-/* $Cambridge: exim/src/src/host.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/host.c,v 1.21 2006/02/07 16:36:25 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2004 */
+/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
code by Stuart Levy
as seen in comp.sys.sgi.admin
+August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
+should now be set for them as well.
+
Arguments: sa an in_addr structure
Returns: pointer to static text string
*/
+/*************************************************
+* Sort addresses when testing *
+*************************************************/
+
+/* This function is called only when running in the test harness. It sorts a
+number of multihomed host IP addresses into the order, so as to get
+repeatability. This doesn't have to be efficient. But don't interchange IPv4
+and IPv6 addresses!
+
+NOTE:
+This sorting is not necessary for the new test harness, because it
+doesn't call the real DNS resolver, and its output is repeatable. However,
+until the old test harness is discarded, we need to retain this capability.
+The new harness is being developed towards the end of 2005. It will be some
+time before it can do everything that the old one can do.
+
+Arguments:
+ host -> the first host item
+ last -> the last host item
+
+Returns: nothing
+*/
+
+static void
+sort_addresses(host_item *host, host_item *last)
+{
+BOOL done = FALSE;
+while (!done)
+ {
+ host_item *h;
+ done = TRUE;
+ for (h = host; h != last; h = h->next)
+ {
+ if ((Ustrchr(h->address, ':') == NULL) !=
+ (Ustrchr(h->next->address, ':') == NULL))
+ continue;
+ if (Ustrcmp(h->address, h->next->address) > 0)
+ {
+ uschar *temp = h->address;
+ h->address = h->next->address;
+ h->next->address = temp;
+ done = FALSE;
+ }
+ }
+ }
+}
+
+
+
+/*************************************************
+* Replace gethostbyname() when testing *
+*************************************************/
+
+/* This function is called instead of gethostbyname(), gethostbyname2(), or
+getipnodebyname() when running in the test harness. It recognizes the name
+"manyhome.test.ex" and generates a humungous number of IP addresses. It also
+recognizes an unqualified "localhost" and forces it to the appropriate loopback
+address. IP addresses are treated as literals. For other names, it uses the DNS
+to find the host name. In the new test harness, this means it will access only
+the fake DNS resolver. In the old harness it will call the real resolver and
+access the test zone.
+
+Arguments:
+ name the host name or a textual IP address
+ af AF_INET or AF_INET6
+ error_num where to put an error code:
+ HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
+
+Returns: a hostent structure or NULL for an error
+*/
+
+static struct hostent *
+host_fake_gethostbyname(uschar *name, int af, int *error_num)
+{
+#if HAVE_IPV6
+int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
+#else
+int alen = sizeof(struct in_addr);
+#endif
+
+int ipa;
+uschar *lname = name;
+uschar *adds;
+uschar **alist;
+struct hostent *yield;
+dns_answer dnsa;
+dns_scan dnss;
+dns_record *rr;
+
+DEBUG(D_host_lookup)
+ debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
+ (af == AF_INET)? "IPv4" : "IPv6");
+
+/* Handle the name that needs a vast number of IP addresses */
+
+if (Ustrcmp(name, "manyhome.test.ex") == 0 && af == AF_INET)
+ {
+ int i, j;
+ yield = store_get(sizeof(struct hostent));
+ alist = store_get(2049 * sizeof(char *));
+ adds = store_get(2048 * alen);
+ yield->h_name = CS name;
+ yield->h_aliases = NULL;
+ yield->h_addrtype = af;
