text_type(type), name, time_msec);
147 /*************************************************
148 * Replace gethostbyname() when testing *
149 *************************************************/
151 /* This function is called instead of gethostbyname(), gethostbyname2(), or
152 getipnodebyname() when running in the test harness. . It also
153 recognizes an unqualified "localhost" and forces it to the appropriate loopback
154 address. IP addresses are treated as literals. For other names, it uses the DNS
155 to find the host name. In the test harness, this means it will access only the
159 name the host name or a textual IP address
160 af AF_INET or AF_INET6
161 error_num where to put an error code:
162 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
164 Returns: a hostent structure or NULL for an error
167 static struct hostent *
168 host_fake_gethostbyname(const uschar *name, int af, int *error_num)
171 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
173 int alen = sizeof(struct in_addr);
177 const uschar *lname = name;
180 struct hostent *yield;
181 dns_answer * dnsa = store_get_dns_answer();
185 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
186 af == AF_INET ? "IPv4" : "IPv6");
188 /* Handle unqualified "localhost" */
190 if (Ustrcmp(name, "localhost") == 0)
191 lname = af == AF_INET ? US"127.0.0.1" : US"::1";
193 /* Handle a literal IP address */
195 if ((ipa = string_is_ip_address(lname, NULL)) != 0)
196 if ( ipa == 4 && af == AF_INET
197 || ipa == 6 && af == AF_INET6)
200 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
201 alist = store_get(2 * sizeof(char *), GET_UNTAINTED);
202 adds = store_get(alen, GET_UNTAINTED);
203 yield->h_name = CS name;
204 yield->h_aliases = NULL;
205 yield->h_addrtype = af;
206 yield->h_length = alen;
207 yield->h_addr_list = CSS alist;
209 for (int n = host_aton(lname, x), i = 0; i < n; i++)
212 *adds++ = (y >> 24) & 255;
213 *adds++ = (y >> 16) & 255;
214 *adds++ = (y >> 8) & 255;
220 /* Wrong kind of literal address */
224 *error_num = HOST_NOT_FOUND;
229 /* Handle a host name */
233 int type = af == AF_INET ? T_A:T_AAAA;
234 int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
237 lookup_dnssec_authenticated = NULL;
241 case DNS_SUCCEED: break;
242 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out;
243 case DNS_NODATA: *error_num = NO_DATA; yield = NULL; goto out;
244 case DNS_AGAIN: *error_num = TRY_AGAIN; yield = NULL; goto out;
246 case DNS_FAIL: *error_num = NO_RECOVERY; yield = NULL; goto out;
249 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
251 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
254 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
255 alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED);
256 adds = store_get(count *alen, GET_UNTAINTED);
258 yield->h_name = CS name;
259 yield->h_aliases = NULL;
260 yield->h_addrtype = af;
261 yield->h_length = alen;
262 yield->h_addr_list = CSS alist;
264 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
266 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
270 if (!(da = dns_address_from_rr(dnsa, rr))) break;
272 for (int n = host_aton(da->address, x), i = 0; i < n; i++)
275 *adds++ = (y >> 24) & 255;
276 *adds++ = (y >> 16) & 255;
277 *adds++ = (y >> 8) & 255;
286 store_free_dns_answer(dnsa);
292 /*************************************************
293 * Build chain of host items from list *
294 *************************************************/
296 /* This function builds a chain of host items from a textual list of host
297 names. It does not do any lookups. If randomize is true, the chain is build in
298 a randomized order. There may be multiple groups of independently randomized
299 hosts; they are delimited by a host name consisting of just "+".
302 anchor anchor for the chain
304 randomize TRUE for randomizing
310 host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize)
313 int fake_mx = MX_NONE; /* This value is actually -1 */
317 if (randomize) fake_mx--; /* Start at -2 for randomizing */
321 while ((name = string_nextinlist(&list, &sep, NULL, 0)))
325 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
326 { /* ignore if not randomizing */
327 if (randomize) fake_mx--;
331 h = store_get(sizeof(host_item), GET_UNTAINTED);
336 h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0;
337 h->status = hstatus_unknown;
338 h->why = hwhy_unknown;
348 host_item *hh = *anchor;
349 if (h->sort_key < hh->sort_key)
356 while (hh->next && h->sort_key >= hh->next->sort_key)
366 /*************************************************
367 * Get port from a host item's name *
368 *************************************************/
370 /* This function is called when finding the IP address for a host that is in a
371 list of hosts explicitly configured, such as in the manualroute router, or in a
372 fallback hosts list. We see if there is a port specification at the end of the
373 host name, and if so, remove it. A minimum length of 3 is required for the
374 original name; nothing shorter is recognized as having a port.
376 We test for a name ending with a sequence of digits; if preceded by colon we
377 have a port if the character before the colon is ] and the name starts with [
378 or if there are no other colons in the name (i.e. it's not an IPv6 address).
380 Arguments: pointer to the host item
381 Returns: a port number or PORT_NONE
385 host_item_get_port(host_item *h)
389 int len = Ustrlen(h->name);
391 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
393 /* Extract potential port number */
398 while (p > h->name + 1 && isdigit(*p))
400 port += (*p-- - '0') * x;
404 /* The smallest value of p at this point is h->name + 1. */
406 if (*p != ':') return PORT_NONE;
408 if (p[-1] == ']' && h->name[0] == '[')
409 h->name = string_copyn(h->name + 1, p - h->name - 2);
410 else if (Ustrchr(h->name, ':') == p)
411 h->name = string_copyn(h->name, p - h->name);
412 else return PORT_NONE;
414 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
420 #ifndef STAND_ALONE /* Omit when standalone testing */
422 /*************************************************
423 * Build sender_fullhost and sender_rcvhost *
424 *************************************************/
426 /* This function is called when sender_host_name and/or sender_helo_name
427 have been set. Or might have been set - for a local message read off the spool
428 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
431 (a) No sender_host_name or sender_helo_name: "[ip address]"
432 (b) Just sender_host_name: "host_name [ip address]"
433 (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
434 in which case: "[ip address}"
435 (d) The two are identical: "host_name [ip address]" includes helo = IP
436 (e) The two are different: "host_name (helo_name) [ip address]"
438 If log_incoming_port is set, the sending host's port number is added to the IP
441 This function also builds sender_rcvhost for use in Received: lines, whose
442 syntax is a bit different. This value also includes the RFC 1413 identity.
443 There wouldn't be two different variables if I had got all this right in the
446 Because this data may survive over more than one incoming SMTP message, it has
447 to be in permanent store. However, STARTTLS has to be forgotten and redone
448 on a multi-message conn, so this will be called once per message then. Hence
449 we use malloc, so we can free.
456 host_build_sender_fullhost(void)
458 BOOL show_helo = TRUE;
459 uschar * address, * fullhost, * rcvhost;
463 if (!sender_host_address) return;
465 reset_point = store_mark();
467 /* Set up address, with or without the port. After discussion, it seems that
468 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
469 use this directly as the first item for Received: because it ain't an RFC 2822
472 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
473 if (!LOGGING(incoming_port) || sender_host_port <= 0)
474 *(Ustrrchr(address, ':')) = 0;
476 /* If there's no EHLO/HELO data, we can't show it. */
478 if (!sender_helo_name) show_helo = FALSE;
480 /* If HELO/EHLO was followed by an IP literal, it's messy because of two
481 features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
482 doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
483 be given in canonical form, so we have to canonicalize them before comparing. As
484 it happens, the code works for both IPv4 and IPv6. */
486 else if (sender_helo_name[0] == '[' &&
487 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
492 if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
493 if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
495 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
497 if (string_is_ip_address(helo_ip, NULL) != 0)
501 uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
503 sizex = host_aton(helo_ip, x);
504 sizey = host_aton(sender_host_address, y);
506 (void)host_nmtoa(sizex, x, -1, ipx, ':');
507 (void)host_nmtoa(sizey, y, -1, ipy, ':');
509 if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
513 /* Host name is not verified */
515 if (!sender_host_name)
517 uschar *portptr = Ustrstr(address, "]:");
519 int adlen; /* Sun compiler doesn't like ++ in initializers */
521 adlen = portptr ? (++portptr - address) : Ustrlen(address);
522 fullhost = sender_helo_name
523 ? string_sprintf("(%s) %s", sender_helo_name, address)
526 g = string_catn(NULL, address, adlen);
528 if (sender_ident || show_helo || portptr)
531 g = string_catn(g, US" (", 2);
535 g = string_append(g, 2, US"port=", portptr + 1);
538 g = string_append(g, 2,
539 firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name);
542 g = string_append(g, 2,
543 firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident);
545 g = string_catn(g, US")", 1);
548 rcvhost = string_from_gstring(g);
551 /* Host name is known and verified. Unless we've already found that the HELO
552 data matches the IP address, compare it with the name. */
556 if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
561 fullhost = string_sprintf("%s (%s) %s", sender_host_name,
562 sender_helo_name, address);
563 rcvhost = sender_ident
564 ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
565 address, sender_helo_name, sender_ident)
566 : string_sprintf("%s (%s helo=%s)", sender_host_name,
567 address, sender_helo_name);
571 fullhost = string_sprintf("%s %s", sender_host_name, address);
572 rcvhost = sender_ident
573 ? string_sprintf("%s (%s ident=%s)", sender_host_name, address,
575 : string_sprintf("%s (%s)", sender_host_name, address);
579 sender_fullhost = string_copy_perm(fullhost, TRUE);
580 sender_rcvhost = string_copy_perm(rcvhost, TRUE);
582 store_reset(reset_point);
584 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
585 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
590 /*************************************************
591 * Build host+ident message *
592 *************************************************/
594 /* Used when logging rejections and various ACL and SMTP incidents. The text
595 return depends on whether sender_fullhost and sender_ident are set or not:
