1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
10 directly via the DNS. When IPv6 is supported, getipnodebyname() and
11 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
12 if the newer functions are available. This module also contains various other
13 functions concerned with hosts and addresses, and a random number function,
14 used for randomizing hosts with equal MXs but available for use in other parts
21 /* Static variable for preserving the list of interface addresses in case it is
22 used more than once. */
24 static ip_address_item *local_interface_data = NULL;
27 #ifdef USE_INET_NTOA_FIX
28 /*************************************************
29 * Replacement for broken inet_ntoa() *
30 *************************************************/
32 /* On IRIX systems, gcc uses a different structure passing convention to the
33 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
34 255.255.255.255. To get round this, we provide a private version of the
35 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
36 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
40 as seen in comp.sys.sgi.admin
42 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
43 should now be set for them as well.
45 Arguments: sa an in_addr structure
46 Returns: pointer to static text string
50 inet_ntoa(struct in_addr sa)
52 static uschar addr[20];
53 sprintf(addr, "%d.%d.%d.%d",
64 /*************************************************
65 * Random number generator *
66 *************************************************/
68 /* This is a simple pseudo-random number generator. It does not have to be
69 very good for the uses to which it is put. When running the regression tests,
70 start with a fixed seed.
72 If you need better, see vaguely_random_number() which is potentially stronger,
73 if a crypto library is available, but might end up just calling this instead.
76 limit: one more than the largest number required
78 Returns: a pseudo-random number in the range 0 to limit-1
82 random_number(int limit)
88 if (f.running_in_test_harness) random_seed = 42; else
90 int p = (int)getpid();
91 random_seed = (int)time(NULL) ^ ((p << 16) | p);
94 random_seed = 1103515245 * random_seed + 12345;
95 return (unsigned int)(random_seed >> 16) % limit;
98 /*************************************************
99 * Wrappers for logging lookup times *
100 *************************************************/
102 /* When the 'slow_lookup_log' variable is enabled, these wrappers will
103 write to the log file all (potential) dns lookups that take more than
104 slow_lookup_log milliseconds
108 log_long_lookup(const uschar * type, const uschar * data, unsigned long msec)
110 log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec",
115 /* returns the current system epoch time in milliseconds. */
119 struct timeval tmp_time;
120 unsigned long seconds, microseconds;
122 gettimeofday(&tmp_time, NULL);
123 seconds = (unsigned long) tmp_time.tv_sec;
124 microseconds = (unsigned long) tmp_time.tv_usec;
125 return seconds*1000 + microseconds/1000;
130 dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type,
131 const uschar **fully_qualified_name)
134 unsigned long time_msec;
136 if (!slow_lookup_log)
137 return dns_lookup(dnsa, name, type, fully_qualified_name);
139 time_msec = get_time_in_ms();
140 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
141 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
142 log_long_lookup(dns_text_type(type), name, time_msec);
147 /*************************************************
148 * Replace gethostbyname() when testing *
149 *************************************************/
151 /* This function is called instead of gethostbyname(), gethostbyname2(), or
152 getipnodebyname() when running in the test harness. . It also
153 recognizes an unqualified "localhost" and forces it to the appropriate loopback
154 address. IP addresses are treated as literals. For other names, it uses the DNS
155 to find the host name. In the test harness, this means it will access only the
159 name the host name or a textual IP address
160 af AF_INET or AF_INET6
161 error_num where to put an error code:
162 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
164 Returns: a hostent structure or NULL for an error
167 static struct hostent *
168 host_fake_gethostbyname(const uschar *name, int af, int *error_num)
171 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
173 int alen = sizeof(struct in_addr);
177 const uschar *lname = name;
180 struct hostent *yield;
181 dns_answer * dnsa = store_get_dns_answer();
185 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
186 af == AF_INET ? "IPv4" : "IPv6");
188 /* Handle unqualified "localhost" */
190 if (Ustrcmp(name, "localhost") == 0)
191 lname = af == AF_INET ? US"127.0.0.1" : US"::1";
193 /* Handle a literal IP address */
195 if ((ipa = string_is_ip_address(lname, NULL)) != 0)
196 if ( ipa == 4 && af == AF_INET
197 || ipa == 6 && af == AF_INET6)
200 yield = store_get(sizeof(struct hostent), FALSE);
201 alist = store_get(2 * sizeof(char *), FALSE);
202 adds = store_get(alen, FALSE);
203 yield->h_name = CS name;
204 yield->h_aliases = NULL;
205 yield->h_addrtype = af;
206 yield->h_length = alen;
207 yield->h_addr_list = CSS alist;
209 for (int n = host_aton(lname, x), i = 0; i < n; i++)
212 *adds++ = (y >> 24) & 255;
213 *adds++ = (y >> 16) & 255;
214 *adds++ = (y >> 8) & 255;
220 /* Wrong kind of literal address */
224 *error_num = HOST_NOT_FOUND;
228 /* Handle a host name */
232 int type = af == AF_INET ? T_A:T_AAAA;
233 int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
236 lookup_dnssec_authenticated = NULL;
240 case DNS_SUCCEED: break;
241 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; return NULL;
242 case DNS_NODATA: *error_num = NO_DATA; return NULL;
243 case DNS_AGAIN: *error_num = TRY_AGAIN; return NULL;
245 case DNS_FAIL: *error_num = NO_RECOVERY; return NULL;
248 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
250 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
253 yield = store_get(sizeof(struct hostent), FALSE);
254 alist = store_get((count + 1) * sizeof(char *), FALSE);
255 adds = store_get(count *alen, FALSE);
257 yield->h_name = CS name;
258 yield->h_aliases = NULL;
259 yield->h_addrtype = af;
260 yield->h_length = alen;
261 yield->h_addr_list = CSS alist;
263 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
265 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
269 if (!(da = dns_address_from_rr(dnsa, rr))) break;
271 for (int n = host_aton(da->address, x), i = 0; i < n; i++)
274 *adds++ = (y >> 24) & 255;
275 *adds++ = (y >> 16) & 255;
276 *adds++ = (y >> 8) & 255;
288 /*************************************************
289 * Build chain of host items from list *
290 *************************************************/
292 /* This function builds a chain of host items from a textual list of host
293 names. It does not do any lookups. If randomize is true, the chain is build in
294 a randomized order. There may be multiple groups of independently randomized
295 hosts; they are delimited by a host name consisting of just "+".