+ yield->h_length = alen;
+ yield->h_addr_list = CSS alist;
+ for (i = 104; i <= 111; i++)
+ {
+ for (j = 0; j <= 255; j++)
+ {
+ *alist++ = adds;
+ *adds++ = 10;
+ *adds++ = 250;
+ *adds++ = i;
+ *adds++ = j;
+ }
+ }
+ *alist = NULL;
+ return yield;
+ }
+
+/* Handle unqualified "localhost" */
+
+if (Ustrcmp(name, "localhost") == 0)
+ lname = (af == AF_INET)? US"127.0.0.1" : US"::1";
+
+/* Handle a literal IP address */
+
+ipa = string_is_ip_address(lname, NULL);
+if (ipa != 0)
+ {
+ if ((ipa == 4 && af == AF_INET) ||
+ (ipa == 6 && af == AF_INET6))
+ {
+ int i, n;
+ int x[4];
+ yield = store_get(sizeof(struct hostent));
+ alist = store_get(2 * sizeof(char *));
+ adds = store_get(alen);
+ yield->h_name = CS name;
+ yield->h_aliases = NULL;
+ yield->h_addrtype = af;
+ yield->h_length = alen;
+ yield->h_addr_list = CSS alist;
+ *alist++ = adds;
+ n = host_aton(lname, x);
+ for (i = 0; i < n; i++)
+ {
+ int y = x[i];
+ *adds++ = (y >> 24) & 255;
+ *adds++ = (y >> 16) & 255;
+ *adds++ = (y >> 8) & 255;
+ *adds++ = y & 255;
+ }
+ *alist = NULL;
+ }
+
+ /* Wrong kind of literal address */
+
+ else
+ {
+ *error_num = HOST_NOT_FOUND;
+ return NULL;
+ }
+ }
+
+/* Handle a host name */
+
+else
+ {
+ int type = (af == AF_INET)? T_A:T_AAAA;
+ int rc = dns_lookup(&dnsa, lname, type, NULL);
+ int count = 0;
+
+ switch(rc)
+ {
+ case DNS_SUCCEED: break;
+ case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; return NULL;
+ case DNS_NODATA: *error_num = NO_DATA; return NULL;
+ case DNS_AGAIN: *error_num = TRY_AGAIN; return NULL;
+ default:
+ case DNS_FAIL: *error_num = NO_RECOVERY; return NULL;
+ }
+
+ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+ rr != NULL;
+ rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ {
+ if (rr->type == type) count++;
+ }
+
+ yield = store_get(sizeof(struct hostent));
+ alist = store_get((count + 1) * sizeof(char **));
+ adds = store_get(count *alen);
+
+ yield->h_name = CS name;
+ yield->h_aliases = NULL;
+ yield->h_addrtype = af;
+ yield->h_length = alen;
+ yield->h_addr_list = CSS alist;
+
+ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+ rr != NULL;
+ rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ {
+ int i, n;
+ int x[4];
+ dns_address *da;
+ if (rr->type != type) continue;
+ da = dns_address_from_rr(&dnsa, rr);
+ *alist++ = adds;
+ n = host_aton(da->address, x);
+ for (i = 0; i < n; i++)
+ {
+ int y = x[i];
+ *adds++ = (y >> 24) & 255;
+ *adds++ = (y >> 16) & 255;
+ *adds++ = (y >> 8) & 255;
+ *adds++ = y & 255;
+ }
+ }
+ *alist = NULL;
+ }
+
+return yield;
+}
+
+
+
/*************************************************
* Build chain of host items from list *
*************************************************/
*/
int
-host_extract_port(uschar *address)
+host_address_extract_port(uschar *address)
{
int port = 0;
uschar *endptr;
}
+/*************************************************
+* Get port from a host item's name *
+*************************************************/
+
+/* This function is called when finding the IP address for a host that is in a
+list of hosts explicitly configured, such as in the manualroute router, or in a
+fallback hosts list. We see if there is a port specification at the end of the
+host name, and if so, remove it. A minimum length of 3 is required for the
+original name; nothing shorter is recognized as having a port.
+
+We test for a name ending with a sequence of digits; if preceded by colon we
+have a port if the character before the colon is ] and the name starts with [
+or if there are no other colons in the name (i.e. it's not an IPv6 address).