597 no ident, no host => U=unknown
598 no ident, host set => H=sender_fullhost
599 ident set, no host => U=ident
600 ident set, host set => H=sender_fullhost U=ident
602 Use taint-unchecked routines on the assumption we'll never expand the results.
605 useflag TRUE if first item to be flagged (H= or U=); if there are two
606 items, the second is always flagged
608 Returns: pointer to a string in big_buffer
612 host_and_ident(BOOL useflag)
614 if (!sender_fullhost)
615 string_format_nt(big_buffer, big_buffer_size, "%s%s", useflag ? "U=" : "",
616 sender_ident ? sender_ident : US"unknown");
619 uschar * flag = useflag ? US"H=" : US"";
620 uschar * iface = US"";
621 if (LOGGING(incoming_interface) && interface_address)
622 iface = string_sprintf(" I=[%s]:%d", interface_address, interface_port);
624 string_format_nt(big_buffer, big_buffer_size, "%s%s%s U=%s",
625 flag, sender_fullhost, iface, sender_ident);
627 string_format_nt(big_buffer, big_buffer_size, "%s%s%s",
628 flag, sender_fullhost, iface);
633 #endif /* STAND_ALONE */
638 /*************************************************
639 * Build list of local interfaces *
640 *************************************************/
642 /* This function interprets the contents of the local_interfaces or
643 extra_local_interfaces options, and creates an ip_address_item block for each
644 item on the list. There is no special interpretation of any IP addresses; in
645 particular, 0.0.0.0 and ::0 are returned without modification. If any address
646 includes a port, it is set in the block. Otherwise the port value is set to
651 name the name of the option being expanded
653 Returns: a chain of ip_address_items, each containing to a textual
654 version of an IP address, and a port number (host order) or
655 zero if no port was given with the address
659 host_build_ifacelist(const uschar *list, uschar *name)
663 ip_address_item * yield = NULL, * last = NULL, * next;
665 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
668 int port = host_address_extract_port(s); /* Leaves just the IP address */
670 if (!(ipv = string_is_ip_address(s, NULL)))
671 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
674 /* Skip IPv6 addresses if IPv6 is disabled. */
676 if (disable_ipv6 && ipv == 6) continue;
678 /* This use of strcpy() is OK because we have checked that s is a valid IP
679 address above. The field in the ip_address_item is large enough to hold an
682 next = store_get(sizeof(ip_address_item), list);
684 Ustrcpy(next->address, s);
686 next->v6_include_v4 = FALSE;
705 /*************************************************
706 * Find addresses on local interfaces *
707 *************************************************/
709 /* This function finds the addresses of local IP interfaces. These are used
710 when testing for routing to the local host. As the function may be called more
711 than once, the list is preserved in permanent store, pointed to by a static
712 variable, to save doing the work more than once per process.
714 The generic list of interfaces is obtained by calling host_build_ifacelist()
715 for local_interfaces and extra_local_interfaces. This list scanned to remove
716 duplicates (which may exist with different ports - not relevant here). If
717 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
718 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
719 obtained from os_find_running_interfaces().
722 Returns: a chain of ip_address_items, each containing to a textual
723 version of an IP address; the port numbers are not relevant
727 /* First, a local subfunction to add an interface to a list in permanent store,
728 but only if there isn't a previous copy of that address on the list. */
730 static ip_address_item *
731 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
733 ip_address_item *ipa2;
734 for (ipa2 = list; ipa2; ipa2 = ipa2->next)
735 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
736 ipa2 = store_get_perm(sizeof(ip_address_item), FALSE);
743 /* This is the globally visible function */
746 host_find_interfaces(void)
748 ip_address_item *running_interfaces = NULL;
750 if (!local_interface_data)
752 void *reset_item = store_mark();
753 ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,
754 US"local_interfaces");
755 ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces,
756 US"extra_local_interfaces");
757 ip_address_item *ipa;
759 if (!dlist) dlist = xlist;
762 for (ipa = dlist; ipa->next; ipa = ipa->next) ;
766 for (ipa = dlist; ipa; ipa = ipa->next)
768 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
769 Ustrcmp(ipa->address, "::0") == 0)
771 BOOL ipv6 = ipa->address[0] == ':';
772 if (!running_interfaces)
773 running_interfaces = os_find_running_interfaces();
774 for (ip_address_item * ipa2 = running_interfaces; ipa2; ipa2 = ipa2->next)
775 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
776 local_interface_data = add_unique_interface(local_interface_data,
781 local_interface_data = add_unique_interface(local_interface_data, ipa);
784 debug_printf("Configured local interface: address=%s", ipa->address);
785 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
790 store_reset(reset_item);
793 return local_interface_data;
800 /*************************************************
801 * Convert network IP address to text *
802 *************************************************/
804 /* Given an IPv4 or IPv6 address in binary, convert it to a text
805 string and return the result in a piece of new store. The address can
806 either be given directly, or passed over in a sockaddr structure. Note
807 that this isn't the converse of host_aton() because of byte ordering
808 differences. See host_nmtoa() below.
811 type if < 0 then arg points to a sockaddr, else
812 either AF_INET or AF_INET6
813 arg points to a sockaddr if type is < 0, or
814 points to an IPv4 address (32 bits), or
815 points to an IPv6 address (128 bits),
816 in both cases, in network byte order
817 buffer if NULL, the result is returned in gotten store;
818 else points to a buffer to hold the answer
819 portptr points to where to put the port number, if non NULL; only
822 Returns: pointer to character string
826 host_ntoa(int type, const void *arg, uschar *buffer, int *portptr)
830 /* The new world. It is annoying that we have to fish out the address from
831 different places in the block, depending on what kind of address it is. It
832 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
833 function inet_ntoa() returns just uschar *, and some picky compilers insist
834 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
837 uschar addr_buffer[46];
840 int family = ((struct sockaddr *)arg)->sa_family;
841 if (family == AF_INET6)
843 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
844 yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
845 sizeof(addr_buffer));
846 if (portptr) *portptr = ntohs(sk->sin6_port);
850 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
851 yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
852 sizeof(addr_buffer));
853 if (portptr) *portptr = ntohs(sk->sin_port);
858 yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
861 /* If the result is a mapped IPv4 address, show it in V4 format. */
863 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
865 #else /* HAVE_IPV6 */
871 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
872 if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
875 yield = US inet_ntoa(*((struct in_addr *)arg));
878 /* If there is no buffer, put the string into some new store. */
880 if (!buffer) buffer = store_get(46, GET_UNTAINTED);
882 /* Callers of this function with a non-NULL buffer must ensure that it is
883 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
884 makes this use of strcpy() OK.
885 If the library returned apparently an apparently tainted string, clean it;
886 we trust IP addresses. */
888 string_format_nt(buffer, 46, "%s", yield);
895 /*************************************************
896 * Convert address text to binary *
897 *************************************************/
899 /* Given the textual form of an IP address, convert it to binary in an
900 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
901 The result has the first byte in the most significant byte of the first int. In
902 other words, the result is not in network byte order, but in host byte order.
903 As a result, this is not the converse of host_ntoa(), which expects network
904 byte order. See host_nmtoa() below.
907 address points to the textual address, checked for syntax
908 bin points to an array of 4 ints
910 Returns: the number of ints used
914 host_aton(const uschar *address, int *bin)
919 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
920 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
921 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
924 if (Ustrchr(address, ':') != NULL)
926 const uschar *p = address;
927 const uschar *component[8];
928 BOOL ipv4_ends = FALSE;
934 /* If the address starts with a colon, it will start with two colons.
935 Just lose the first one, which will leave a null first component. */
939 /* Split the address into components separated by colons. The input address
940 is supposed to be checked for syntax. There was a case where this was
941 overlooked; to guard against that happening again, check here and crash if
942 there are too many components. */
944 while (*p != 0 && *p != '%')
946 int len = Ustrcspn(p, ":%");
947 if (len == 0) nulloffset = ci;
948 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
949 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
956 /* If the final component contains a dot, it is a trailing v4 address.
957 As the syntax is known to be checked, just set up for a trailing
958 v4 address and restrict the v6 part to 6 components. */
960 if (Ustrchr(component[ci-1], '.') != NULL)
962 address = component[--ci];
968 /* If there are fewer than 6 or 8 components, we have to insert some
969 more empty ones in the middle. */
973 int insert_count = v6count - ci;
974 for (i = v6count-1; i > nulloffset + insert_count; i--)
975 component[i] = component[i - insert_count];
976 while (i > nulloffset) component[i--] = US"";
979 /* Now turn the components into binary in pairs and bung them
980 into the vector of ints. */
982 for (i = 0; i < v6count; i += 2)
983 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
984 Ustrtol(component[i+1], NULL, 16);
986 /* If there was no terminating v4 component, we are done. */
988 if (!ipv4_ends) return 4;
991 /* Handle IPv4 address */
993 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
994 bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
999 /*************************************************
1000 * Apply mask to an IP address *
1001 *************************************************/
1003 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1007 count the number of ints
1008 binary points to the ints to be masked
1009 mask the count of ms bits to leave, or -1 if no masking
1015 host_mask(int count, int *binary, int mask)
1017 if (mask < 0) mask = 99999;
1018 for (int i = 0; i < count; i++)
1021 if (mask == 0) wordmask = 0;
1024 wordmask = (uint)(-1) << (32 - mask);
1032 binary[i] &= wordmask;
1039 /*************************************************
1040 * Convert masked IP address in ints to text *
1041 *************************************************/
1043 /* We can't use host_ntoa() because it assumes the binary values are in network
1044 byte order, and these are the result of host_aton(), which puts them in ints in
1045 host byte order. Also, we really want IPv6 addresses to be in a canonical
1046 format, so we output them with no abbreviation. In a number of cases we can't
1047 use the normal colon separator in them because it terminates keys in lsearch
1048 files, so we want to use dot instead. There's an argument that specifies what
1049 to use for IPv6 addresses.