298 anchor anchor for the chain
300 randomize TRUE for randomizing
306 host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize)
309 int fake_mx = MX_NONE; /* This value is actually -1 */
313 if (randomize) fake_mx--; /* Start at -2 for randomizing */
317 while ((name = string_nextinlist(&list, &sep, NULL, 0)))
321 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
322 { /* ignore if not randomizing */
323 if (randomize) fake_mx--;
327 h = store_get(sizeof(host_item), FALSE);
332 h->sort_key = randomize? (-fake_mx)*1000 + random_number(1000) : 0;
333 h->status = hstatus_unknown;
334 h->why = hwhy_unknown;
344 host_item *hh = *anchor;
345 if (h->sort_key < hh->sort_key)
352 while (hh->next && h->sort_key >= hh->next->sort_key)
365 /*************************************************
366 * Extract port from address string *
367 *************************************************/
369 /* In the spool file, and in the -oMa and -oMi options, a host plus port is
370 given as an IP address followed by a dot and a port number. This function
373 An alternative format for the -oMa and -oMi options is [ip address]:port which
374 is what Exim 4 uses for output, because it seems to becoming commonly used,
375 whereas the dot form confuses some programs/people. So we recognize that form
379 address points to the string; if there is a port, the '.' in the string
380 is overwritten with zero to terminate the address; if the string
381 is in the [xxx]:ppp format, the address is shifted left and the
384 Returns: 0 if there is no port, else the port number. If there's a syntax
385 error, leave the incoming address alone, and return 0.
389 host_address_extract_port(uschar *address)
394 /* Handle the "bracketed with colon on the end" format */
398 uschar *rb = address + 1;
399 while (*rb != 0 && *rb != ']') rb++;
400 if (*rb++ == 0) return 0; /* Missing ]; leave invalid address */
403 port = Ustrtol(rb + 1, &endptr, 10);
404 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
406 else if (*rb != 0) return 0; /* Bad syntax; leave invalid address */
407 memmove(address, address + 1, rb - address - 2);
411 /* Handle the "dot on the end" format */
415 int skip = -3; /* Skip 3 dots in IPv4 addresses */
417 while (*(++address) != 0)
420 if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */
421 else if (ch == '.' && skip++ >= 0) break;
423 if (*address == 0) return 0;
424 port = Ustrtol(address + 1, &endptr, 10);
425 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
433 /*************************************************
434 * Get port from a host item's name *
435 *************************************************/
437 /* This function is called when finding the IP address for a host that is in a
438 list of hosts explicitly configured, such as in the manualroute router, or in a
439 fallback hosts list. We see if there is a port specification at the end of the
440 host name, and if so, remove it. A minimum length of 3 is required for the
441 original name; nothing shorter is recognized as having a port.
443 We test for a name ending with a sequence of digits; if preceded by colon we
444 have a port if the character before the colon is ] and the name starts with [
445 or if there are no other colons in the name (i.e. it's not an IPv6 address).
447 Arguments: pointer to the host item
448 Returns: a port number or PORT_NONE
452 host_item_get_port(host_item *h)
456 int len = Ustrlen(h->name);
458 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
460 /* Extract potential port number */
465 while (p > h->name + 1 && isdigit(*p))
467 port += (*p-- - '0') * x;
471 /* The smallest value of p at this point is h->name + 1. */
473 if (*p != ':') return PORT_NONE;
475 if (p[-1] == ']' && h->name[0] == '[')
476 h->name = string_copyn(h->name + 1, p - h->name - 2);
477 else if (Ustrchr(h->name, ':') == p)
478 h->name = string_copyn(h->name, p - h->name);
479 else return PORT_NONE;
481 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
487 #ifndef STAND_ALONE /* Omit when standalone testing */
489 /*************************************************
490 * Build sender_fullhost and sender_rcvhost *
491 *************************************************/
493 /* This function is called when sender_host_name and/or sender_helo_name
494 have been set. Or might have been set - for a local message read off the spool
495 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
498 (a) No sender_host_name or sender_helo_name: "[ip address]"
499 (b) Just sender_host_name: "host_name [ip address]"
500 (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
501 in which case: "[ip address}"
502 (d) The two are identical: "host_name [ip address]" includes helo = IP
503 (e) The two are different: "host_name (helo_name) [ip address]"
505 If log_incoming_port is set, the sending host's port number is added to the IP
508 This function also builds sender_rcvhost for use in Received: lines, whose
509 syntax is a bit different. This value also includes the RFC 1413 identity.
510 There wouldn't be two different variables if I had got all this right in the
513 Because this data may survive over more than one incoming SMTP message, it has
514 to be in permanent store. However, STARTTLS has to be forgotten and redone
515 on a multi-message conn, so this will be called once per message then. Hence
516 we use malloc, so we can free.
523 host_build_sender_fullhost(void)
525 BOOL show_helo = TRUE;
526 uschar * address, * fullhost, * rcvhost;
530 if (!sender_host_address) return;
532 reset_point = store_mark();
534 /* Set up address, with or without the port. After discussion, it seems that
535 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
536 use this directly as the first item for Received: because it ain't an RFC 2822
539 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
540 if (!LOGGING(incoming_port) || sender_host_port <= 0)
541 *(Ustrrchr(address, ':')) = 0;
543 /* If there's no EHLO/HELO data, we can't show it. */
545 if (!sender_helo_name) show_helo = FALSE;
547 /* If HELO/EHLO was followed by an IP literal, it's messy because of two
548 features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
549 doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
550 be given in canonical form, so we have to canonicalize them before comparing. As
551 it happens, the code works for both IPv4 and IPv6. */
553 else if (sender_helo_name[0] == '[' &&
554 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
559 if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
560 if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
562 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
564 if (string_is_ip_address(helo_ip, NULL) != 0)
568 uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
570 sizex = host_aton(helo_ip, x);
571 sizey = host_aton(sender_host_address, y);
573 (void)host_nmtoa(sizex, x, -1, ipx, ':');
574 (void)host_nmtoa(sizey, y, -1, ipy, ':');
576 if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
580 /* Host name is not verified */
582 if (!sender_host_name)
584 uschar *portptr = Ustrstr(address, "]:");
586 int adlen; /* Sun compiler doesn't like ++ in initializers */
588 adlen = portptr ? (++portptr - address) : Ustrlen(address);
589 fullhost = sender_helo_name
590 ? string_sprintf("(%s) %s", sender_helo_name, address)
593 g = string_catn(NULL, address, adlen);
595 if (sender_ident || show_helo || portptr)
598 g = string_catn(g, US" (", 2);
602 g = string_append(g, 2, US"port=", portptr + 1);
605 g = string_append(g, 2,
606 firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name);
609 g = string_append(g, 2,
610 firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident);
612 g = string_catn(g, US")", 1);
615 rcvhost = string_from_gstring(g);
618 /* Host name is known and verified. Unless we've already found that the HELO
619 data matches the IP address, compare it with the name. */
623 if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
628 fullhost = string_sprintf("%s (%s) %s", sender_host_name,
629 sender_helo_name, address);
630 rcvhost = sender_ident
631 ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
632 address, sender_helo_name, sender_ident)
633 : string_sprintf("%s (%s helo=%s)", sender_host_name,
634 address, sender_helo_name);
638 fullhost = string_sprintf("%s %s", sender_host_name, address);
639 rcvhost = sender_ident
640 ? string_sprintf("%s (%s ident=%s)", sender_host_name, address,
642 : string_sprintf("%s (%s)", sender_host_name, address);
646 sender_fullhost = string_copy_perm(fullhost, TRUE);
647 sender_rcvhost = string_copy_perm(rcvhost, TRUE);
649 store_reset(reset_point);
651 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
652 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
657 /*************************************************
658 * Build host+ident message *
659 *************************************************/
661 /* Used when logging rejections and various ACL and SMTP incidents. The text
662 return depends on whether sender_fullhost and sender_ident are set or not:
664 no ident, no host => U=unknown
665 no ident, host set => H=sender_fullhost
666 ident set, no host => U=ident
667 ident set, host set => H=sender_fullhost U=ident
669 Use taint-unchecked routines on the assumption we'll never expand the results.
672 useflag TRUE if first item to be flagged (H= or U=); if there are two
673 items, the second is always flagged
675 Returns: pointer to a string in big_buffer
679 host_and_ident(BOOL useflag)
681 if (!sender_fullhost)
682 string_format_nt(big_buffer, big_buffer_size, "%s%s", useflag ? "U=" : "",
683 sender_ident ? sender_ident : US"unknown");
686 uschar * flag = useflag ? US"H=" : US"";
687 uschar * iface = US"";
688 if (LOGGING(incoming_interface) && interface_address)
689 iface = string_sprintf(" I=[%s]:%d", interface_address, interface_port);
691 string_format_nt(big_buffer, big_buffer_size, "%s%s%s U=%s",
692 flag, sender_fullhost, iface, sender_ident);
694 string_format_nt(big_buffer, big_buffer_size, "%s%s%s",
695 flag, sender_fullhost, iface);
700 #endif /* STAND_ALONE */
705 /*************************************************
706 * Build list of local interfaces *
707 *************************************************/
709 /* This function interprets the contents of the local_interfaces or
710 extra_local_interfaces options, and creates an ip_address_item block for each
711 item on the list. There is no special interpretation of any IP addresses; in
712 particular, 0.0.0.0 and ::0 are returned without modification. If any address
713 includes a port, it is set in the block. Otherwise the port value is set to
718 name the name of the option being expanded
720 Returns: a chain of ip_address_items, each containing to a textual
721 version of an IP address, and a port number (host order) or
722 zero if no port was given with the address
726 host_build_ifacelist(const uschar *list, uschar *name)
730 ip_address_item * yield = NULL, * last = NULL, * next;
731 BOOL taint = is_tainted(list);
733 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
736 int port = host_address_extract_port(s); /* Leaves just the IP address */
738 if (!(ipv = string_is_ip_address(s, NULL)))
739 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
742 /* Skip IPv6 addresses if IPv6 is disabled. */
744 if (disable_ipv6 && ipv == 6) continue;
746 /* This use of strcpy() is OK because we have checked that s is a valid IP
747 address above. The field in the ip_address_item is large enough to hold an
750 next = store_get(sizeof(ip_address_item), taint);
752 Ustrcpy(next->address, s);
754 next->v6_include_v4 = FALSE;
773 /*************************************************
774 * Find addresses on local interfaces *
775 *************************************************/
777 /* This function finds the addresses of local IP interfaces. These are used
778 when testing for routing to the local host. As the function may be called more
779 than once, the list is preserved in permanent store, pointed to by a static
780 variable, to save doing the work more than once per process.
782 The generic list of interfaces is obtained by calling host_build_ifacelist()
783 for local_interfaces and extra_local_interfaces. This list scanned to remove
784 duplicates (which may exist with different ports - not relevant here). If
785 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
786 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
787 obtained from os_find_running_interfaces().
790 Returns: a chain of ip_address_items, each containing to a textual
791 version of an IP address; the port numbers are not relevant
795 /* First, a local subfunction to add an interface to a list in permanent store,
796 but only if there isn't a previous copy of that address on the list. */
798 static ip_address_item *
799 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
801 ip_address_item *ipa2;
802 for (ipa2 = list; ipa2; ipa2 = ipa2->next)
803 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
804 ipa2 = store_get_perm(sizeof(ip_address_item), FALSE);
811 /* This is the globally visible function */
814 host_find_interfaces(void)
816 ip_address_item *running_interfaces = NULL;
818 if (!local_interface_data)
820 void *reset_item = store_mark();
821 ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,
822 US"local_interfaces");
823 ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces,
824 US"extra_local_interfaces");
825 ip_address_item *ipa;
827 if (!dlist) dlist = xlist;
830 for (ipa = dlist; ipa->next; ipa = ipa->next) ;
834 for (ipa = dlist; ipa; ipa = ipa->next)
836 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
837 Ustrcmp(ipa->address, "::0") == 0)
839 BOOL ipv6 = ipa->address[0] == ':';
840 if (!running_interfaces)
841 running_interfaces = os_find_running_interfaces();
842 for (ip_address_item * ipa2 = running_interfaces; ipa2; ipa2 = ipa2->next)
843 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
844 local_interface_data = add_unique_interface(local_interface_data,
849 local_interface_data = add_unique_interface(local_interface_data, ipa);
852 debug_printf("Configured local interface: address=%s", ipa->address);
853 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
858 store_reset(reset_item);
861 return local_interface_data;
868 /*************************************************
869 * Convert network IP address to text *
870 *************************************************/
872 /* Given an IPv4 or IPv6 address in binary, convert it to a text
873 string and return the result in a piece of new store. The address can
874 either be given directly, or passed over in a sockaddr structure. Note
875 that this isn't the converse of host_aton() because of byte ordering
876 differences. See host_nmtoa() below.