+
+Arguments: pointer to the host item
+Returns: a port number or PORT_NONE
+*/
+
+int
+host_item_get_port(host_item *h)
+{
+uschar *p;
+int port, x;
+int len = Ustrlen(h->name);
+
+if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
+
+/* Extract potential port number */
+
+port = *p-- - '0';
+x = 10;
+
+while (p > h->name + 1 && isdigit(*p))
+ {
+ port += (*p-- - '0') * x;
+ x *= 10;
+ }
+
+/* The smallest value of p at this point is h->name + 1. */
+
+if (*p != ':') return PORT_NONE;
+
+if (p[-1] == ']' && h->name[0] == '[')
+ h->name = string_copyn(h->name + 1, p - h->name - 2);
+else if (Ustrchr(h->name, ':') == p)
+ h->name = string_copyn(h->name, p - h->name);
+else return PORT_NONE;
+
+DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
+return port;
+}
+
+
#ifndef STAND_ALONE /* Omit when standalone testing */
(a) No sender_host_name or sender_helo_name: "[ip address]"
(b) Just sender_host_name: "host_name [ip address]"
-(c) Just sender_helo_name: "(helo_name) [ip address]"
-(d) The two are identical: "host_name [ip address]"
+(c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
+ in which case: "[ip address}"
+(d) The two are identical: "host_name [ip address]" includes helo = IP
(e) The two are different: "host_name (helo_name) [ip address]"
If log_incoming_port is set, the sending host's port number is added to the IP
void
host_build_sender_fullhost(void)
{
+BOOL show_helo = TRUE;
uschar *address;
+int len;
int old_pool = store_pool;
if (sender_host_address == NULL) return;
if ((log_extra_selector & LX_incoming_port) == 0 || sender_host_port <= 0)
*(Ustrrchr(address, ':')) = 0;
+/* If there's no EHLO/HELO data, we can't show it. */
+
+if (sender_helo_name == NULL) show_helo = FALSE;
+
+/* If HELO/EHLO was followed by an IP literal, it's messy because of two
+features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
+doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
+be given in canonical form, so we have to canonicize them before comparing. As
+it happens, the code works for both IPv4 and IPv6. */
+
+else if (sender_helo_name[0] == '[' &&
+ sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
+ {
+ int offset = 1;
+ uschar *helo_ip;
+
+ if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
+ if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
+
+ helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
+
+ if (string_is_ip_address(helo_ip, NULL) != 0)
+ {
+ int x[4], y[4];
+ int sizex, sizey;
+ uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
+
+ sizex = host_aton(helo_ip, x);
+ sizey = host_aton(sender_host_address, y);
+
+ (void)host_nmtoa(sizex, x, -1, ipx, ':');
+ (void)host_nmtoa(sizey, y, -1, ipy, ':');
+
+ if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
+ }
+ }
+
/* Host name is not verified */
if (sender_host_name == NULL)
sender_rcvhost = string_cat(NULL, &size, &ptr, address, adlen);
- if (sender_ident != NULL || sender_helo_name != NULL || portptr != NULL)
+ if (sender_ident != NULL || show_helo || portptr != NULL)
{
int firstptr;
sender_rcvhost = string_cat(sender_rcvhost, &size, &ptr, US" (", 2);
sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2, US"port=",
portptr + 1);
- if (sender_helo_name != NULL)
+ if (show_helo)
sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2,
(firstptr == ptr)? US"helo=" : US" helo=", sender_helo_name);
store_reset(sender_rcvhost + ptr + 1);
}
-/* Host name is known and verified. */
+/* Host name is known and verified. Unless we've already found that the HELO
+data matches the IP address, compare it with the name. */
else
{
- int len;
- if (sender_helo_name == NULL ||
- strcmpic(sender_host_name, sender_helo_name) == 0 ||
- (sender_helo_name[0] == '[' &&
- sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']' &&
- strncmpic(sender_helo_name+1, sender_host_address, len - 2) == 0))
- {
- sender_fullhost = string_sprintf("%s %s", sender_host_name, address);
- sender_rcvhost = (sender_ident == NULL)?
- string_sprintf("%s (%s)", sender_host_name, address) :
- string_sprintf("%s (%s ident=%s)", sender_host_name, address,
- sender_ident);
- }
- else
+ if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
+ show_helo = FALSE;
+
+ if (show_helo)
{
sender_fullhost = string_sprintf("%s (%s) %s", sender_host_name,
sender_helo_name, address);
string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
address, sender_helo_name, sender_ident);
}
+ else
+ {
+ sender_fullhost = string_sprintf("%s %s", sender_host_name, address);
+ sender_rcvhost = (sender_ident == NULL)?