1052 count 1 or 4 (number of ints)
1053 binary points to the ints
1054 mask mask value; if < 0 don't add to result
1055 buffer big enough to hold the result
1056 sep component separator character for IPv6 addresses
1058 Returns: the number of characters placed in buffer, not counting
1063 host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
1066 uschar *tt = buffer;
1071 for (int i = 24; i >= 0; i -= 8)
1072 tt += sprintf(CS tt, "%d.", (j >> i) & 255);
1075 for (int i = 0; i < 4; i++)
1078 tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1081 tt--; /* lose final separator */
1086 tt += sprintf(CS tt, "/%d", mask);
1092 /* Like host_nmtoa() but: ipv6-only, canonical output, no mask
1095 binary points to the ints
1096 buffer big enough to hold the result
1098 Returns: the number of characters placed in buffer, not counting
1103 ipv6_nmtoa(int * binary, uschar * buffer)
1106 uschar * c = buffer;
1107 uschar * d = NULL; /* shut insufficiently "clever" compiler up */
1109 for (i = 0; i < 4; i++)
1110 { /* expand to text */
1112 c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff);
1115 for (c = buffer, k = -1, i = 0; i < 8; i++)
1116 { /* find longest 0-group sequence */
1117 if (*c == '0') /* must be "0:" */
1121 while (c[2] == '0') i++, c += 2;
1124 k = i-j; /* length of sequence */
1125 d = s; /* start of sequence */
1128 while (*++c != ':') ;
1132 *--c = '\0'; /* drop trailing colon */
1134 /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */
1138 if (d == buffer) c--; /* need extra colon */
1139 *d++ = ':'; /* 1st 0 */
1140 while ((*d++ = *c++)) ;
1150 /*************************************************
1151 * Check port for tls_on_connect *
1152 *************************************************/
1154 /* This function checks whether a given incoming port is configured for tls-
1155 on-connect. It is called from the daemon and from inetd handling. If the global
1156 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1157 check the tls_on_connect_ports option for a list of ports.
1159 Argument: a port number
1160 Returns: TRUE or FALSE
1164 host_is_tls_on_connect_port(int port)
1167 const uschar * list = tls_in.on_connect_ports;
1169 if (tls_in.on_connect) return TRUE;
1171 for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
1172 if (Ustrtol(s, &end, 10) == port)
1180 /*************************************************
1181 * Check whether host is in a network *
1182 *************************************************/
1184 /* This function checks whether a given IP address matches a pattern that
1185 represents either a single host, or a network (using CIDR notation). The caller
1186 of this function must check the syntax of the arguments before calling it.
1189 host string representation of the ip-address to check
1190 net string representation of the network, with optional CIDR mask
1191 maskoffset offset to the / that introduces the mask in the key
1192 zero if there is no mask
1195 TRUE the host is inside the network
1196 FALSE the host is NOT inside the network
1200 host_is_in_net(const uschar *host, const uschar *net, int maskoffset)
1205 int size = host_aton(net, address);
1208 /* No mask => all bits to be checked */
1210 if (maskoffset == 0) mlen = 99999; /* Big number */
1211 else mlen = Uatoi(net + maskoffset + 1);
1213 /* Convert the incoming address to binary. */
1215 insize = host_aton(host, incoming);
1217 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1218 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1219 ::ffff:<v4address>, to IPv4 format. */
1221 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1222 incoming[2] == 0xffff)
1225 incoming[0] = incoming[3];
1228 /* No match if the sizes don't agree. */
1230 if (insize != size) return FALSE;
1232 /* Else do the masked comparison. */
1234 for (int i = 0; i < size; i++)
1237 if (mlen == 0) mask = 0;
1240 mask = (uint)(-1) << (32 - mlen);
1248 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1256 /*************************************************
1257 * Scan host list for local hosts *
1258 *************************************************/
1260 /* Scan through a chain of addresses and check whether any of them is the
1261 address of an interface on the local machine. If so, remove that address and
1262 any previous ones with the same MX value, and all subsequent ones (which will
1263 have greater or equal MX values) from the chain. Note: marking them as unusable
1264 is NOT the right thing to do because it causes the hosts not to be used for
1265 other domains, for which they may well be correct.
1267 The hosts may be part of a longer chain; we only process those between the
1268 initial pointer and the "last" pointer.
1270 There is also a list of "pseudo-local" host names which are checked against the
1271 host names. Any match causes that host item to be treated the same as one which
1272 matches a local IP address.
1274 If the very first host is a local host, then all MX records had a precedence
1275 greater than or equal to that of the local host. Either there's a problem in
1276 the DNS, or an apparently remote name turned out to be an abbreviation for the
1277 local host. Give a specific return code, and let the caller decide what to do.
1278 Otherwise, give a success code if at least one host address has been found.
1281 host pointer to the first host in the chain
1282 lastptr pointer to pointer to the last host in the chain (may be updated)
1283 removed if not NULL, set TRUE if some local addresses were removed
1287 HOST_FOUND if there is at least one host with an IP address on the chain
1288 and an MX value less than any MX value associated with the
1290 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1291 the host addresses were obtained from A records or
1292 gethostbyname(), the MX values are set to -1.
1293 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1297 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1299 int yield = HOST_FIND_FAILED;
1300 host_item *last = *lastptr;
1301 host_item *prev = NULL;
1304 if (removed != NULL) *removed = FALSE;
1306 if (local_interface_data == NULL) local_interface_data = host_find_interfaces();
1308 for (h = host; h != last->next; h = h->next)
1311 if (hosts_treat_as_local != NULL)
1314 const uschar *save = deliver_domain;
1315 deliver_domain = h->name; /* set $domain */
1316 rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0,
1317 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1318 deliver_domain = save;
1319 if (rc == OK) goto FOUND_LOCAL;
1323 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1324 for 127.0.0.1 and refers to the local host. We therefore force it always to
1325 be treated as local. */
1327 if (h->address != NULL)
1329 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1330 for (ip_address_item * ip = local_interface_data; ip; ip = ip->next)
1331 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1332 yield = HOST_FOUND; /* At least one remote address has been found */
1335 /* Update prev to point to the last host item before any that have
1336 the same MX value as the one we have just considered. */
1338 if (h->next == NULL || h->next->mx != h->mx) prev = h;
1341 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1343 /* A host whose IP address matches a local IP address, or whose name matches
1344 something in hosts_treat_as_local has been found. */
1350 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1351 "local host has lowest MX\n" :
1352 "local host found for non-MX address\n");
1353 return HOST_FOUND_LOCAL;
1356 HDEBUG(D_host_lookup)
1358 debug_printf("local host in host list - removed hosts:\n");
1359 for (h = prev->next; h != last->next; h = h->next)
1360 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1363 if (removed != NULL) *removed = TRUE;
1364 prev->next = last->next;
1372 /*************************************************
1373 * Remove duplicate IPs in host list *
1374 *************************************************/
1376 /* You would think that administrators could set up their DNS records so that
1377 one ended up with a list of unique IP addresses after looking up A or MX
1378 records, but apparently duplication is common. So we scan such lists and
1379 remove the later duplicates. Note that we may get lists in which some host
1380 addresses are not set.
1383 host pointer to the first host in the chain
1384 lastptr pointer to pointer to the last host in the chain (may be updated)
1390 host_remove_duplicates(host_item *host, host_item **lastptr)
1392 while (host != *lastptr)
1394 if (host->address != NULL)
1396 host_item *h = host;
1397 while (h != *lastptr)
1399 if (h->next->address != NULL &&
1400 Ustrcmp(h->next->address, host->address) == 0)
1402 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1403 "removed\n", host->address, h->next->mx);
1404 if (h->next == *lastptr) *lastptr = h;
1405 h->next = h->next->next;
1410 /* If the last item was removed, host may have become == *lastptr */
1411 if (host != *lastptr) host = host->next;
1418 /*************************************************
1419 * Find sender host name by gethostbyaddr() *
1420 *************************************************/
1422 /* This used to be the only way it was done, but it turns out that not all
1423 systems give aliases for calls to gethostbyaddr() - or one of the modern
1424 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1425 but they can still exist. This function is now used only when a DNS lookup of
1426 the IP address fails, in order to give access to /etc/hosts.