879 type if < 0 then arg points to a sockaddr, else
880 either AF_INET or AF_INET6
881 arg points to a sockaddr if type is < 0, or
882 points to an IPv4 address (32 bits), or
883 points to an IPv6 address (128 bits),
884 in both cases, in network byte order
885 buffer if NULL, the result is returned in gotten store;
886 else points to a buffer to hold the answer
887 portptr points to where to put the port number, if non NULL; only
890 Returns: pointer to character string
894 host_ntoa(int type, const void *arg, uschar *buffer, int *portptr)
898 /* The new world. It is annoying that we have to fish out the address from
899 different places in the block, depending on what kind of address it is. It
900 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
901 function inet_ntoa() returns just uschar *, and some picky compilers insist
902 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
905 uschar addr_buffer[46];
908 int family = ((struct sockaddr *)arg)->sa_family;
909 if (family == AF_INET6)
911 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
912 yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
913 sizeof(addr_buffer));
914 if (portptr != NULL) *portptr = ntohs(sk->sin6_port);
918 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
919 yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
920 sizeof(addr_buffer));
921 if (portptr != NULL) *portptr = ntohs(sk->sin_port);
926 yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
929 /* If the result is a mapped IPv4 address, show it in V4 format. */
931 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
933 #else /* HAVE_IPV6 */
939 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
940 if (portptr != NULL) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
943 yield = US inet_ntoa(*((struct in_addr *)arg));
946 /* If there is no buffer, put the string into some new store. */
948 if (!buffer) buffer = store_get(46, FALSE);
950 /* Callers of this function with a non-NULL buffer must ensure that it is
951 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
952 makes this use of strcpy() OK.
953 If the library returned apparently an apparently tainted string, clean it;
954 we trust IP addresses. */
956 string_format_nt(buffer, 46, "%s", yield);
963 /*************************************************
964 * Convert address text to binary *
965 *************************************************/
967 /* Given the textual form of an IP address, convert it to binary in an
968 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
969 The result has the first byte in the most significant byte of the first int. In
970 other words, the result is not in network byte order, but in host byte order.
971 As a result, this is not the converse of host_ntoa(), which expects network
972 byte order. See host_nmtoa() below.
975 address points to the textual address, checked for syntax
976 bin points to an array of 4 ints
978 Returns: the number of ints used
982 host_aton(const uschar *address, int *bin)
987 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
988 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
989 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
992 if (Ustrchr(address, ':') != NULL)
994 const uschar *p = address;
995 const uschar *component[8];
996 BOOL ipv4_ends = FALSE;
1002 /* If the address starts with a colon, it will start with two colons.
1003 Just lose the first one, which will leave a null first component. */
1007 /* Split the address into components separated by colons. The input address
1008 is supposed to be checked for syntax. There was a case where this was
1009 overlooked; to guard against that happening again, check here and crash if
1010 there are too many components. */
1012 while (*p != 0 && *p != '%')
1014 int len = Ustrcspn(p, ":%");
1015 if (len == 0) nulloffset = ci;
1016 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1017 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
1019 component[ci++] = p;
1024 /* If the final component contains a dot, it is a trailing v4 address.
1025 As the syntax is known to be checked, just set up for a trailing
1026 v4 address and restrict the v6 part to 6 components. */
1028 if (Ustrchr(component[ci-1], '.') != NULL)
1030 address = component[--ci];
1036 /* If there are fewer than 6 or 8 components, we have to insert some
1037 more empty ones in the middle. */
1041 int insert_count = v6count - ci;
1042 for (i = v6count-1; i > nulloffset + insert_count; i--)
1043 component[i] = component[i - insert_count];
1044 while (i > nulloffset) component[i--] = US"";
1047 /* Now turn the components into binary in pairs and bung them
1048 into the vector of ints. */
1050 for (i = 0; i < v6count; i += 2)
1051 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
1052 Ustrtol(component[i+1], NULL, 16);
1054 /* If there was no terminating v4 component, we are done. */
1056 if (!ipv4_ends) return 4;
1059 /* Handle IPv4 address */
1061 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
1062 bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
1067 /*************************************************
1068 * Apply mask to an IP address *
1069 *************************************************/
1071 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1075 count the number of ints
1076 binary points to the ints to be masked
1077 mask the count of ms bits to leave, or -1 if no masking
1083 host_mask(int count, int *binary, int mask)
1085 if (mask < 0) mask = 99999;
1086 for (int i = 0; i < count; i++)
1089 if (mask == 0) wordmask = 0;
1092 wordmask = (uint)(-1) << (32 - mask);
1100 binary[i] &= wordmask;
1107 /*************************************************
1108 * Convert masked IP address in ints to text *
1109 *************************************************/
1111 /* We can't use host_ntoa() because it assumes the binary values are in network
1112 byte order, and these are the result of host_aton(), which puts them in ints in
1113 host byte order. Also, we really want IPv6 addresses to be in a canonical
1114 format, so we output them with no abbreviation. In a number of cases we can't
1115 use the normal colon separator in them because it terminates keys in lsearch
1116 files, so we want to use dot instead. There's an argument that specifies what
1117 to use for IPv6 addresses.
1120 count 1 or 4 (number of ints)
1121 binary points to the ints
1122 mask mask value; if < 0 don't add to result
1123 buffer big enough to hold the result
1124 sep component separator character for IPv6 addresses
1126 Returns: the number of characters placed in buffer, not counting
1131 host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
1134 uschar *tt = buffer;
1139 for (int i = 24; i >= 0; i -= 8)
1140 tt += sprintf(CS tt, "%d.", (j >> i) & 255);
1143 for (int i = 0; i < 4; i++)
1146 tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1149 tt--; /* lose final separator */
1154 tt += sprintf(CS tt, "/%d", mask);
1160 /* Like host_nmtoa() but: ipv6-only, canonical output, no mask
1163 binary points to the ints
1164 buffer big enough to hold the result
1166 Returns: the number of characters placed in buffer, not counting
1171 ipv6_nmtoa(int * binary, uschar * buffer)
1174 uschar * c = buffer;
1175 uschar * d = NULL; /* shut insufficiently "clever" compiler up */
1177 for (i = 0; i < 4; i++)
1178 { /* expand to text */
1180 c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff);
1183 for (c = buffer, k = -1, i = 0; i < 8; i++)
1184 { /* find longest 0-group sequence */
1185 if (*c == '0') /* must be "0:" */
1189 while (c[2] == '0') i++, c += 2;
1192 k = i-j; /* length of sequence */
1193 d = s; /* start of sequence */
1196 while (*++c != ':') ;
1200 c[-1] = '\0'; /* drop trailing colon */
1202 /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, d, d + 2*(k+1)); */
1206 if (d == buffer) c--; /* need extra colon */
1207 *d++ = ':'; /* 1st 0 */
1208 while ((*d++ = *c++)) ;
1218 /*************************************************
1219 * Check port for tls_on_connect *
1220 *************************************************/
1222 /* This function checks whether a given incoming port is configured for tls-
1223 on-connect. It is called from the daemon and from inetd handling. If the global
1224 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1225 check the tls_on_connect_ports option for a list of ports.