+ string_sprintf("%s (%s)", sender_host_name, address) :
+ string_sprintf("%s (%s ident=%s)", sender_host_name, address,
+ sender_ident);
+ }
}
store_pool = old_pool;
while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
{
- int port = host_extract_port(s); /* Leaves just the IP address */
- if (!string_is_ip_address(s, NULL))
+ int ipv;
+ int port = host_address_extract_port(s); /* Leaves just the IP address */
+ if ((ipv = string_is_ip_address(s, NULL)) == 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
s, name);
+ /* Skip IPv6 addresses if IPv6 is disabled. */
+
+ if (disable_ipv6 && ipv == 6) continue;
+
/* This use of strcpy() is OK because we have checked that s is a valid IP
address above. The field in the ip_address_item is large enough to hold an
IPv6 address. */
int x[4];
int v4offset = 0;
-/* Handle IPv6 address, which may end with an IPv4 address. This code is NOT
-enclosed in #if HAVE_IPV6 in order that IPv6 addresses are recognized even if
-IPv6 is not supported. */
+/* Handle IPv6 address, which may end with an IPv4 address. It may also end
+with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
+HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
+supported. */
if (Ustrchr(address, ':') != NULL)
{
if (*p == ':') p++;
- /* Split the address into components separated by colons. */
+ /* Split the address into components separated by colons. The input address
+ is supposed to be checked for syntax. There was a case where this was
+ overlooked; to guard against that happening again, check here and crash if
+ there are too many components. */
- while (*p != 0)
+ while (*p != 0 && *p != '%')
{
- int len = Ustrcspn(p, ":");
+ int len = Ustrcspn(p, ":%");
if (len == 0) nulloffset = ci;
+ if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
+ address);
component[ci++] = p;
p += len;
if (*p == ':') p++;
/* Handle IPv4 address */
-sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
+(void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
bin[v4offset] = (x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
return v4offset+1;
}
/* We can't use host_ntoa() because it assumes the binary values are in network
byte order, and these are the result of host_aton(), which puts them in ints in
host byte order. Also, we really want IPv6 addresses to be in a canonical
-format, so we output them with no abbreviation. However, we can't use the
-normal colon separator in them because it terminates keys in lsearch files, so
-use dot instead.
+format, so we output them with no abbreviation. In a number of cases we can't
+use the normal colon separator in them because it terminates keys in lsearch
+files, so we want to use dot instead. There's an argument that specifies what
+to use for IPv6 addresses.
Arguments:
count 1 or 4 (number of ints)
binary points to the ints
mask mask value; if < 0 don't add to result
buffer big enough to hold the result
+ sep component separator character for IPv6 addresses
Returns: the number of characters placed in buffer, not counting
the final nul.
*/
int
-host_nmtoa(int count, int *binary, int mask, uschar *buffer)
+host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
{
int i, j;
uschar *tt = buffer;
for (i = 0; i < 4; i++)
{
j = binary[i];
- sprintf(CS tt, "%04x.%04x.", (j >> 16) & 0xffff, j & 0xffff);
+ sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
while (*tt) tt++;
}
}
-tt--; /* lose final . */
+tt--; /* lose final separator */
if (mask < 0)
*tt = 0;
The variable host_lookup_msg is set to an empty string on sucess, or to a
reason for the failure otherwise, in a form suitable for tagging onto an error
-message, and also host_lookup_failed is set TRUE if the lookup failed. Any
-dynamically constructed string for host_lookup_msg must be in permanent store,
-because it might be used for several incoming messages on the same SMTP
+message, and also host_lookup_failed is set TRUE if the lookup failed. If there
+was a defer, host_lookup_deferred is set TRUE.
+
+Any dynamically constructed string for host_lookup_msg must be in permanent
+store, because it might be used for several incoming messages on the same SMTP
connection. */
int
dns_answer dnsa;
dns_scan dnss;
+host_lookup_deferred = host_lookup_failed = FALSE;
+
HDEBUG(D_host_lookup)
debug_printf("looking up host name for %s\n", sender_host_address);
{
HDEBUG(D_host_lookup)
debug_printf("Test harness: host name lookup returns DEFER\n");
+ host_lookup_deferred = TRUE;
return DEFER;
}
{
HDEBUG(D_host_lookup)
debug_printf("IP address PTR lookup gave temporary error\n");
+ host_lookup_deferred = TRUE;
return DEFER;
}
}
{
HDEBUG(D_host_lookup)
debug_printf("IP address lookup using gethostbyaddr()\n");
-
rc = host_name_lookup_byaddr();
- if (rc == DEFER) return rc; /* Can't carry on */
+ if (rc == DEFER)
+ {
+ host_lookup_deferred = TRUE;
+ return rc; /* Can't carry on */
+ }
if (rc == OK) break; /* Found a name */
}
} /* Loop for bydns/byaddr scanning */
log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
"address %s", sender_host_address);
host_lookup_msg = US" (failed to find host name from IP address)";
-
-host_lookup_failed = TRUE;
+ host_lookup_failed = TRUE;
return FAIL;
}
if ((rc = host_find_byname(&h, NULL, NULL, FALSE)) == HOST_FOUND)
{
host_item *hh;
- uschar *address_ipv4 = (Ustrncmp(sender_host_address, "::ffff:", 7) == 0)?