1429 Returns: OK, DEFER, FAIL
1433 host_name_lookup_byaddr(void)
1435 struct hostent * hosts;
1436 struct in_addr addr;
1437 unsigned long time_msec = 0; /* init to quieten dumb static analysis */
1439 if (slow_lookup_log) time_msec = get_time_in_ms();
1441 /* Lookup on IPv6 system */
1444 if (Ustrchr(sender_host_address, ':') != NULL)
1446 struct in6_addr addr6;
1447 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1448 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1449 "IPv6 address", sender_host_address);
1450 #if HAVE_GETIPNODEBYADDR
1451 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1453 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1458 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1459 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1460 "IPv4 address", sender_host_address);
1461 #if HAVE_GETIPNODEBYADDR
1462 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1464 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1468 /* Do lookup on IPv4 system */
1471 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1472 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1475 if ( slow_lookup_log
1476 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
1478 log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
1480 /* Failed to look up the host. */
1484 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1486 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1489 /* It seems there are some records in the DNS that yield an empty name. We
1490 treat this as non-existent. In some operating systems, this is returned as an
1491 empty string; in others as a single dot. */
1493 if (!hosts->h_name || !hosts->h_name[0] || hosts->h_name[0] == '.')
1495 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1496 "treated as non-existent host name\n");
1500 /* Copy and lowercase the name, which is in static storage in many systems.
1501 Put it in permanent memory. */
1504 int old_pool = store_pool;
1505 store_pool = POOL_TAINT_PERM; /* names are tainted */
1507 sender_host_name = string_copylc(US hosts->h_name);
1509 /* If the host has aliases, build a copy of the alias list */
1511 if (hosts->h_aliases)
1513 int count = 1; /* need 1 more for terminating NULL */
1516 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
1517 store_pool = POOL_PERM;
1518 ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1519 store_pool = POOL_TAINT_PERM;
1521 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)
1522 *ptr++ = string_copylc(*aliases);
1525 store_pool = old_pool;
1533 /*************************************************
1534 * Find host name for incoming call *
1535 *************************************************/
1537 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1538 up a list of alias names, pointed to by sender_host_alias. The list is
1539 NULL-terminated. The incoming address is in sender_host_address, either in
1540 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1542 This function does a thorough check that the names it finds point back to the
1543 incoming IP address. Any that do not are discarded. Note that this is relied on
1544 by the ACL reverse_host_lookup check.
1546 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1547 this it not universally true. Also, for release 4.30, this function was changed
1548 to do a direct DNS lookup first, by default[1], because it turns out that that
1549 is the only guaranteed way to find all the aliases on some systems. My
1550 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1553 [1] The actual order is controlled by the host_lookup_order option.
1556 Returns: OK on success, the answer being placed in the global variable
1557 sender_host_name, with any aliases in a list hung off
1559 FAIL if no host name can be found
1560 DEFER if a temporary error was encountered
1562 The variable host_lookup_msg is set to an empty string on success, or to a
1563 reason for the failure otherwise, in a form suitable for tagging onto an error
1564 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1565 was a defer, host_lookup_deferred is set TRUE.
1567 Any dynamically constructed string for host_lookup_msg must be in permanent
1568 store, because it might be used for several incoming messages on the same SMTP
1572 host_name_lookup(void)
1576 uschar *save_hostname;
1579 const uschar *list = host_lookup_order;
1580 dns_answer * dnsa = store_get_dns_answer();
1583 sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
1585 HDEBUG(D_host_lookup)
1586 debug_printf("looking up host name for %s\n", sender_host_address);
1588 /* For testing the case when a lookup does not complete, we have a special
1589 reserved IP address. */
1591 if (f.running_in_test_harness &&
1592 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1594 HDEBUG(D_host_lookup)
1595 debug_printf("Test harness: host name lookup returns DEFER\n");
1596 host_lookup_deferred = TRUE;
1600 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1601 the order specified by the host_lookup_order option. */
1603 while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
1605 if (strcmpic(ordername, US"bydns") == 0)
1607 uschar * name = dns_build_reverse(sender_host_address);
1609 dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
1610 rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
1612 /* The first record we come across is used for the name; others are
1613 considered to be aliases. We have to scan twice, in order to find out the
1614 number of aliases. However, if all the names are empty, we will behave as
1615 if failure. (PTR records that yield empty names have been encountered in
1618 if (rc == DNS_SUCCEED)
1620 uschar **aptr = NULL;
1622 int count = 1; /* need 1 more for terminating NULL */
1623 int old_pool = store_pool;
1625 sender_host_dnssec = dns_is_secure(dnsa);
1627 debug_printf("Reverse DNS security status: %s\n",
1628 sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
1630 store_pool = POOL_PERM; /* Save names in permanent storage */
1632 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1634 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1637 /* Get store for the list of aliases. For compatibility with
1638 gethostbyaddr, we make an empty list if there are none. */
1640 aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1642 /* Re-scan and extract the names */
1644 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1646 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1648 uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */
1650 /* If an overlong response was received, the data will have been
1651 truncated and dn_expand may fail. */
1653 if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1654 US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1656 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1657 sender_host_address);
1661 store_release_above(s + Ustrlen(s) + 1);
1664 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1665 "empty name: treated as non-existent host name\n");
1668 if (!sender_host_name) sender_host_name = s;
1670 while (*s) { *s = tolower(*s); s++; }
1673 *aptr = NULL; /* End of alias list */
1674 store_pool = old_pool; /* Reset store pool */
1676 /* If we've found a name, break out of the "order" loop */
1678 if (sender_host_name) break;
1681 /* If the DNS lookup deferred, we must also defer. */
1683 if (rc == DNS_AGAIN)
1685 HDEBUG(D_host_lookup)
1686 debug_printf("IP address PTR lookup gave temporary error\n");
1687 host_lookup_deferred = TRUE;
1692 /* Do a lookup using gethostbyaddr() - or equivalent */
1694 else if (strcmpic(ordername, US"byaddr") == 0)
1696 HDEBUG(D_host_lookup)
1697 debug_printf("IP address lookup using gethostbyaddr()\n");
1698 rc = host_name_lookup_byaddr();
1701 host_lookup_deferred = TRUE;
1702 return rc; /* Can't carry on */
1704 if (rc == OK) break; /* Found a name */
1706 } /* Loop for bydns/byaddr scanning */
1708 /* If we have failed to find a name, return FAIL and log when required.
1709 NB host_lookup_msg must be in permanent store. */
1711 if (!sender_host_name)
1713 if (host_checking || !f.log_testing_mode)
1714 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1715 "address %s", sender_host_address);
1716 host_lookup_msg = US" (failed to find host name from IP address)";
1717 host_lookup_failed = TRUE;
1721 HDEBUG(D_host_lookup)
1723 uschar **aliases = sender_host_aliases;
1724 debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
1725 while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++);
1728 /* We need to verify that a forward lookup on the name we found does indeed
1729 correspond to the address. This is for security: in principle a malefactor who
1730 happened to own a reverse zone could set it to point to any names at all.
1732 This code was present in versions of Exim before 3.20. At that point I took it
1733 out because I thought that gethostbyaddr() did the check anyway. It turns out
1734 that this isn't always the case, so it's coming back in at 4.01. This version
1735 is actually better, because it also checks aliases.
1737 The code was made more robust at release 4.21. Prior to that, it accepted all
1738 the names if any of them had the correct IP address. Now the code checks all
1739 the names, and accepts only those that have the correct IP address. */
1741 save_hostname = sender_host_name; /* Save for error messages */
1742 aliases = sender_host_aliases;
1743 for (uschar * hname = sender_host_name; hname; hname = *aliases++)
1747 host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL };
1749 { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL };
1751 if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA,
1752 NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
1753 || rc == HOST_FOUND_LOCAL
1756 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1758 /* If the forward lookup was not secure we cancel the is-secure variable */
1760 DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
1761 h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
1762 if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
1764 for (host_item * hh = &h; hh; hh = hh->next)
1765 if (host_is_in_net(hh->address, sender_host_address, 0))
1767 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1772 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1774 if (!ok) HDEBUG(D_host_lookup)
1775 debug_printf("no IP address for %s matched %s\n", hname,
1776 sender_host_address);
1778 else if (rc == HOST_FIND_AGAIN)
1780 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1781 host_lookup_deferred = TRUE;
1782 sender_host_name = NULL;
1786 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1788 /* If this name is no good, and it's the sender name, set it null pro tem;
1789 if it's an alias, just remove it from the list. */
1793 if (hname == sender_host_name) sender_host_name = NULL; else
1795 uschar **a; /* Don't amalgamate - some */
1796 a = --aliases; /* compilers grumble */
1797 while (*a != NULL) { *a = a[1]; a++; }
1802 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1803 it with the first alias, if there is one. */
1805 if (sender_host_name == NULL && *sender_host_aliases != NULL)
1806 sender_host_name = *sender_host_aliases++;
1808 /* If we now have a main name, all is well. */
1810 if (sender_host_name != NULL) return OK;
1812 /* We have failed to find an address that matches. */
1814 HDEBUG(D_host_lookup)
1815 debug_printf("%s does not match any IP address for %s\n",
1816 sender_host_address, save_hostname);
1818 /* This message must be in permanent store */
1820 old_pool = store_pool;
1821 store_pool = POOL_PERM;
1822 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1823 sender_host_address, save_hostname);
1824 store_pool = old_pool;
1825 host_lookup_failed = TRUE;
1832 /*************************************************
1833 * Find IP address(es) for host by name *
1834 *************************************************/
1836 /* The input is a host_item structure with the name filled in and the address
1837 field set to NULL. We use gethostbyname() or getipnodebyname() or
1838 gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
1839 but they do not do MX processing. It appears, however, that in some systems the
1840 current setting of resolver options is used when one of these functions calls
1841 the resolver. For this reason, we call dns_init() at the start, with arguments
1842 influenced by bits in "flags", just as we do for host_find_bydns().
1844 The second argument provides a host list (usually an IP list) of hosts to
1845 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1846 addresses in unreasonable places.