1227 Argument: a port number
1228 Returns: TRUE or FALSE
1232 host_is_tls_on_connect_port(int port)
1235 const uschar * list = tls_in.on_connect_ports;
1237 if (tls_in.on_connect) return TRUE;
1239 for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
1240 if (Ustrtol(s, &end, 10) == port)
1248 /*************************************************
1249 * Check whether host is in a network *
1250 *************************************************/
1252 /* This function checks whether a given IP address matches a pattern that
1253 represents either a single host, or a network (using CIDR notation). The caller
1254 of this function must check the syntax of the arguments before calling it.
1257 host string representation of the ip-address to check
1258 net string representation of the network, with optional CIDR mask
1259 maskoffset offset to the / that introduces the mask in the key
1260 zero if there is no mask
1263 TRUE the host is inside the network
1264 FALSE the host is NOT inside the network
1268 host_is_in_net(const uschar *host, const uschar *net, int maskoffset)
1273 int size = host_aton(net, address);
1276 /* No mask => all bits to be checked */
1278 if (maskoffset == 0) mlen = 99999; /* Big number */
1279 else mlen = Uatoi(net + maskoffset + 1);
1281 /* Convert the incoming address to binary. */
1283 insize = host_aton(host, incoming);
1285 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1286 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1287 ::ffff:<v4address>, to IPv4 format. */
1289 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1290 incoming[2] == 0xffff)
1293 incoming[0] = incoming[3];
1296 /* No match if the sizes don't agree. */
1298 if (insize != size) return FALSE;
1300 /* Else do the masked comparison. */
1302 for (int i = 0; i < size; i++)
1305 if (mlen == 0) mask = 0;
1308 mask = (uint)(-1) << (32 - mlen);
1316 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1324 /*************************************************
1325 * Scan host list for local hosts *
1326 *************************************************/
1328 /* Scan through a chain of addresses and check whether any of them is the
1329 address of an interface on the local machine. If so, remove that address and
1330 any previous ones with the same MX value, and all subsequent ones (which will
1331 have greater or equal MX values) from the chain. Note: marking them as unusable
1332 is NOT the right thing to do because it causes the hosts not to be used for
1333 other domains, for which they may well be correct.
1335 The hosts may be part of a longer chain; we only process those between the
1336 initial pointer and the "last" pointer.
1338 There is also a list of "pseudo-local" host names which are checked against the
1339 host names. Any match causes that host item to be treated the same as one which
1340 matches a local IP address.
1342 If the very first host is a local host, then all MX records had a precedence
1343 greater than or equal to that of the local host. Either there's a problem in
1344 the DNS, or an apparently remote name turned out to be an abbreviation for the
1345 local host. Give a specific return code, and let the caller decide what to do.
1346 Otherwise, give a success code if at least one host address has been found.
1349 host pointer to the first host in the chain
1350 lastptr pointer to pointer to the last host in the chain (may be updated)
1351 removed if not NULL, set TRUE if some local addresses were removed
1355 HOST_FOUND if there is at least one host with an IP address on the chain
1356 and an MX value less than any MX value associated with the
1358 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1359 the host addresses were obtained from A records or
1360 gethostbyname(), the MX values are set to -1.
1361 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1365 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1367 int yield = HOST_FIND_FAILED;
1368 host_item *last = *lastptr;
1369 host_item *prev = NULL;
1372 if (removed != NULL) *removed = FALSE;
1374 if (local_interface_data == NULL) local_interface_data = host_find_interfaces();
1376 for (h = host; h != last->next; h = h->next)
1379 if (hosts_treat_as_local != NULL)
1382 const uschar *save = deliver_domain;
1383 deliver_domain = h->name; /* set $domain */
1384 rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0,
1385 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1386 deliver_domain = save;
1387 if (rc == OK) goto FOUND_LOCAL;
1391 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1392 for 127.0.0.1 and refers to the local host. We therefore force it always to
1393 be treated as local. */
1395 if (h->address != NULL)
1397 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1398 for (ip_address_item * ip = local_interface_data; ip; ip = ip->next)
1399 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1400 yield = HOST_FOUND; /* At least one remote address has been found */
1403 /* Update prev to point to the last host item before any that have
1404 the same MX value as the one we have just considered. */
1406 if (h->next == NULL || h->next->mx != h->mx) prev = h;
1409 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1411 /* A host whose IP address matches a local IP address, or whose name matches
1412 something in hosts_treat_as_local has been found. */
1418 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1419 "local host has lowest MX\n" :
1420 "local host found for non-MX address\n");
1421 return HOST_FOUND_LOCAL;
1424 HDEBUG(D_host_lookup)
1426 debug_printf("local host in host list - removed hosts:\n");
1427 for (h = prev->next; h != last->next; h = h->next)
1428 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1431 if (removed != NULL) *removed = TRUE;
1432 prev->next = last->next;
1440 /*************************************************
1441 * Remove duplicate IPs in host list *
1442 *************************************************/
1444 /* You would think that administrators could set up their DNS records so that
1445 one ended up with a list of unique IP addresses after looking up A or MX
1446 records, but apparently duplication is common. So we scan such lists and
1447 remove the later duplicates. Note that we may get lists in which some host
1448 addresses are not set.
1451 host pointer to the first host in the chain
1452 lastptr pointer to pointer to the last host in the chain (may be updated)
1458 host_remove_duplicates(host_item *host, host_item **lastptr)
1460 while (host != *lastptr)
1462 if (host->address != NULL)
1464 host_item *h = host;
1465 while (h != *lastptr)
1467 if (h->next->address != NULL &&
1468 Ustrcmp(h->next->address, host->address) == 0)
1470 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1471 "removed\n", host->address, h->next->mx);
1472 if (h->next == *lastptr) *lastptr = h;
1473 h->next = h->next->next;
1478 /* If the last item was removed, host may have become == *lastptr */
1479 if (host != *lastptr) host = host->next;
1486 /*************************************************
1487 * Find sender host name by gethostbyaddr() *
1488 *************************************************/
1490 /* This used to be the only way it was done, but it turns out that not all
1491 systems give aliases for calls to gethostbyaddr() - or one of the modern
1492 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1493 but they can still exist. This function is now used only when a DNS lookup of
1494 the IP address fails, in order to give access to /etc/hosts.
