*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
DEBUG(D_host_lookup)
debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
- (af == AF_INET)? "IPv4" : "IPv6");
+ af == AF_INET ? "IPv4" : "IPv6");
/* Handle unqualified "localhost" */
if (Ustrcmp(name, "localhost") == 0)
- lname = (af == AF_INET)? US"127.0.0.1" : US"::1";
+ lname = af == AF_INET ? US"127.0.0.1" : US"::1";
/* Handle a literal IP address */
if ((ipa = string_is_ip_address(lname, NULL)) != 0)
- {
- if ((ipa == 4 && af == AF_INET) ||
- (ipa == 6 && af == AF_INET6))
+ if ( ipa == 4 && af == AF_INET
+ || ipa == 6 && af == AF_INET6)
{
int x[4];
yield = store_get(sizeof(struct hostent), FALSE);
*error_num = HOST_NOT_FOUND;
return NULL;
}
- }
/* Handle a host name */
else
{
- int type = (af == AF_INET)? T_A:T_AAAA;
+ int type = af == AF_INET ? T_A:T_AAAA;
int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
int count = 0;
int sep = 0;
uschar *s;
ip_address_item * yield = NULL, * last = NULL, * next;
+BOOL taint = is_tainted(list);
while ((s = string_nextinlist(&list, &sep, NULL, 0)))
{
address above. The field in the ip_address_item is large enough to hold an
IPv6 address. */
- next = store_get(sizeof(ip_address_item), FALSE);
+ next = store_get(sizeof(ip_address_item), taint);
next->next = NULL;
Ustrcpy(next->address, s);
next->port = port;
host_is_tls_on_connect_port(int port)
{
int sep = 0;
-uschar buffer[32];
-const uschar *list = tls_in.on_connect_ports;
-uschar *s;
-uschar *end;
+const uschar * list = tls_in.on_connect_ports;
if (tls_in.on_connect) return TRUE;
-while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
if (Ustrtol(s, &end, 10) == port)
return TRUE;
int sep = 0;
uschar *save_hostname;
uschar **aliases;
-uschar buffer[256];
uschar *ordername;
const uschar *list = host_lookup_order;
dns_answer * dnsa = store_get_dns_answer();
/* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
the order specified by the host_lookup_order option. */
-while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
{
if (strcmpic(ordername, US"bydns") == 0)
{
+ uschar * name = dns_build_reverse(sender_host_address);
+
dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
- dns_build_reverse(sender_host_address, buffer);
- rc = dns_lookup_timerwrap(dnsa, buffer, T_PTR, NULL);
+ rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
/* The first record we come across is used for the name; others are
considered to be aliases. We have to scan twice, in order to find out the
int yield, times;
host_item *last = NULL;
BOOL temp_error = FALSE;
-#if HAVE_IPV6
int af;
+
+#ifndef DISABLE_TLS
+/* Copy the host name at this point to the value which is used for
+TLS certificate name checking, before anything modifies it. */
+
+host->certname = host->name;
#endif
/* Make sure DNS options are set as required. This appears to be necessary in
#ifdef STAND_ALONE
if (disable_ipv6)
#else
- if (disable_ipv6 ||
- (dns_ipv4_lookup != NULL &&
- match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK))
+ if ( disable_ipv6
+ || dns_ipv4_lookup
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
#endif
{ af = AF_INET; times = 1; }
/* No IPv6 support */
#else /* HAVE_IPV6 */
- times = 1;
+ af = AF_INET; times = 1;
#endif /* HAVE_IPV6 */
/* Initialize the flag that gets set for DNS syntax check errors, so that the
#else /* not HAVE_IPV6 */
if (f.running_in_test_harness)
- hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num);
+ hostdata = host_fake_gethostbyname(host->name, af, &error_num);
else
{
hostdata = gethostbyname(CS host->name);
&& (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
log_long_lookup(US"gethostbyname", host->name, time_msec);
- if (hostdata == NULL)
+ if (!hostdata)
{
- uschar *error;
+ uschar * error;
switch (error_num)
{
- case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
- case TRY_AGAIN: error = US"TRY_AGAIN"; break;
- case NO_RECOVERY: error = US"NO_RECOVERY"; break;
- case NO_DATA: error = US"NO_DATA"; break;
- #if NO_DATA != NO_ADDRESS
- case NO_ADDRESS: error = US"NO_ADDRESS"; break;
- #endif
+ case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
+ case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
+ case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
+ case NO_DATA: error = US"NO_DATA"; break;
+ #if NO_DATA != NO_ADDRESS
+ case NO_ADDRESS: error = US"NO_ADDRESS"; break;
+ #endif
default: error = US"?"; break;
}
- DEBUG(D_host_lookup) debug_printf("%s returned %d (%s)\n",
- #if HAVE_IPV6
- #if HAVE_GETIPNODEBYNAME
- (af == AF_INET6)? "getipnodebyname(af=inet6)" : "getipnodebyname(af=inet)",
- #else
- (af == AF_INET6)? "gethostbyname2(af=inet6)" : "gethostbyname2(af=inet)",
- #endif
- #else
- "gethostbyname",
- #endif
- error_num, error);
+ DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
+ f.running_in_test_harness ? "host_fake_gethostbyname" :
+#if HAVE_IPV6
+# if HAVE_GETIPNODEBYNAME
+ "getipnodebyname",
+# else
+ "gethostbyname2",
+# endif