1848 The lookup may result in a change of name. For compatibility with the dns
1849 lookup, return this via fully_qualified_name as well as updating the host item.
1850 The lookup may also yield more than one IP address, in which case chain on
1851 subsequent host_item structures.
1854 host a host item with the name and MX filled in;
1855 the address is to be filled in;
1856 multiple IP addresses cause other host items to be
1858 ignore_target_hosts a list of hosts to ignore
1859 flags HOST_FIND_QUALIFY_SINGLE ) passed to
1860 HOST_FIND_SEARCH_PARENTS ) dns_init()
1861 fully_qualified_name if not NULL, set to point to host name for
1862 compatibility with host_find_bydns
1863 local_host_check TRUE if a check for the local host is wanted
1865 Returns: HOST_FIND_FAILED Failed to find the host or domain
1866 HOST_FIND_AGAIN Try again later
1867 HOST_FOUND Host found - data filled in
1868 HOST_FOUND_LOCAL Host found and is the local host
1872 host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags,
1873 const uschar **fully_qualified_name, BOOL local_host_check)
1876 host_item *last = NULL;
1877 BOOL temp_error = FALSE;
1881 /* Copy the host name at this point to the value which is used for
1882 TLS certificate name checking, before anything modifies it. */
1884 host->certname = host->name;
1887 /* Make sure DNS options are set as required. This appears to be necessary in
1888 some circumstances when the get..byname() function actually calls the DNS. */
1890 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
1891 (flags & HOST_FIND_SEARCH_PARENTS) != 0,
1892 FALSE); /* Cannot retrieve dnssec status so do not request */
1894 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
1895 kinds of address, so go round the loop twice. Note that we have ensured that
1896 AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
1897 code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
1898 lookups here (except when testing standalone). */
1906 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
1907 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
1910 { af = AF_INET; times = 1; }
1912 { af = AF_INET6; times = 2; }
1914 /* No IPv6 support */
1916 #else /* HAVE_IPV6 */
1917 af = AF_INET; times = 1;
1918 #endif /* HAVE_IPV6 */
1920 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1921 interface to this function can be similar to host_find_bydns. */
1923 f.host_find_failed_syntax = FALSE;
1925 /* Loop to look up both kinds of address in an IPv6 world */
1927 for (int i = 1; i <= times;
1929 af = AF_INET, /* If 2 passes, IPv4 on the second */
1935 struct hostent *hostdata;
1936 unsigned long time_msec = 0; /* compiler quietening */
1939 printf("Looking up: %s\n", host->name);
1942 if (slow_lookup_log) time_msec = get_time_in_ms();
1945 if (f.running_in_test_harness)
1946 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1949 #if HAVE_GETIPNODEBYNAME
1950 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
1952 hostdata = gethostbyname2(CS host->name, af);
1953 error_num = h_errno;
1957 #else /* not HAVE_IPV6 */
1958 if (f.running_in_test_harness)
1959 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
1962 hostdata = gethostbyname(CS host->name);
1963 error_num = h_errno;
1965 #endif /* HAVE_IPV6 */
1967 if ( slow_lookup_log
1968 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
1969 log_long_lookup(US"gethostbyname", host->name, time_msec);
1976 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
1977 case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
1978 case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
1979 case NO_DATA: error = US"NO_DATA"; break;
1980 #if NO_DATA != NO_ADDRESS
1981 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
1983 default: error = US"?"; break;
1986 DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
1987 f.running_in_test_harness ? "host_fake_gethostbyname" :
1989 # if HAVE_GETIPNODEBYNAME
1997 af == AF_INET ? "inet" : "inet6", error_num, error);
2001 if (!(hostdata->h_addr_list)[0]) continue;
2003 /* Replace the name with the fully qualified one if necessary, and fill in
2004 the fully_qualified_name pointer. */
2006 if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
2007 host->name = string_copy_dnsdomain(US hostdata->h_name);
2008 if (fully_qualified_name) *fully_qualified_name = host->name;
2010 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2011 by their different lengths. Scan the list, ignoring any that are to be
2012 ignored, and build a chain from the rest. */
2014 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2016 for (uschar ** addrlist = USS hostdata->h_addr_list; *addrlist; addrlist++)
2018 uschar *text_address =
2019 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2022 if ( ignore_target_hosts
2023 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2024 text_address, NULL) == OK)
2026 DEBUG(D_host_lookup)
2027 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2032 /* If this is the first address, last is NULL and we put the data in the
2037 host->address = text_address;
2038 host->port = PORT_NONE;
2039 host->status = hstatus_unknown;
2040 host->why = hwhy_unknown;
2041 host->dnssec = DS_UNK;
2045 /* Else add further host item blocks for any other addresses, keeping
2050 host_item *next = store_get(sizeof(host_item), GET_UNTAINTED);
2051 next->name = host->name;
2053 next->certname = host->certname;
2055 next->mx = host->mx;
2056 next->address = text_address;
2057 next->port = PORT_NONE;
2058 next->status = hstatus_unknown;
2059 next->why = hwhy_unknown;
2060 next->dnssec = DS_UNK;
2062 next->next = last->next;
2069 /* If no hosts were found, the address field in the original host block will be
2070 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2071 so we pass that back. */
2077 !message_id[0] && smtp_in
2078 ? string_sprintf("no IP address found for host %s (during %s)", host->name,
2079 smtp_get_connection_info()) :
2081 string_sprintf("no IP address found for host %s", host->name);
2083 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2084 if (temp_error) goto RETURN_AGAIN;
2085 if (host_checking || !f.log_testing_mode)
2086 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2087 return HOST_FIND_FAILED;
2090 /* Remove any duplicate IP addresses, then check to see if this is the local
2091 host if required. */
2093 host_remove_duplicates(host, &last);
2094 yield = local_host_check?
2095 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2097 HDEBUG(D_host_lookup)
2099 if (fully_qualified_name)
2100 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2101 debug_printf("%s looked up these IP addresses:\n",
2103 #if HAVE_GETIPNODEBYNAME
2112 for (const host_item * h = host; h != last->next; h = h->next)
2113 debug_printf(" name=%s address=%s\n", h->name,
2114 h->address ? h->address : US"<null>");
2117 /* Return the found status. */
2121 /* Handle the case when there is a temporary error. If the name matches
2122 dns_again_means_nonexist, return permanent rather than temporary failure. */
2128 const uschar *save = deliver_domain;
2129 deliver_domain = host->name; /* set $domain */
2130 rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
2131 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
2132 deliver_domain = save;
2135 DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: "
2136 "returning HOST_FIND_FAILED\n", host->name);
2137 return HOST_FIND_FAILED;
2140 return HOST_FIND_AGAIN;
2146 /*************************************************
2147 * Fill in a host address from the DNS *
2148 *************************************************/
2150 /* Given a host item, with its name, port and mx fields set, and its address
2151 field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
2152 create additional host items for the additional addresses, copying all the
2153 other fields, and randomizing the order.
2155 On IPv6 systems, AAAA records are sought first, then A records.
2157 The host name may be changed if the DNS returns a different name - e.g. fully
2158 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2159 ensures that it points to the fully qualified name. However, this is the fully
2160 qualified version of the original name; if a CNAME is involved, the actual
2161 canonical host name may be different again, and so we get it directly from the
2162 relevant RR. Note that we do NOT change the mx field of the host item in this
2163 function as it may be called to set the addresses of hosts taken from MX
2167 host points to the host item we're filling in
2168 lastptr points to pointer to last host item in a chain of
2169 host items (may be updated if host is last and gets
2170 extended because multihomed)
2171 ignore_target_hosts list of hosts to ignore
2172 allow_ip if TRUE, recognize an IP address and return it
2173 fully_qualified_name if not NULL, return fully qualified name here if
2174 the contents are different (i.e. it must be preset
2176 dnssec_request if TRUE request the AD bit
2177 dnssec_require if TRUE require the AD bit
2178 whichrrs select ipv4, ipv6 results
2180 Returns: HOST_FIND_FAILED couldn't find A record
2181 HOST_FIND_AGAIN try again later
2182 HOST_FIND_SECURITY dnssec required but not acheived
2183 HOST_FOUND found AAAA and/or A record(s)
2184 HOST_IGNORED found, but all IPs ignored
2188 set_address_from_dns(host_item *host, host_item **lastptr,
2189 const uschar *ignore_target_hosts, BOOL allow_ip,
2190 const uschar **fully_qualified_name,
2191 BOOL dnssec_request, BOOL dnssec_require, int whichrrs)
2193 host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
2194 BOOL v6_find_again = FALSE;
2195 BOOL dnssec_fail = FALSE;
2200 /* Copy the host name at this point to the value which is used for
2201 TLS certificate name checking, before any CNAME-following modifies it. */
2203 host->certname = host->name;
2206 /* If allow_ip is set, a name which is an IP address returns that value
2207 as its address. This is used for MX records when allow_mx_to_ip is set, for
2208 those sites that feel they have to flaunt the RFC rules. */
2210 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2213 if ( ignore_target_hosts
2214 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2215 host->name, NULL) == OK)
2216 return HOST_IGNORED;
2219 host->address = host->name;
2223 dnsa = store_get_dns_answer();
2225 /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
2226 looking for AAAA records the first time. However, unless doing standalone
2227 testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.