1497 Returns: OK, DEFER, FAIL
1501 host_name_lookup_byaddr(void)
1503 struct hostent * hosts;
1504 struct in_addr addr;
1505 unsigned long time_msec = 0; /* init to quieten dumb static analysis */
1507 if (slow_lookup_log) time_msec = get_time_in_ms();
1509 /* Lookup on IPv6 system */
1512 if (Ustrchr(sender_host_address, ':') != NULL)
1514 struct in6_addr addr6;
1515 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1516 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1517 "IPv6 address", sender_host_address);
1518 #if HAVE_GETIPNODEBYADDR
1519 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1521 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1526 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1527 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1528 "IPv4 address", sender_host_address);
1529 #if HAVE_GETIPNODEBYADDR
1530 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1532 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1536 /* Do lookup on IPv4 system */
1539 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1540 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1543 if ( slow_lookup_log
1544 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
1546 log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
1548 /* Failed to look up the host. */
1552 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1554 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1557 /* It seems there are some records in the DNS that yield an empty name. We
1558 treat this as non-existent. In some operating systems, this is returned as an
1559 empty string; in others as a single dot. */
1561 if (!hosts->h_name || !hosts->h_name[0] || hosts->h_name[0] == '.')
1563 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1564 "treated as non-existent host name\n");
1568 /* Copy and lowercase the name, which is in static storage in many systems.
1569 Put it in permanent memory. */
1572 int old_pool = store_pool;
1573 store_pool = POOL_TAINT_PERM; /* names are tainted */
1575 sender_host_name = string_copylc(US hosts->h_name);
1577 /* If the host has aliases, build a copy of the alias list */
1579 if (hosts->h_aliases)
1584 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
1585 store_pool = POOL_PERM;
1586 ptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE);
1587 store_pool = POOL_TAINT_PERM;
1589 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)
1590 *ptr++ = string_copylc(*aliases);
1593 store_pool = old_pool;
1601 /*************************************************
1602 * Find host name for incoming call *
1603 *************************************************/
1605 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1606 up a list of alias names, pointed to by sender_host_alias. The list is
1607 NULL-terminated. The incoming address is in sender_host_address, either in
1608 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1610 This function does a thorough check that the names it finds point back to the
1611 incoming IP address. Any that do not are discarded. Note that this is relied on
1612 by the ACL reverse_host_lookup check.
1614 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1615 this it not universally true. Also, for release 4.30, this function was changed
1616 to do a direct DNS lookup first, by default[1], because it turns out that that
1617 is the only guaranteed way to find all the aliases on some systems. My
1618 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1621 [1] The actual order is controlled by the host_lookup_order option.
1624 Returns: OK on success, the answer being placed in the global variable
1625 sender_host_name, with any aliases in a list hung off
1627 FAIL if no host name can be found
1628 DEFER if a temporary error was encountered
1630 The variable host_lookup_msg is set to an empty string on success, or to a
1631 reason for the failure otherwise, in a form suitable for tagging onto an error
1632 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1633 was a defer, host_lookup_deferred is set TRUE.
1635 Any dynamically constructed string for host_lookup_msg must be in permanent
1636 store, because it might be used for several incoming messages on the same SMTP
1640 host_name_lookup(void)
1644 uschar *save_hostname;
1647 const uschar *list = host_lookup_order;
1648 dns_answer * dnsa = store_get_dns_answer();
1651 sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
1653 HDEBUG(D_host_lookup)
1654 debug_printf("looking up host name for %s\n", sender_host_address);
1656 /* For testing the case when a lookup does not complete, we have a special
1657 reserved IP address. */
1659 if (f.running_in_test_harness &&
1660 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1662 HDEBUG(D_host_lookup)
1663 debug_printf("Test harness: host name lookup returns DEFER\n");
1664 host_lookup_deferred = TRUE;
1668 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1669 the order specified by the host_lookup_order option. */
1671 while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
1673 if (strcmpic(ordername, US"bydns") == 0)
1675 uschar * name = dns_build_reverse(sender_host_address);
1677 dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
1678 rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
1680 /* The first record we come across is used for the name; others are
1681 considered to be aliases. We have to scan twice, in order to find out the
1682 number of aliases. However, if all the names are empty, we will behave as
1683 if failure. (PTR records that yield empty names have been encountered in
1686 if (rc == DNS_SUCCEED)
1688 uschar **aptr = NULL;
1691 int old_pool = store_pool;
1693 sender_host_dnssec = dns_is_secure(dnsa);
1695 debug_printf("Reverse DNS security status: %s\n",
1696 sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
1698 store_pool = POOL_PERM; /* Save names in permanent storage */
1700 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1702 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1705 /* Get store for the list of aliases. For compatibility with
1706 gethostbyaddr, we make an empty list if there are none. */
1708 aptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE);
1710 /* Re-scan and extract the names */
1712 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1714 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1716 uschar * s = store_get(ssize, TRUE); /* names are tainted */
1718 /* If an overlong response was received, the data will have been
1719 truncated and dn_expand may fail. */
1721 if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1722 US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1724 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1725 sender_host_address);
1729 store_release_above(s + Ustrlen(s) + 1);
1732 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1733 "empty name: treated as non-existent host name\n");
1736 if (!sender_host_name) sender_host_name = s;
1738 while (*s) { *s = tolower(*s); s++; }
1741 *aptr = NULL; /* End of alias list */
1742 store_pool = old_pool; /* Reset store pool */
1744 /* If we've found a name, break out of the "order" loop */
1746 if (sender_host_name) break;
1749 /* If the DNS lookup deferred, we must also defer. */
1751 if (rc == DNS_AGAIN)
1753 HDEBUG(D_host_lookup)
1754 debug_printf("IP address PTR lookup gave temporary error\n");
1755 host_lookup_deferred = TRUE;
1760 /* Do a lookup using gethostbyaddr() - or equivalent */
1762 else if (strcmpic(ordername, US"byaddr") == 0)
1764 HDEBUG(D_host_lookup)
1765 debug_printf("IP address lookup using gethostbyaddr()\n");
1766 rc = host_name_lookup_byaddr();
1769 host_lookup_deferred = TRUE;
1770 return rc; /* Can't carry on */
1772 if (rc == OK) break; /* Found a name */
1774 } /* Loop for bydns/byaddr scanning */
1776 /* If we have failed to find a name, return FAIL and log when required.
