From 30795c5e77e21e90f3c695e6274bc9b4a9b68900 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 1 Nov 2019 12:42:44 +0000
Subject: [PATCH] Logging: TLSA lookups should honor slow_lookup_log

---
 src/src/host.c            | 79 +++++++++++++++++++++++++++++++++++++--
 src/src/transports/smtp.c | 71 -----------------------------------
 test/stderr/0606          |  2 +-
 3 files changed, 77 insertions(+), 75 deletions(-)

diff --git a/src/src/host.c b/src/src/host.c
index 3c2b8b3c8..aa142eb9b 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -138,7 +138,7 @@ if (!slow_lookup_log)
 time_msec = get_time_in_ms();
 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
-  log_long_lookup(US"name", name, time_msec);
+  log_long_lookup(dns_text_type(type), name, time_msec);
 return retval;
 }
 
@@ -1546,7 +1546,7 @@ hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
 if (  slow_lookup_log
    && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
    )
-  log_long_lookup(US"name", sender_host_address, time_msec);
+  log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
 
 /* Failed to look up the host. */
 
@@ -2032,7 +2032,7 @@ for (int i = 1; i <= times;
 
   if (   slow_lookup_log
       && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
-    log_long_lookup(US"name", host->name, time_msec);
+    log_long_lookup(US"gethostbyname", host->name, time_msec);
 
   if (hostdata == NULL)
     {
@@ -3154,6 +3154,79 @@ dns_init(FALSE, FALSE, FALSE);	/* clear the dnssec bit for getaddrbyname */
 return yield;
 }
 
+
+
+
+#ifdef SUPPORT_DANE
+/* Lookup TLSA record for host/port.
+Return:  OK		success with dnssec; DANE mode
+         DEFER		Do not use this host now, may retry later
+	 FAIL_FORCED	No TLSA record; DANE not usable
+	 FAIL		Do not use this connection
+*/
+
+int
+tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
+{
+uschar buffer[300];
+const uschar * fullname = buffer;
+int rc;
+BOOL sec;
+
+/* TLSA lookup string */
+(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
+
+rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
+sec = dns_is_secure(dnsa);
+DEBUG(D_transport)
+  debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
+
+switch (rc)
+  {
+  case DNS_AGAIN:
+    return DEFER; /* just defer this TLS'd conn */
+
+  case DNS_SUCCEED:
+    if (sec)
+      {
+      DEBUG(D_transport)
+	{
+	dns_scan dnss;
+	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+	     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
+	  if (rr->type == T_TLSA && rr->size > 3)
+	    {
+	    uint16_t payload_length = rr->size - 3;
+	    uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
+
+	    sp += sprintf(CS sp, "%d ", *p++); /* usage */
+	    sp += sprintf(CS sp, "%d ", *p++); /* selector */
+	    sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
+	    while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
+	      sp += sprintf(CS sp, "%02x", *p++);
+
+	    debug_printf(" %s\n", s);
+	    }
+	}
+      return OK;
+      }
+    log_write(0, LOG_MAIN,
+      "DANE error: TLSA lookup for %s not DNSSEC", host->name);
+    /*FALLTRHOUGH*/
+
+  case DNS_NODATA:	/* no TLSA RR for this lookup */
+  case DNS_NOMATCH:	/* no records at all for this lookup */
+    return dane_required ? FAIL : FAIL_FORCED;
+
+  default:
+  case DNS_FAIL:
+    return dane_required ? FAIL : DEFER;
+  }
+}
+#endif	/*SUPPORT_DANE*/
+
+
+
 /*************************************************
 **************************************************
 *             Stand-alone test program           *
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index bf8191568..9f8603323 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1613,77 +1613,6 @@ return FALSE;
 
 
 
-#ifdef SUPPORT_DANE
-/* Lookup TLSA record for host/port.
-Return:  OK		success with dnssec; DANE mode
-         DEFER		Do not use this host now, may retry later
-	 FAIL_FORCED	No TLSA record; DANE not usable
-	 FAIL		Do not use this connection
-*/
-
-int
-tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
-{
-/* move this out to host.c given the similarity to dns_lookup() ? */
-uschar buffer[300];
-const uschar * fullname = buffer;
-int rc;
-BOOL sec;
-
-/* TLSA lookup string */
-(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
-
-rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
-sec = dns_is_secure(dnsa);
-DEBUG(D_transport)
-  debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
-
-switch (rc)
-  {
-  case DNS_AGAIN:
-    return DEFER; /* just defer this TLS'd conn */
-
-  case DNS_SUCCEED:
-    if (sec)
-      {
-      DEBUG(D_transport)
-	{
-	dns_scan dnss;
-	for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
-	     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
-	  if (rr->type == T_TLSA && rr->size > 3)
-	    {
-	    uint16_t payload_length = rr->size - 3;
-	    uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
-
-	    sp += sprintf(CS sp, "%d ", *p++); /* usage */
-	    sp += sprintf(CS sp, "%d ", *p++); /* selector */
-	    sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
-	    while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
-	      sp += sprintf(CS sp, "%02x", *p++);
-
-	    debug_printf(" %s\n", s);
-	    }
-	}
-      return OK;
-      }
-    log_write(0, LOG_MAIN,
-      "DANE error: TLSA lookup for %s not DNSSEC", host->name);
-    /*FALLTRHOUGH*/
-
-  case DNS_NODATA:	/* no TLSA RR for this lookup */
-  case DNS_NOMATCH:	/* no records at all for this lookup */
-    return dane_required ? FAIL : FAIL_FORCED;
-
-  default:
-  case DNS_FAIL:
-    return dane_required ? FAIL : DEFER;
-  }
-}
-#endif
-
-
-
 typedef struct smtp_compare_s
 {
     uschar                          *current_sender_address;
diff --git a/test/stderr/0606 b/test/stderr/0606
index ca6a3b37c..cc24461c9 100644
--- a/test/stderr/0606
+++ b/test/stderr/0606
@@ -13,7 +13,7 @@
 >>> routing should_log@delay1500.test.ex
 >>> calling all router
 >>> delay1500.test.ex in "*"? yes (matched "*")
-LOG: Long name lookup for 'delay1500.test.ex': ssss msec
+LOG: Long A lookup for 'delay1500.test.ex': ssss msec
 >>> local host found for non-MX address
 >>> routed by all router
 >>> ----------- end verify ------------
-- 
2.30.2