2228 On an IPv4 system, go round the loop once only, looking only for A records. */
2233 || !(whichrrs & HOST_FIND_BY_AAAA)
2235 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
2236 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
2238 i = 0; /* look up A records only */
2240 #endif /* STAND_ALONE */
2242 i = 1; /* look up AAAA and A records */
2244 /* The IPv4 world */
2246 #else /* HAVE_IPV6 */
2247 i = 0; /* look up A records only */
2248 #endif /* HAVE_IPV6 */
2252 static int types[] = { T_A, T_AAAA };
2253 int type = types[i];
2254 int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
2255 ? 500 : 0; /* Ensures v6/4 sort order */
2258 int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);
2259 lookup_dnssec_authenticated = !dnssec_request ? NULL
2260 : dns_is_secure(dnsa) ? US"yes" : US"no";
2263 if ( (dnssec_request || dnssec_require)
2264 && !dns_is_secure(dnsa)
2267 debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name);
2269 /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups
2270 fails or times out, but not if another one succeeds. (In the early
2271 IPv6 days there are name servers that always fail on AAAA, but are happy
2272 to give out an A record. We want to proceed with that A record.) */
2274 if (rc != DNS_SUCCEED)
2276 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2278 if (host->address != NULL)
2279 i = HOST_FOUND; /* AAAA was found */
2280 else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2281 i = HOST_FIND_AGAIN;
2283 i = HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2287 /* Tried for an AAAA record: remember if this was a temporary
2288 error, and look for the next record type. */
2290 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2296 if (dns_is_secure(dnsa))
2298 DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name);
2299 if (host->dnssec == DS_UNK) /* set in host_find_bydns() */
2300 host->dnssec = DS_YES;
2307 DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
2308 i>0 ? "AAAA" : "A", host->name);
2311 if (host->dnssec == DS_YES) /* set in host_find_bydns() */
2313 DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name);
2314 host->dnssec = DS_NO;
2315 lookup_dnssec_authenticated = US"no";
2320 /* Lookup succeeded: fill in the given host item with the first non-ignored
2321 address found; create additional items for any others. A single A6 record
2322 may generate more than one address. The lookup had a chance to update the
2323 fqdn; we do not want any later times round the loop to do so. */
2325 fully_qualified_name = NULL;
2327 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2329 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
2331 dns_address * da = dns_address_from_rr(dnsa, rr);
2333 DEBUG(D_host_lookup)
2334 if (!da) debug_printf("no addresses extracted from A6 RR for %s\n",
2337 /* This loop runs only once for A and AAAA records, but may run
2338 several times for an A6 record that generated multiple addresses. */
2340 for (; da; da = da->next)
2343 if (ignore_target_hosts != NULL &&
2344 verify_check_this_host(&ignore_target_hosts, NULL,
2345 host->name, da->address, NULL) == OK)
2347 DEBUG(D_host_lookup)
2348 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2353 /* If this is the first address, stick it in the given host block,
2354 and change the name if the returned RR has a different name. */
2356 if (thishostlast == NULL)
2358 if (strcmpic(host->name, rr->name) != 0)
2359 host->name = string_copy_dnsdomain(rr->name);
2360 host->address = da->address;
2361 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2362 host->status = hstatus_unknown;
2363 host->why = hwhy_unknown;
2364 thishostlast = host;
2367 /* Not the first address. Check for, and ignore, duplicates. Then
2368 insert in the chain at a random point. */
2375 /* End of our local chain is specified by "thishostlast". */
2377 for (next = host;; next = next->next)
2379 if (Ustrcmp(CS da->address, next->address) == 0) break;
2380 if (next == thishostlast) { next = NULL; break; }
2382 if (next != NULL) continue; /* With loop for next address */
2384 /* Not a duplicate */
2386 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2387 next = store_get(sizeof(host_item), GET_UNTAINTED);
2389 /* New address goes first: insert the new block after the first one
2390 (so as not to disturb the original pointer) but put the new address
2391 in the original block. */
2393 if (new_sort_key < host->sort_key)
2395 *next = *host; /* Copies port */
2397 host->address = da->address;
2398 host->sort_key = new_sort_key;
2399 if (thishostlast == host) thishostlast = next; /* Local last */
2400 if (*lastptr == host) *lastptr = next; /* Global last */
2403 /* Otherwise scan down the addresses for this host to find the
2404 one to insert after. */
2408 host_item *h = host;
2409 while (h != thishostlast)
2411 if (new_sort_key < h->next->sort_key) break;
2414 *next = *h; /* Copies port */
2416 next->address = da->address;
2417 next->sort_key = new_sort_key;
2418 if (h == thishostlast) thishostlast = next; /* Local last */
2419 if (h == *lastptr) *lastptr = next; /* Global last */
2426 /* Control gets here only if the second lookup (the A record) succeeded.
2427 However, the address may not be filled in if it was ignored. */
2432 ? HOST_FIND_SECURITY
2436 store_free_dns_answer(dnsa);
2443 /*************************************************
2444 * Find IP addresses and host names via DNS *
2445 *************************************************/
2447 /* The input is a host_item structure with the name field filled in and the
2448 address field set to NULL. This may be in a chain of other host items. The
2449 lookup may result in more than one IP address, in which case we must created
2450 new host blocks for the additional addresses, and insert them into the chain.
2451 The original name may not be fully qualified. Use the fully_qualified_name
2452 argument to return the official name, as returned by the resolver.
2455 host point to initial host item
2456 ignore_target_hosts a list of hosts to ignore
2457 whichrrs flags indicating which RRs to look for:
2458 HOST_FIND_BY_SRV => look for SRV
2459 HOST_FIND_BY_MX => look for MX
2460 HOST_FIND_BY_A => look for A
2461 HOST_FIND_BY_AAAA => look for AAAA
2462 also flags indicating how the lookup is done
2463 HOST_FIND_QUALIFY_SINGLE ) passed to the
2464 HOST_FIND_SEARCH_PARENTS ) resolver
2465 HOST_FIND_IPV4_FIRST => reverse usual result ordering
2466 HOST_FIND_IPV4_ONLY => MX results elide ipv6
2467 srv_service when SRV used, the service name
2468 srv_fail_domains DNS errors for these domains => assume nonexist
2469 mx_fail_domains DNS errors for these domains => assume nonexist
2470 dnssec_d.request => make dnssec request: domainlist
2471 dnssec_d.require => ditto and nonexist failures
2472 fully_qualified_name if not NULL, return fully-qualified name
2473 removed set TRUE if local host was removed from the list
2475 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2476 if there was a syntax error,
2477 host_find_failed_syntax is set.
2478 HOST_FIND_AGAIN Could not resolve at this time
2479 HOST_FIND_SECURITY dnsssec required but not acheived
2480 HOST_FOUND Host found
2481 HOST_FOUND_LOCAL The lowest MX record points to this
2482 machine, if MX records were found, or
2483 an A record that was found contains
2484 an address of the local host
2488 host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
2489 uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
2490 const dnssec_domains *dnssec_d,
2491 const uschar **fully_qualified_name, BOOL *removed)
2493 host_item *h, *last;
2497 dns_answer * dnsa = store_get_dns_answer();
2499 BOOL dnssec_require = dnssec_d
2500 && match_isinlist(host->name, CUSS &dnssec_d->require,
2501 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
2502 BOOL dnssec_request = dnssec_require
2504 && match_isinlist(host->name, CUSS &dnssec_d->request,
2505 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
2506 dnssec_status_t dnssec;
2508 /* Set the default fully qualified name to the incoming name, initialize the
2509 resolver if necessary, set up the relevant options, and initialize the flag
2510 that gets set for DNS syntax check errors. */
2512 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2513 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2514 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
2516 f.host_find_failed_syntax = FALSE;
2518 /* First, if requested, look for SRV records. The service name is given; we
2519 assume TCP protocol. DNS domain names are constrained to a maximum of 256
2520 characters, so the code below should be safe. */
2522 if (whichrrs & HOST_FIND_BY_SRV)
2525 uschar * temp_fully_qualified_name;
2528 g = string_fmt_append(NULL, "_%s._tcp.%n%.256s",
2529 srv_service, &prefix_length, host->name);
2530 temp_fully_qualified_name = string_from_gstring(g);
2533 /* Search for SRV records. If the fully qualified name is different to
2534 the input name, pass back the new original domain, without the prepended
2538 lookup_dnssec_authenticated = NULL;
2539 rc = dns_lookup_timerwrap(dnsa, temp_fully_qualified_name, ind_type,
2540 CUSS &temp_fully_qualified_name);
2543 if ((dnssec_request || dnssec_require)
2544 && !dns_is_secure(dnsa)
2546 debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
2550 if (dns_is_secure(dnsa))
2551 { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
2553 { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
2556 if (temp_fully_qualified_name != g->s && fully_qualified_name != NULL)
2557 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2559 /* On DNS failures, we give the "try again" error unless the domain is
2560 listed as one for which we continue. */
2562 if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(dnsa))
2564 log_write(L_host_lookup_failed, LOG_MAIN,
2565 "dnssec fail on SRV for %.256s", host->name);
2568 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2571 if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
2572 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2574 { yield = HOST_FIND_AGAIN; goto out; }
2575 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2576 "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
2580 /* If we did not find any SRV records, search the DNS for MX records, if
2581 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2582 domain, and there's no point in going on to look for address records with the
2583 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2584 records. On DNS failures, we give the "try again" error unless the domain is
2585 listed as one for which we continue. */
2587 if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
2591 lookup_dnssec_authenticated = NULL;
2592 rc = dns_lookup_timerwrap(dnsa, host->name, ind_type, fully_qualified_name);
2595 if ( (dnssec_request || dnssec_require)
2596 && !dns_is_secure(dnsa)
2598 debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
2601 if (dns_is_secure(dnsa))
2603 DEBUG(D_host_lookup) debug_printf("%s (MX resp) DNSSEC\n", host->name);
2604 dnssec = DS_YES; lookup_dnssec_authenticated = US"yes";
2608 dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
2614 yield = HOST_FIND_FAILED; goto out;
2617 if (!dnssec_require || dns_is_secure(dnsa))
2619 DEBUG(D_host_lookup)
2620 debug_printf("dnssec fail on MX for %.256s", host->name);
2622 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2623 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2624 { yield = HOST_FIND_SECURITY; goto out; }
2632 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2633 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2635 { yield = HOST_FIND_AGAIN; goto out; }
2636 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2637 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2642 /* If we haven't found anything yet, and we are requested to do so, try for an
2643 A or AAAA record. If we find it (or them) check to see that it isn't the local
2646 if (rc != DNS_SUCCEED)
2648 if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA)))
2650 DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n");
2651 yield = HOST_FIND_FAILED;
2655 last = host; /* End of local chainlet */
2657 host->port = PORT_NONE;
2658 host->dnssec = DS_UNK;
2659 lookup_dnssec_authenticated = NULL;
2660 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2661 fully_qualified_name, dnssec_request, dnssec_require, whichrrs);
2663 /* If one or more address records have been found, check that none of them
2664 are local. Since we know the host items all have their IP addresses
2665 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2666 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2667 because set_address_from_dns() removes them. */
2669 if (rc == HOST_FOUND)
2670 rc = host_scan_for_local_hosts(host, &last, removed);
2672 if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
2674 DEBUG(D_host_lookup)
2677 if (fully_qualified_name)
2678 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2679 for (host_item * h = host; h != last->next; h = h->next)
2680 debug_printf("%s %s mx=%d sort=%d %s\n", h->name,
2681 h->address ? h->address : US"<null>", h->mx, h->sort_key,
2682 h->status >= hstatus_unusable ? US"*" : US"");
2689 /* We have found one or more MX or SRV records. Sort them according to
2690 precedence. Put the data for the first one into the existing host block, and
2691 insert new host_item blocks into the chain for the remainder. For equal
2692 precedences one is supposed to randomize the order. To make this happen, the
2693 sorting is actually done on the MX value * 1000 + a random number. This is put
2694 into a host field called sort_key.