1777 NB host_lookup_msg must be in permanent store. */
1779 if (!sender_host_name)
1781 if (host_checking || !f.log_testing_mode)
1782 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1783 "address %s", sender_host_address);
1784 host_lookup_msg = US" (failed to find host name from IP address)";
1785 host_lookup_failed = TRUE;
1789 HDEBUG(D_host_lookup)
1791 uschar **aliases = sender_host_aliases;
1792 debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
1793 while (*aliases != NULL) debug_printf(" alias \"%s\"\n", *aliases++);
1796 /* We need to verify that a forward lookup on the name we found does indeed
1797 correspond to the address. This is for security: in principle a malefactor who
1798 happened to own a reverse zone could set it to point to any names at all.
1800 This code was present in versions of Exim before 3.20. At that point I took it
1801 out because I thought that gethostbyaddr() did the check anyway. It turns out
1802 that this isn't always the case, so it's coming back in at 4.01. This version
1803 is actually better, because it also checks aliases.
1805 The code was made more robust at release 4.21. Prior to that, it accepted all
1806 the names if any of them had the correct IP address. Now the code checks all
1807 the names, and accepts only those that have the correct IP address. */
1809 save_hostname = sender_host_name; /* Save for error messages */
1810 aliases = sender_host_aliases;
1811 for (uschar * hname = sender_host_name; hname; hname = *aliases++)
1815 host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL };
1817 { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL };
1819 if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA,
1820 NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
1821 || rc == HOST_FOUND_LOCAL
1824 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1826 /* If the forward lookup was not secure we cancel the is-secure variable */
1828 DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
1829 h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
1830 if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
1832 for (host_item * hh = &h; hh; hh = hh->next)
1833 if (host_is_in_net(hh->address, sender_host_address, 0))
1835 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1840 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1842 if (!ok) HDEBUG(D_host_lookup)
1843 debug_printf("no IP address for %s matched %s\n", hname,
1844 sender_host_address);
1846 else if (rc == HOST_FIND_AGAIN)
1848 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1849 host_lookup_deferred = TRUE;
1850 sender_host_name = NULL;
1854 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1856 /* If this name is no good, and it's the sender name, set it null pro tem;
1857 if it's an alias, just remove it from the list. */
1861 if (hname == sender_host_name) sender_host_name = NULL; else
1863 uschar **a; /* Don't amalgamate - some */
1864 a = --aliases; /* compilers grumble */
1865 while (*a != NULL) { *a = a[1]; a++; }
1870 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1871 it with the first alias, if there is one. */
1873 if (sender_host_name == NULL && *sender_host_aliases != NULL)
1874 sender_host_name = *sender_host_aliases++;
1876 /* If we now have a main name, all is well. */
1878 if (sender_host_name != NULL) return OK;
1880 /* We have failed to find an address that matches. */
1882 HDEBUG(D_host_lookup)
1883 debug_printf("%s does not match any IP address for %s\n",
1884 sender_host_address, save_hostname);
1886 /* This message must be in permanent store */
1888 old_pool = store_pool;
1889 store_pool = POOL_PERM;
1890 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1891 sender_host_address, save_hostname);
1892 store_pool = old_pool;
1893 host_lookup_failed = TRUE;
1900 /*************************************************
1901 * Find IP address(es) for host by name *
1902 *************************************************/
1904 /* The input is a host_item structure with the name filled in and the address
1905 field set to NULL. We use gethostbyname() or getipnodebyname() or
1906 gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
1907 but they do not do MX processing. It appears, however, that in some systems the
1908 current setting of resolver options is used when one of these functions calls
1909 the resolver. For this reason, we call dns_init() at the start, with arguments
1910 influenced by bits in "flags", just as we do for host_find_bydns().
1912 The second argument provides a host list (usually an IP list) of hosts to
1913 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1914 addresses in unreasonable places.
1916 The lookup may result in a change of name. For compatibility with the dns
1917 lookup, return this via fully_qualified_name as well as updating the host item.
1918 The lookup may also yield more than one IP address, in which case chain on
1919 subsequent host_item structures.
1922 host a host item with the name and MX filled in;
1923 the address is to be filled in;
1924 multiple IP addresses cause other host items to be
1926 ignore_target_hosts a list of hosts to ignore
1927 flags HOST_FIND_QUALIFY_SINGLE ) passed to
1928 HOST_FIND_SEARCH_PARENTS ) dns_init()
1929 fully_qualified_name if not NULL, set to point to host name for
1930 compatibility with host_find_bydns
1931 local_host_check TRUE if a check for the local host is wanted
1933 Returns: HOST_FIND_FAILED Failed to find the host or domain
1934 HOST_FIND_AGAIN Try again later
1935 HOST_FOUND Host found - data filled in
1936 HOST_FOUND_LOCAL Host found and is the local host
1940 host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags,
1941 const uschar **fully_qualified_name, BOOL local_host_check)
1944 host_item *last = NULL;
1945 BOOL temp_error = FALSE;
1949 /* Copy the host name at this point to the value which is used for
1950 TLS certificate name checking, before anything modifies it. */
1952 host->certname = host->name;
1955 /* Make sure DNS options are set as required. This appears to be necessary in
1956 some circumstances when the get..byname() function actually calls the DNS. */
1958 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
1959 (flags & HOST_FIND_SEARCH_PARENTS) != 0,
1960 FALSE); /* Cannot retrieve dnssec status so do not request */
1962 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
1963 kinds of address, so go round the loop twice. Note that we have ensured that
1964 AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
1965 code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
1966 lookups here (except when testing standalone). */
1974 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
1975 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
1978 { af = AF_INET; times = 1; }
1980 { af = AF_INET6; times = 2; }
1982 /* No IPv6 support */
1984 #else /* HAVE_IPV6 */
1985 af = AF_INET; times = 1;
1986 #endif /* HAVE_IPV6 */
1988 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1989 interface to this function can be similar to host_find_bydns. */
1991 f.host_find_failed_syntax = FALSE;
1993 /* Loop to look up both kinds of address in an IPv6 world */
1995 for (int i = 1; i <= times;
1997 af = AF_INET, /* If 2 passes, IPv4 on the second */
2003 struct hostent *hostdata;
2004 unsigned long time_msec = 0; /* compiler quietening */
2007 printf("Looking up: %s\n", host->name);
2010 if (slow_lookup_log) time_msec = get_time_in_ms();
2013 if (f.running_in_test_harness)
2014 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
2017 #if HAVE_GETIPNODEBYNAME
2018 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