- sender_host_address + 7 : sender_host_address;
HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
for (hh = &h; hh != NULL; hh = hh->next)
{
- if ((Ustrcmp(hh->address, (Ustrchr(hh->address, ':') == NULL)?
- address_ipv4 : sender_host_address)) == 0)
+ if (host_is_in_net(hh->address, sender_host_address, 0))
{
HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
ok = TRUE;
else if (rc == HOST_FIND_AGAIN)
{
HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
+ host_lookup_deferred = TRUE;
return DEFER;
}
else
host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
sender_host_address, save_hostname);
store_pool = old_pool;
-
host_lookup_failed = TRUE;
return FAIL;
}
uschar **addrlist;
host_item *last = NULL;
BOOL temp_error = FALSE;
+#if HAVE_IPV6
+int af;
+#endif
-/* In an IPv6 world, we need to scan for both kinds of address, so go round the
-loop twice. Note that we have ensured that AF_INET6 is defined even in an IPv4
-world, which makes for slightly tidier code. However, if dns_ipv4_lookup
-matches the domain, we also just do IPv4 lookups here (except when testing
-standalone). */
+/* If we are in the test harness, a name ending in .test.again.dns always
+forces a temporary error response. */
-#if HAVE_IPV6
- int af;
+if (running_in_test_harness)
+ {
+ uschar *endname = host->name + Ustrlen(host->name);
+ if (Ustrcmp(endname - 14, "test.again.dns") == 0)
+ return HOST_FIND_AGAIN;
+ }
+/* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
+kinds of address, so go round the loop twice. Note that we have ensured that
+AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
+code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
+lookups here (except when testing standalone). */
+
+#if HAVE_IPV6
#ifndef STAND_ALONE
- if (dns_ipv4_lookup != NULL &&
+ if (disable_ipv6 || (dns_ipv4_lookup != NULL &&
match_isinlist(host->name, &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN,
- TRUE, NULL) == OK)
+ TRUE, NULL) == OK))
{ af = AF_INET; times = 1; }
else
#endif /* STAND_ALONE */
struct hostent *hostdata;
#if HAVE_IPV6
+ if (running_in_test_harness)
+ hostdata = host_fake_gethostbyname(host->name, af, &error_num);
+ else
+ {
#if HAVE_GETIPNODEBYNAME
hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
#else
hostdata = gethostbyname2(CS host->name, af);
error_num = h_errno;
#endif
- #else
- hostdata = gethostbyname(CS host->name);
- error_num = h_errno;
- #endif
+ }
+
+ #else /* not HAVE_IPV6 */
+ if (running_in_test_harness)
+ hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num);
+ else
+ {
+ hostdata = gethostbyname(CS host->name);
+ error_num = h_errno;
+ }
+ #endif /* HAVE_IPV6 */
if (hostdata == NULL)
{
host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
/* When running in the test harness, sort into the order of addresses so as to
-get repeatability. This doesn't have to be efficient. But don't interchange
-IPv4 and IPv6 addresses! */
+get repeatability. */
-if (running_in_test_harness)
- {
- BOOL done = FALSE;
- while (!done)
- {
- host_item *h;
- done = TRUE;
- for (h = host; h != last; h = h->next)
- {
- if ((Ustrchr(h->address, ':') == NULL) !=
- (Ustrchr(h->next->address, ':') == NULL))
- continue;
- if (Ustrcmp(h->address, h->next->address) > 0)
- {
- uschar *temp = h->address;
- h->address = h->next->address;
- h->next->address = temp;
- done = FALSE;
- }
- }
- }
- }
+if (running_in_test_harness) sort_addresses(host, last);
HDEBUG(D_host_lookup)
{
* Fill in a host address from the DNS *
*************************************************/
-/* Given a host item, with its name and mx fields set, and its address field
-set to NULL, fill in its IP address from the DNS. If it is multi-homed, create
-additional host items for the additional addresses, copying all the other
-fields, and randomizing the order.