2696 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2697 IPv6 address in preference. At this stage, we don't know what kind of address
2698 the host has. We choose a random number < 500; if later we find an A record
2699 first, we add 500 to the random number. Then for any other address records, we
2700 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2703 At this point we remove any duplicates that point to the same host, retaining
2704 only the one with the lowest precedence. We cannot yet check for precedence
2705 greater than that of the local host, because that test cannot be properly done
2706 until the addresses have been found - an MX record may point to a name for this
2707 host which is not the primary hostname. */
2709 last = NULL; /* Indicates that not even the first item is filled yet */
2711 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2713 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type)
2715 int precedence, weight;
2716 int port = PORT_NONE;
2717 const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
2720 GETSHORT(precedence, s); /* Pointer s is advanced */
2722 /* For MX records, we use a random "weight" which causes multiple records of
2723 the same precedence to sort randomly. */
2725 if (ind_type == T_MX)
2726 weight = random_number(500);
2729 /* SRV records are specified with a port and a weight. The weight is used
2730 in a special algorithm. However, to start with, we just use it to order the
2731 records of equal priority (precedence). */
2732 GETSHORT(weight, s);
2736 /* Get the name of the host pointed to. */
2738 (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
2739 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2741 /* Check that we haven't already got this host on the chain; if we have,
2742 keep only the lower precedence. This situation shouldn't occur, but you
2743 never know what junk might get into the DNS (and this case has been seen on
2744 more than one occasion). */
2746 if (last) /* This is not the first record */
2748 host_item *prev = NULL;
2750 for (h = host; h != last->next; prev = h, h = h->next)
2751 if (strcmpic(h->name, data) == 0)
2753 DEBUG(D_host_lookup)
2754 debug_printf("discarded duplicate host %s (MX=%d)\n", data,
2755 precedence > h->mx ? precedence : h->mx);
2756 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2757 if (h == host) /* Override first item */
2760 host->sort_key = precedence * 1000 + weight;
2764 /* Unwanted host item is not the first in the chain, so we can get
2765 get rid of it by cutting it out. */
2767 prev->next = h->next;
2768 if (h == last) last = prev;
2773 /* If this is the first MX or SRV record, put the data into the existing host
2774 block. Otherwise, add a new block in the correct place; if it has to be
2775 before the first block, copy the first block's data to a new second block. */
2779 host->name = string_copy_dnsdomain(data);
2780 host->address = NULL;
2782 host->mx = precedence;
2783 host->sort_key = precedence * 1000 + weight;
2784 host->status = hstatus_unknown;
2785 host->why = hwhy_unknown;
2786 host->dnssec = dnssec;
2791 /* Make a new host item and seek the correct insertion place */
2793 int sort_key = precedence * 1000 + weight;
2794 host_item * next = store_get(sizeof(host_item), GET_UNTAINTED);
2795 next->name = string_copy_dnsdomain(data);
2796 next->address = NULL;
2798 next->mx = precedence;
2799 next->sort_key = sort_key;
2800 next->status = hstatus_unknown;
2801 next->why = hwhy_unknown;
2802 next->dnssec = dnssec;
2805 /* Handle the case when we have to insert before the first item. */
2807 if (sort_key < host->sort_key)
2814 if (last == host) last = next;
2818 /* Else scan down the items we have inserted as part of this exercise;
2819 don't go further. */
2821 for (h = host; h != last; h = h->next)
2822 if (sort_key < h->next->sort_key)
2824 next->next = h->next;
2829 /* Join on after the last host item that's part of this
2830 processing if we haven't stopped sooner. */
2834 next->next = last->next;
2841 NEXT_MX_RR: continue;
2844 if (!last) /* No rr of correct type; give up */
2846 yield = HOST_FIND_FAILED;
2850 /* If the list of hosts was obtained from SRV records, there are two things to
2851 do. First, if there is only one host, and it's name is ".", it means there is
2852 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2853 priority according to their weights, using an algorithm that is defined in RFC
2854 2782. The hosts are currently sorted by priority and weight. For each priority
2855 group we have to pick off one host and put it first, and then repeat for any
2856 remaining in the same priority group. */
2858 if (ind_type == T_SRV)
2862 if (host == last && host->name[0] == 0)
2864 DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n");
2865 yield = HOST_FIND_FAILED;
2869 DEBUG(D_host_lookup)
2871 debug_printf("original ordering of hosts from SRV records:\n");
2872 for (h = host; h != last->next; h = h->next)
2873 debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2876 for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
2881 /* Find the last following host that has the same precedence. At the same
2882 time, compute the sum of the weights and the running totals. These can be
2883 stored in the sort_key field. */
2885 for (hh = h; hh != last; hh = hh->next)
2887 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2890 if (hh->mx != hh->next->mx) break;
2893 /* If there's more than one host at this precedence (priority), we need to
2894 pick one to go first. */
2900 int randomizer = random_number(sum + 1);
2902 for (ppptr = pptr, hhh = h;
2904 ppptr = &hhh->next, hhh = hhh->next)
2905 if (hhh->sort_key >= randomizer)
2908 /* hhh now points to the host that should go first; ppptr points to the
2909 place that points to it. Unfortunately, if the start of the minilist is
2910 the start of the entire list, we can't just swap the items over, because
2911 we must not change the value of host, since it is passed in from outside.
2912 One day, this could perhaps be changed.
2914 The special case is fudged by putting the new item *second* in the chain,
2915 and then transferring the data between the first and second items. We
2916 can't just swap the first and the chosen item, because that would mean
2917 that an item with zero weight might no longer be first. */
2921 *ppptr = hhh->next; /* Cuts it out of the chain */
2925 host_item temp = *h;
2928 hhh->next = temp.next;
2933 hhh->next = h; /* The rest of the chain follows it */
2934 *pptr = hhh; /* It takes the place of h */
2935 h = hhh; /* It's now the start of this minilist */
2940 /* A host has been chosen to be first at this priority and h now points
2941 to this host. There may be others at the same priority, or others at a
2942 different priority. Before we leave this host, we need to put back a sort
2943 key of the traditional MX kind, in case this host is multihomed, because
2944 the sort key is used for ordering the multiple IP addresses. We do not need
2945 to ensure that these new sort keys actually reflect the order of the hosts,
2948 h->sort_key = h->mx * 1000 + random_number(500);
2949 } /* Move on to the next host */
2952 /* Now we have to find IP addresses for all the hosts. We have ensured above
2953 that the names in all the host items are unique. Before release 4.61 we used to
2954 process records from the additional section in the DNS packet that returned the
2955 MX or SRV records. However, a DNS name server is free to drop any resource
2956 records from the additional section. In theory, this has always been a
2957 potential problem, but it is exacerbated by the advent of IPv6. If a host had
2958 several IPv4 addresses and some were not in the additional section, at least
2959 Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
2960 and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
2961 connection, and never try an IPv4 address. When there was only IPv4
2962 connectivity, this was a disaster that did in practice occur.
2964 So, from release 4.61 onwards, we always search for A and AAAA records
2965 explicitly. The names shouldn't point to CNAMES, but we use the general lookup
2966 function that handles them, just in case. If any lookup gives a soft error,
2967 change the default yield.
