-/* $Cambridge: exim/src/src/host.c,v 1.25 2006/09/05 14:05:43 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2012 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
very good for the uses to which it is put. When running the regression tests,
start with a fixed seed.
+If you need better, see vaguely_random_number() which is potentially stronger,
+if a crypto library is available, but might end up just calling this instead.
+
Arguments:
limit: one more than the largest number required
int
random_number(int limit)
{
+if (limit < 1)
+ return 0;
if (random_seed == 0)
{
if (running_in_test_harness) random_seed = 42; else
{
int sep = 0;
uschar buffer[32];
-uschar *list = tls_on_connect_ports;
+uschar *list = tls_in.on_connect_ports;
uschar *s;
-if (tls_on_connect) return TRUE;
+if (tls_in.on_connect) return TRUE;
while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
{
treat this as non-existent. In some operating systems, this is returned as an
empty string; in others as a single dot. */
-if (hosts->h_name[0] == 0 || hosts->h_name[0] == '.')
+if (hosts->h_name == NULL || hosts->h_name[0] == 0 || hosts->h_name[0] == '.')
{
HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
"treated as non-existent host name\n");
dns_answer dnsa;
dns_scan dnss;
-host_lookup_deferred = host_lookup_failed = FALSE;
+sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
HDEBUG(D_host_lookup)
debug_printf("looking up host name for %s\n", sender_host_address);
int count = 0;
int old_pool = store_pool;
+ /* Ideally we'd check DNSSEC both forward and reverse, but we use the
+ gethost* routines for forward, so can't do that unless/until we rewrite. */
+ sender_host_dnssec = dns_is_secure(&dnsa);
+ DEBUG(D_dns)
+ debug_printf("Reverse DNS security status: %s\n",
+ sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
+
store_pool = POOL_PERM; /* Save names in permanent storage */
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
h.mx = MX_NONE;
h.address = NULL;
- /* When called with the 5th argument FALSE, host_find_byname() won't return
+ /* When called with the last argument FALSE, host_find_byname() won't return
HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in
IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */
- if ((rc = host_find_byname(&h, NULL, NULL, FALSE)) == HOST_FOUND)
+ if ((rc = host_find_byname(&h, NULL, 0, NULL, FALSE)) == HOST_FOUND)
{
host_item *hh;
HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
{
HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
host_lookup_deferred = TRUE;
+ sender_host_name = NULL;
return DEFER;
}
else
*************************************************/
/* The input is a host_item structure with the name filled in and the address
-field set to NULL. We use gethostbyname(). Of course, gethostbyname() may use
-the DNS, but it doesn't do MX processing. If more than one address is given,
-chain on additional host items, with other relevant fields copied.
+field set to NULL. We use gethostbyname() or getipnodebyname() or
+gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
+but they do not do MX processing. It appears, however, that in some systems the
+current setting of resolver options is used when one of these functions calls
+the resolver. For this reason, we call dns_init() at the start, with arguments
+influenced by bits in "flags", just as we do for host_find_bydns().
The second argument provides a host list (usually an IP list) of hosts to
ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
multiple IP addresses cause other host items to be
chained on.
ignore_target_hosts a list of hosts to ignore
+ flags HOST_FIND_QUALIFY_SINGLE ) passed to
+ HOST_FIND_SEARCH_PARENTS ) dns_init()
fully_qualified_name if not NULL, set to point to host name for
compatibility with host_find_bydns
local_host_check TRUE if a check for the local host is wanted
*/
int
-host_find_byname(host_item *host, uschar *ignore_target_hosts,
+host_find_byname(host_item *host, uschar *ignore_target_hosts, int flags,
uschar **fully_qualified_name, BOOL local_host_check)
{
int i, yield, times;
if (Ustrcmp(endname - 14, "test.again.dns") == 0) goto RETURN_AGAIN;
}
+/* Make sure DNS options are set as required. This appears to be necessary in
+some circumstances when the get..byname() function actually calls the DNS. */
+
+dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
+ (flags & HOST_FIND_SEARCH_PARENTS) != 0);
+
/* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
kinds of address, so go round the loop twice. Note that we have ensured that
AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
lookups here (except when testing standalone). */
#if HAVE_IPV6
- #ifndef STAND_ALONE
- if (disable_ipv6 || (dns_ipv4_lookup != NULL &&
+ #ifdef STAND_ALONE
+ if (disable_ipv6)
+ #else
+ if (disable_ipv6 ||
+ (dns_ipv4_lookup != NULL &&
match_isinlist(host->name, &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN,
TRUE, NULL) == OK))
+ #endif
+
{ af = AF_INET; times = 1; }
else
- #endif /* STAND_ALONE */
-
{ af = AF_INET6; times = 2; }
/* No IPv6 support */
int error_num = 0;
struct hostent *hostdata;
+ #ifdef STAND_ALONE
+ printf("Looking up: %s\n", host->name);
+ #endif
+
#if HAVE_IPV6
if (running_in_test_harness)
hostdata = host_fake_gethostbyname(host->name, af, &error_num);
uschar **argv = USS cargv;
uschar buffer[256];
+disable_ipv6 = FALSE;
primary_hostname = US"";
store_pool = POOL_MAIN;
debug_selector = D_host_lookup|D_interface;
else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
else if (Ustrcmp(buffer, "test_harness") == 0)
running_in_test_harness = !running_in_test_harness;
+ else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
else if (Ustrcmp(buffer, "res_debug") == 0)
{
_res.options ^= RES_DEBUG;
if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
rc = byname?
- host_find_byname(&h, NULL, &fully_qualified_name, TRUE)
+ host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
:
host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
&fully_qualified_name, NULL);