+#else
+ "gethostbyname",
+#endif
+ af == AF_INET ? "inet" : "inet6", error_num, error);
- if (error_num == TRY_AGAIN || error_num == NO_RECOVERY) temp_error = TRUE;
continue;
}
- if ((hostdata->h_addr_list)[0] == NULL) continue;
+ if (!(hostdata->h_addr_list)[0]) continue;
/* Replace the name with the fully qualified one if necessary, and fill in
the fully_qualified_name pointer. */
- if (hostdata->h_name[0] != 0 &&
- Ustrcmp(host->name, hostdata->h_name) != 0)
+ if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
host->name = string_copy_dnsdomain(US hostdata->h_name);
- if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
+ if (fully_qualified_name) *fully_qualified_name = host->name;
/* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
by their different lengths. Scan the list, ignoring any that are to be
host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
#ifndef STAND_ALONE
- if (ignore_target_hosts != NULL &&
- verify_check_this_host(&ignore_target_hosts, NULL, host->name,
- text_address, NULL) == OK)
+ if ( ignore_target_hosts
+ && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
+ text_address, NULL) == OK)
{
DEBUG(D_host_lookup)
debug_printf("ignored host %s [%s]\n", host->name, text_address);
}
#endif
- /* If this is the first address, last == NULL and we put the data in the
+ /* If this is the first address, last is NULL and we put the data in the
original block. */
- if (last == NULL)
+ if (!last)
{
host->address = text_address;
host->port = PORT_NONE;
{
host_item *next = store_get(sizeof(host_item), FALSE);
next->name = host->name;
+#ifndef DISABLE_TLS
+ next->certname = host->certname;
+#endif
next->mx = host->mx;
next->address = text_address;
next->port = PORT_NONE;
NULL. If temp_error is set, at least one of the lookups gave a temporary error,
so we pass that back. */
-if (host->address == NULL)
+if (!host->address)
{
uschar *msg =
#ifndef STAND_ALONE
- (message_id[0] == 0 && smtp_in != NULL)?
- string_sprintf("no IP address found for host %s (during %s)", host->name,
+ !message_id[0] && smtp_in
+ ? string_sprintf("no IP address found for host %s (during %s)", host->name,
smtp_get_connection_info()) :
#endif
string_sprintf("no IP address found for host %s", host->name);
RETURN_AGAIN:
{
- #ifndef STAND_ALONE
+#ifndef STAND_ALONE
int rc;
const uschar *save = deliver_domain;
deliver_domain = host->name; /* set $domain */
- rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL);
+ rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
deliver_domain = save;
if (rc == OK)
{
"returning HOST_FIND_FAILED\n", host->name);
return HOST_FIND_FAILED;
}
- #endif
+#endif
return HOST_FIND_AGAIN;
}
}
BOOL dnssec_fail = FALSE;
int i;
+#ifndef DISABLE_TLS
+/* Copy the host name at this point to the value which is used for
+TLS certificate name checking, before any CNAME-following modifies it. */
+
+host->certname = host->name;
+#endif
+
/* If allow_ip is set, a name which is an IP address returns that value
as its address. This is used for MX records when allow_mx_to_ip is set, for
those sites that feel they have to flaunt the RFC rules. */
#ifndef STAND_ALONE
if ( disable_ipv6
|| !(whichrrs & HOST_FIND_BY_AAAA)
- || (dns_ipv4_lookup
- && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) == OK)
+ || dns_ipv4_lookup
+ && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
)
i = 0; /* look up A records only */
else
dns_answer * dnsa = store_get_dns_answer();
dns_scan dnss;
BOOL dnssec_require = dnssec_d
- && match_isinlist(host->name, CUSS &dnssec_d->require,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+ && match_isinlist(host->name, CUSS &dnssec_d->require,
+ 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_request = dnssec_require
- || ( dnssec_d
- && match_isinlist(host->name, CUSS &dnssec_d->request,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
+ || ( dnssec_d
+ && match_isinlist(host->name, CUSS &dnssec_d->request,
+ 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
}
if (rc == DNS_FAIL || rc == DNS_AGAIN)
{
- #ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &srv_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
- #endif
+#ifndef STAND_ALONE
+ if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
+#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
- "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
+ "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
}
}
DEBUG(D_host_lookup)
debug_printf("dnssec fail on MX for %.256s", host->name);
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
{ yield = HOST_FIND_SECURITY; goto out; }
#endif
rc = DNS_FAIL;
case DNS_FAIL:
case DNS_AGAIN:
#ifndef STAND_ALONE
- if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL) != OK)
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
sec = dns_is_secure(dnsa);
DEBUG(D_transport)
- debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
+ debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
switch (rc)
{