2969 For these DNS lookups, we must disable qualify_single and search_parents;
2970 otherwise invalid host names obtained from MX or SRV records can cause trouble
2971 if they happen to match something local. */
2973 yield = HOST_FIND_FAILED; /* Default yield */
2974 dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */
2975 dnssec_request || dnssec_require);
2977 for (h = host; h != last->next; h = h->next)
2979 if (h->address) continue; /* Inserted by a multihomed host */
2981 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
2982 NULL, dnssec_request, dnssec_require,
2983 whichrrs & HOST_FIND_IPV4_ONLY
2984 ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA);
2985 if (rc != HOST_FOUND)
2987 h->status = hstatus_unusable;
2990 case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break;
2991 case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break;
2992 case HOST_IGNORED: h->why = hwhy_ignored; break;
2993 default: h->why = hwhy_failed; break;
2998 /* Scan the list for any hosts that are marked unusable because they have
2999 been explicitly ignored, and remove them from the list, as if they did not
3000 exist. If we end up with just a single, ignored host, flatten its fields as if
3001 nothing was found. */
3003 if (ignore_target_hosts)
3005 host_item *prev = NULL;
3006 for (h = host; h != last->next; h = h->next)
3009 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3011 else if (prev == NULL) /* First host is ignored */
3013 if (h != last) /* First is not last */
3015 if (h->next == last) last = h; /* Overwrite it with next */
3016 *h = *(h->next); /* and reprocess it. */
3017 goto REDO; /* C should have redo, like Perl */
3020 else /* Ignored host is not first - */
3022 prev->next = h->next;
3023 if (h == last) last = prev;
3027 if (host->why == hwhy_ignored) host->address = NULL;
3030 /* There is still one complication in the case of IPv6. Although the code above
3031 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3032 hosts, it doesn't do this for addresses that apply to different hosts with the
3033 same MX precedence, because the sorting on MX precedence happens first. So we
3034 have to make another pass to check for this case. We ensure that, within a
3035 single MX preference value, IPv6 addresses come first. This can separate the
3036 addresses of a multihomed host, but that should not matter. */
3039 if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
3042 host_item *next = h->next;
3044 if ( h->mx != next->mx /* If next is different MX */
3045 || !h->address /* OR this one is unset */
3047 continue; /* move on to next */
3049 if ( whichrrs & HOST_FIND_IPV4_FIRST
3050 ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */
3052 && Ustrchr(next->address, ':') /* OR next is IPv6 */
3054 : Ustrchr(h->address, ':') /* OR this one is IPv6 */
3056 && !Ustrchr(next->address, ':') /* OR next is IPv4 */
3058 continue; /* move on to next */
3060 temp = *h; /* otherwise, swap */
3061 temp.next = next->next;
3068 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3069 whose IP addresses are on the local host. If any are found, all hosts with the
3070 same or higher MX values are removed. However, if the local host has the lowest
3071 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3072 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3073 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3074 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3075 be HOST_FIND_FAILED. */
3077 host_remove_duplicates(host, &last);
3078 rc = host_scan_for_local_hosts(host, &last, removed);
3079 if (rc != HOST_FIND_FAILED) yield = rc;
3081 DEBUG(D_host_lookup)
3083 if (fully_qualified_name)
3084 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
3085 debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
3086 yield == HOST_FOUND ? "HOST_FOUND" :
3087 yield == HOST_FOUND_LOCAL ? "HOST_FOUND_LOCAL" :
3088 yield == HOST_FIND_SECURITY ? "HOST_FIND_SECURITY" :
3089 yield == HOST_FIND_AGAIN ? "HOST_FIND_AGAIN" :
3090 yield == HOST_FIND_FAILED ? "HOST_FIND_FAILED" : "?",
3092 for (h = host; h != last->next; h = h->next)
3094 debug_printf(" %s %s MX=%d %s", h->name,
3095 !h->address ? US"<null>" : h->address, h->mx,
3096 h->dnssec == DS_YES ? US"DNSSEC " : US"");
3097 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3098 if (h->status >= hstatus_unusable) debug_printf("*");
3105 dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
3106 store_free_dns_answer(dnsa);
3114 /* Lookup TLSA record for host/port.
3115 Return: OK success with dnssec; DANE mode
3116 DEFER Do not use this host now, may retry later
3117 FAIL_FORCED No TLSA record; DANE not usable
3118 FAIL Do not use this connection
3122 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
3125 const uschar * fullname = buffer;
3129 /* TLSA lookup string */
3130 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
3132 rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
3133 sec = dns_is_secure(dnsa);
3135 debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
3140 return DEFER; /* just defer this TLS'd conn */
3148 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
3149 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
3150 if (rr->type == T_TLSA && rr->size > 3)
3152 uint16_t payload_length = rr->size - 3;
3153 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
3155 sp += sprintf(CS sp, "%d ", *p++); /* usage */
3156 sp += sprintf(CS sp, "%d ", *p++); /* selector */
3157 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
3158 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
3159 sp += sprintf(CS sp, "%02x", *p++);
3161 debug_printf(" %s\n", s);
3166 log_write(0, LOG_MAIN,
3167 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
3170 case DNS_NODATA: /* no TLSA RR for this lookup */
3171 case DNS_NOMATCH: /* no records at all for this lookup */
3172 return dane_required ? FAIL : FAIL_FORCED;
3176 return dane_required ? FAIL : DEFER;
3179 #endif /*SUPPORT_DANE*/
3183 /*************************************************
3184 **************************************************
3185 * Stand-alone test program *
3186 **************************************************
3187 *************************************************/
3191 int main(int argc, char **cargv)
3194 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3195 BOOL byname = FALSE;
3196 BOOL qualify_single = TRUE;
3197 BOOL search_parents = FALSE;
3198 BOOL request_dnssec = FALSE;
3199 BOOL require_dnssec = FALSE;
3200 uschar **argv = USS cargv;
3203 disable_ipv6 = FALSE;
3204 primary_hostname = US"";
3206 store_pool = POOL_MAIN;
3207 debug_selector = D_host_lookup|D_interface;
3208 debug_file = stdout;
3209 debug_fd = fileno(debug_file);
3211 printf("Exim stand-alone host functions test\n");
3213 host_find_interfaces();
3214 debug_selector = D_host_lookup | D_dns;
3216 if (argc > 1) primary_hostname = argv[1];
3218 /* So that debug level changes can be done first */
3220 dns_init(qualify_single, search_parents, FALSE);
3222 printf("Testing host lookup\n");
3224 while (Ufgets(buffer, 256, stdin) != NULL)
3227 int len = Ustrlen(buffer);
3228 uschar *fully_qualified_name;
3230 while (len > 0 && isspace(buffer[len-1])) len--;
3233 if (Ustrcmp(buffer, "q") == 0) break;
3235 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3236 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3237 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3238 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3239 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3240 else if (Ustrcmp(buffer, "srv+a") == 0)
3241 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3242 else if (Ustrcmp(buffer, "srv+mx") == 0)
3243 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3244 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3245 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3246 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3247 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3248 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3249 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3250 else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
3251 else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
3252 else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
3253 else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
3254 else if (Ustrcmp(buffer, "test_harness") == 0)
3255 f.running_in_test_harness = !f.running_in_test_harness;
3256 else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
3257 else if (Ustrcmp(buffer, "res_debug") == 0)
3259 _res.options ^= RES_DEBUG;
3261 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3263 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3264 _res.retrans = dns_retrans;
3266 else if (Ustrncmp(buffer, "retry", 5) == 0)
3268 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3269 _res.retry = dns_retry;
3273 int flags = whichrrs;
3280 h.status = hstatus_unknown;
3281 h.why = hwhy_unknown;
3284 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3285 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3287 d.request = request_dnssec ? &h.name : NULL;
3288 d.require = require_dnssec ? &h.name : NULL;
3291 ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
3292 : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3293 &d, &fully_qualified_name, NULL);
3297 case HOST_FIND_FAILED: printf("Failed\n"); break;
3298 case HOST_FIND_AGAIN: printf("Again\n"); break;
3299 case HOST_FIND_SECURITY: printf("Security\n"); break;
3300 case HOST_FOUND_LOCAL: printf("Local\n"); break;
3307 printf("Testing host_aton\n");
3309 while (Ufgets(buffer, 256, stdin) != NULL)
3312 int len = Ustrlen(buffer);
3314 while (len > 0 && isspace(buffer[len-1])) len--;
3317 if (Ustrcmp(buffer, "q") == 0) break;
3319 len = host_aton(buffer, x);
3320 printf("length = %d ", len);
3321 for (int i = 0; i < len; i++)
3323 printf("%04x ", (x[i] >> 16) & 0xffff);
3324 printf("%04x ", x[i] & 0xffff);
3331 printf("Testing host_name_lookup\n");
3333 while (Ufgets(buffer, 256, stdin) != NULL)
3335 int len = Ustrlen(buffer);
3336 while (len > 0 && isspace(buffer[len-1])) len--;
3338 if (Ustrcmp(buffer, "q") == 0) break;
3339 sender_host_address = buffer;
3340 sender_host_name = NULL;
3341 sender_host_aliases = NULL;
3342 host_lookup_msg = US"";
3343 host_lookup_failed = FALSE;
3344 if (host_name_lookup() == FAIL) /* Debug causes printing */
3345 printf("Lookup failed:%s\n", host_lookup_msg);
3353 #endif /* STAND_ALONE */