+/* Given a host item, with its name, port and mx fields set, and its address
+field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
+create additional host items for the additional addresses, copying all the
+other fields, and randomizing the order.
On IPv6 systems, A6 records are sought first (but only if support for A6 is
configured - they may never become mainstream), then AAAA records are sought,
#endif
host->address = host->name;
- host->port = PORT_NONE;
return HOST_FOUND;
}
-/* On an IPv6 system, go round the loop up to three times, looking for A6 and
-AAAA records the first two times. However, unless doing standalone testing, we
-force an IPv4 lookup if the domain matches dns_ipv4_lookup is set. Since A6
-records look like being abandoned, support them only if explicitly configured
-to do so. On an IPv4 system, go round the loop once only, looking only for A
-records. */
+/* On an IPv6 system, unless IPv6 is disabled, go round the loop up to three
+times, looking for A6 and AAAA records the first two times. However, unless
+doing standalone testing, we force an IPv4 lookup if the domain matches
+dns_ipv4_lookup is set. Since A6 records look like being abandoned, support
+them only if explicitly configured to do so. On an IPv4 system, go round the
+loop once only, looking only for A records. */
#if HAVE_IPV6
-
#ifndef STAND_ALONE
- if (dns_ipv4_lookup != NULL &&
+ if (disable_ipv6 || (dns_ipv4_lookup != NULL &&
match_isinlist(host->name, &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN,
- TRUE, NULL) == OK)
+ TRUE, NULL) == OK))
i = 0; /* look up A records only */
else
#endif /* STAND_ALONE */
if (strcmpic(host->name, rr->name) != 0)
host->name = string_copy_dnsdomain(rr->name);
host->address = da->address;
- host->port = PORT_NONE;
host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
host->status = hstatus_unknown;
host->why = hwhy_unknown;
if (new_sort_key < host->sort_key)
{
- *next = *host;
+ *next = *host; /* Copies port */
host->next = next;
host->address = da->address;
- host->port = PORT_NONE;
host->sort_key = new_sort_key;
if (thishostlast == host) thishostlast = next; /* Local last */
if (*lastptr == host) *lastptr = next; /* Global last */
if (new_sort_key < h->next->sort_key) break;
h = h->next;
}
- *next = *h;
+ *next = *h; /* Copies port */
h->next = next;
next->address = da->address;
- next->port = PORT_NONE;
next->sort_key = new_sort_key;
if (h == thishostlast) thishostlast = next; /* Local last */
if (h == *lastptr) *lastptr = next; /* Global last */
/*************************************************
-* Find IP addresses and names for host via DNS *
+* Find IP addresses and host names via DNS *
*************************************************/
-/* The input is a host_item structure with the name filled in and the address
-field set to NULL. This may be in a chain of other host items. The lookup may
-result in more than one IP address, in which case we must created new host
-blocks for the additional addresses, and insert them into the chain. The
-original name may not be fully qualified. Use the fully_qualified_name argument
-to return the official name, as returned by the resolver.
+/* The input is a host_item structure with the name field filled in and the
+address field set to NULL. This may be in a chain of other host items. The
+lookup may result in more than one IP address, in which case we must created
+new host blocks for the additional addresses, and insert them into the chain.
+The original name may not be fully qualified. Use the fully_qualified_name
+argument to return the official name, as returned by the resolver.
Arguments:
host point to initial host item
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
+ #ifndef STAND_ALONE
if (match_isinlist(host->name, &srv_fail_domains, 0, NULL, NULL, MCL_DOMAIN,
TRUE, NULL) != OK)
+ #endif
return HOST_FIND_AGAIN;
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
"(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
if (rc == DNS_NOMATCH) return HOST_FIND_FAILED;
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
+ #ifndef STAND_ALONE
if (match_isinlist(host->name, &mx_fail_domains, 0, NULL, NULL, MCL_DOMAIN,
TRUE, NULL) != OK)
+ #endif
return HOST_FIND_AGAIN;
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
"(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
else
if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
+ /* When running in the test harness, sort into the order of addresses so as
+ to get repeatability. */
+
+ if (running_in_test_harness) sort_addresses(host, last);
+
DEBUG(D_host_lookup)
{
host_item *h;
{
int precedence;
int weight = 0; /* For SRV records */
- int port = PORT_NONE; /* For SRV records */
+ int port = PORT_NONE;
uschar *s; /* MUST be unsigned for GETSHORT */
uschar data[256];
} /* Move on to the next host */
}
-/* Now we have to ensure addresses exist for all the hosts. We have ensured
-above that the names in the host items are all unique. The addresses may have
-been returned in the additional data section of the DNS query. Because it is
-more expensive to scan the returned DNS records (because you have to expand the
-names) we do a single scan over them, and multiple scans of the chain of host
-items (which is typically only 3 or 4 long anyway.) Add extra host items for
-multi-homed hosts. */
-
-for (rr = dns_next_rr(&dnsa, &dnss, RESET_ADDITIONAL);
- rr != NULL;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
- {
- dns_address *da;
- int status = hstatus_unknown;
- int why = hwhy_unknown;
- int randoffset;
-
- if (rr->type != T_A
- #if HAVE_IPV6
- && rr->type != T_AAAA
- #ifdef SUPPORT_A6
- && rr->type != T_A6
- #endif
- #endif
- ) continue;
-
- /* Find the first host that matches this record's name. If there isn't
- one, move on to the next RR. */
-
- for (h = host; h != last->next; h = h->next)
- { if (strcmpic(h->name, rr->name) == 0) break; }
- if (h == last->next) continue;
-
- /* For IPv4 addresses, add 500 to the random part of the sort key, to ensure
- they sort after IPv6 addresses. */
-
- randoffset = (rr->type == T_A)? 500 : 0;
-
- /* Get the list of textual addresses for this RR. There may be more than one
- if it is an A6 RR. Then loop to handle multiple addresses from an A6 record.
- If there are none, nothing will get done - the record is ignored. */
-
- for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
- {
- /* Set status for an ignorable host. */
-
- #ifndef STAND_ALONE
- if (ignore_target_hosts != NULL &&
- verify_check_this_host(&ignore_target_hosts, NULL, h->name,
- da->address, NULL) == OK)
- {
- DEBUG(D_host_lookup)
- debug_printf("ignored host %s [%s]\n", h->name, da->address);
- status = hstatus_unusable;
- why = hwhy_ignored;
- }
- #endif
-
- /* If the address is already set for this host, it may be that
- we just have a duplicate DNS record. Alternatively, this may be
- a multi-homed host. Search all items with the same host name
- (they will all be together) and if this address is found, skip
- to the next RR. */
-
- if (h->address != NULL)
- {
- int new_sort_key;
- host_item *thishostlast;
- host_item *hh = h;
-
- do
- {
- if (hh->address != NULL && Ustrcmp(CS da->address, hh->address) == 0)
- goto DNS_NEXT_RR; /* Need goto to escape from inner loop */
- thishostlast = hh;
- hh = hh->next;
- }
- while (hh != last->next && strcmpic(hh->name, rr->name) == 0);
-
- /* We have a multi-homed host, since we have a new address for
- an existing name. Create a copy of the current item, and give it
- the new address. RRs can be in arbitrary order, but one is supposed
- to randomize the addresses of multi-homed hosts, so compute a new
- sorting key and do that. [Latest SMTP RFC says not to randomize multi-
- homed hosts, but to rely on the resolver. I'm not happy about that -
- caching in the resolver will not rotate as often as the name server
- does.] */
-
- new_sort_key = h->mx * 1000 + random_number(500) + randoffset;
- hh = store_get(sizeof(host_item));
-
- /* New address goes first: insert the new block after the first one
- (so as not to disturb the original pointer) but put the new address
- in the original block. */
-
- if (new_sort_key < h->sort_key)
- {
- *hh = *h; /* Note: copies the port */
- h->next = hh;
- h->address = da->address;
- h->sort_key = new_sort_key;
- h->status = status;
- h->why = why;
- }
-
- /* Otherwise scan down the addresses for this host to find the
- one to insert after. */
-
- else
- {
- while (h != thishostlast)
- {
- if (new_sort_key < h->next->sort_key) break;
- h = h->next;
- }
- *hh = *h; /* Note: copies the port */
- h->next = hh;
- hh->address = da->address;
- hh->sort_key = new_sort_key;
- hh->status = status;
- hh->why = why;
- }
-
- if (h == last) last = hh; /* Inserted after last */
- }
-
- /* The existing item doesn't have its address set yet, so just set it.
- Ensure that an IPv4 address gets its sort key incremented in case an IPv6
- address is found later. */
-
- else
- {
- h->address = da->address; /* Port should be set already */
- h->status = status;
- h->why = why;
- h->sort_key += randoffset;
- }
- } /* Loop for addresses extracted from one RR */
-
- /* Carry on to the next RR. It would be nice to be able to be able to stop
- when every host on the list has an address, but we can't be sure there won't
- be an additional address for a multi-homed host further down the list, so
- we have to continue to the end. */
-
- DNS_NEXT_RR: continue;
- }
-
-/* Set the default yield to failure */
-
-yield = HOST_FIND_FAILED;
-
-/* If we haven't found all the addresses in the additional section, we
-need to search for A or AAAA records explicitly. The names shouldn't point to
-CNAMES, but we use the general lookup function that handles them, just
-in case. If any lookup gives a soft error, change the default yield.
+/* Now we have to find IP addresses for all the hosts. We have ensured above
+that the names in all the host items are unique. Before release 4.61 we used to
+process records from the additional section in the DNS packet that returned the
+MX or SRV records. However, a DNS name server is free to drop any resource
+records from the additional section. In theory, this has always been a
+potential problem, but it is exacerbated by the advent of IPv6. If a host had
+several IPv4 addresses and some were not in the additional section, at least
+Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
+and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
+connection, and never try an IPv4 address. When there was only IPv4
+connectivity, this was a disaster that did in practice occur.
+
+So, from release 4.61 onwards, we always search for A and AAAA records
+explicitly. The names shouldn't point to CNAMES, but we use the general lookup
+function that handles them, just in case. If any lookup gives a soft error,
+change the default yield.
For these DNS lookups, we must disable qualify_single and search_parents;
otherwise invalid host names obtained from MX or SRV records can cause trouble
if they happen to match something local. */
-dns_init(FALSE, FALSE);
+yield = HOST_FIND_FAILED; /* Default yield */
+dns_init(FALSE, FALSE); /* Disable qualify_single and search_parents */
for (h = host; h != last->next; h = h->next)
{
- if (h->address != NULL || h->status == hstatus_unusable) continue;
+ if (h->address != NULL) continue; /* Inserted by a multihomed host */
rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, NULL);
if (rc != HOST_FOUND)
{
#ifdef STAND_ALONE
-BOOL alldigits(uschar *buffer)
-{
-if (!isdigit(*buffer)) return FALSE;
-if (*buffer == '0' && buffer[1] == 'x')
- {
- buffer++;
- while (isxdigit(*(++buffer)));
- }
-else while (isdigit(*(++buffer)));
-return (*buffer == 0);
-}
-
int main(int argc, char **cargv)
{
host_item h;
else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
+ else if (Ustrcmp(buffer, "test_harness") == 0)
+ running_in_test_harness = !running_in_test_harness;
+ else if (Ustrcmp(buffer, "res_debug") == 0)
+ {
+ _res.options ^= RES_DEBUG;
+ }
else if (Ustrncmp(buffer, "retrans", 7) == 0)
{
- sscanf(CS(buffer+8), "%d", &dns_retrans);
+ (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
_res.retrans = dns_retrans;
}
else if (Ustrncmp(buffer, "retry", 5) == 0)
{
- sscanf(CS(buffer+6), "%d", &dns_retry);
+ (void)sscanf(CS(buffer+6), "%d", &dns_retry);
_res.retry = dns_retry;
}
- else if (alldigits(buffer))
- {
- debug_selector = Ustrtol(buffer, NULL, 0);
- _res.options &= ~RES_DEBUG;
- DEBUG(D_resolver) _res.options |= RES_DEBUG;
- }
else
{
int flags = whichrrs;