2020 hostdata = gethostbyname2(CS host->name, af);
2021 error_num = h_errno;
2025 #else /* not HAVE_IPV6 */
2026 if (f.running_in_test_harness)
2027 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
2030 hostdata = gethostbyname(CS host->name);
2031 error_num = h_errno;
2033 #endif /* HAVE_IPV6 */
2035 if ( slow_lookup_log
2036 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
2037 log_long_lookup(US"gethostbyname", host->name, time_msec);
2044 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
2045 case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
2046 case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
2047 case NO_DATA: error = US"NO_DATA"; break;
2048 #if NO_DATA != NO_ADDRESS
2049 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
2051 default: error = US"?"; break;
2054 DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
2055 f.running_in_test_harness ? "host_fake_gethostbyname" :
2057 # if HAVE_GETIPNODEBYNAME
2065 af == AF_INET ? "inet" : "inet6", error_num, error);
2069 if (!(hostdata->h_addr_list)[0]) continue;
2071 /* Replace the name with the fully qualified one if necessary, and fill in
2072 the fully_qualified_name pointer. */
2074 if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
2075 host->name = string_copy_dnsdomain(US hostdata->h_name);
2076 if (fully_qualified_name) *fully_qualified_name = host->name;
2078 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2079 by their different lengths. Scan the list, ignoring any that are to be
2080 ignored, and build a chain from the rest. */
2082 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2084 for (uschar ** addrlist = USS hostdata->h_addr_list; *addrlist; addrlist++)
2086 uschar *text_address =
2087 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2090 if ( ignore_target_hosts
2091 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2092 text_address, NULL) == OK)
2094 DEBUG(D_host_lookup)
2095 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2100 /* If this is the first address, last is NULL and we put the data in the
2105 host->address = text_address;
2106 host->port = PORT_NONE;
2107 host->status = hstatus_unknown;
2108 host->why = hwhy_unknown;
2109 host->dnssec = DS_UNK;
2113 /* Else add further host item blocks for any other addresses, keeping
2118 host_item *next = store_get(sizeof(host_item), FALSE);
2119 next->name = host->name;
2121 next->certname = host->certname;
2123 next->mx = host->mx;
2124 next->address = text_address;
2125 next->port = PORT_NONE;
2126 next->status = hstatus_unknown;
2127 next->why = hwhy_unknown;
2128 next->dnssec = DS_UNK;
2130 next->next = last->next;
2137 /* If no hosts were found, the address field in the original host block will be
2138 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2139 so we pass that back. */
2145 !message_id[0] && smtp_in
2146 ? string_sprintf("no IP address found for host %s (during %s)", host->name,
2147 smtp_get_connection_info()) :
2149 string_sprintf("no IP address found for host %s", host->name);
2151 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2152 if (temp_error) goto RETURN_AGAIN;
2153 if (host_checking || !f.log_testing_mode)
2154 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2155 return HOST_FIND_FAILED;
2158 /* Remove any duplicate IP addresses, then check to see if this is the local
2159 host if required. */
2161 host_remove_duplicates(host, &last);
2162 yield = local_host_check?
2163 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2165 HDEBUG(D_host_lookup)
2167 if (fully_qualified_name)
2168 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2169 debug_printf("%s looked up these IP addresses:\n",
2171 #if HAVE_GETIPNODEBYNAME
2180 for (const host_item * h = host; h != last->next; h = h->next)
2181 debug_printf(" name=%s address=%s\n", h->name,
2182 h->address ? h->address : US"<null>");
2185 /* Return the found status. */
2189 /* Handle the case when there is a temporary error. If the name matches
2190 dns_again_means_nonexist, return permanent rather than temporary failure. */
2196 const uschar *save = deliver_domain;
2197 deliver_domain = host->name; /* set $domain */
2198 rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
2199 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
2200 deliver_domain = save;
2203 DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: "
2204 "returning HOST_FIND_FAILED\n", host->name);
2205 return HOST_FIND_FAILED;
2208 return HOST_FIND_AGAIN;
2214 /*************************************************
2215 * Fill in a host address from the DNS *
2216 *************************************************/
2218 /* Given a host item, with its name, port and mx fields set, and its address
2219 field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
2220 create additional host items for the additional addresses, copying all the
2221 other fields, and randomizing the order.
2223 On IPv6 systems, AAAA records are sought first, then A records.
2225 The host name may be changed if the DNS returns a different name - e.g. fully
2226 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2227 ensures that it points to the fully qualified name. However, this is the fully
2228 qualified version of the original name; if a CNAME is involved, the actual
2229 canonical host name may be different again, and so we get it directly from the
2230 relevant RR. Note that we do NOT change the mx field of the host item in this
2231 function as it may be called to set the addresses of hosts taken from MX
2235 host points to the host item we're filling in
2236 lastptr points to pointer to last host item in a chain of
2237 host items (may be updated if host is last and gets
2238 extended because multihomed)
2239 ignore_target_hosts list of hosts to ignore
2240 allow_ip if TRUE, recognize an IP address and return it
2241 fully_qualified_name if not NULL, return fully qualified name here if
2242 the contents are different (i.e. it must be preset
2244 dnssec_request if TRUE request the AD bit
2245 dnssec_require if TRUE require the AD bit
2246 whichrrs select ipv4, ipv6 results
2248 Returns: HOST_FIND_FAILED couldn't find A record
2249 HOST_FIND_AGAIN try again later
2250 HOST_FIND_SECURITY dnssec required but not acheived
2251 HOST_FOUND found AAAA and/or A record(s)
2252 HOST_IGNORED found, but all IPs ignored
2256 set_address_from_dns(host_item *host, host_item **lastptr,
2257 const uschar *ignore_target_hosts, BOOL allow_ip,
2258 const uschar **fully_qualified_name,
2259 BOOL dnssec_request, BOOL dnssec_require, int whichrrs)
2261 host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
2262 BOOL v6_find_again = FALSE;
2263 BOOL dnssec_fail = FALSE;
2267 /* Copy the host name at this point to the value which is used for
2268 TLS certificate name checking, before any CNAME-following modifies it. */
2270 host->certname = host->name;
2273 /* If allow_ip is set, a name which is an IP address returns that value
2274 as its address. This is used for MX records when allow_mx_to_ip is set, for
2275 those sites that feel they have to flaunt the RFC rules. */
2277 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2280 if ( ignore_target_hosts
2281 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2282 host->name, NULL) == OK)
2283 return HOST_IGNORED;
2286 host->address = host->name;
2290 /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
2291 looking for AAAA records the first time. However, unless doing standalone
2292 testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.
2293 On an IPv4 system, go round the loop once only, looking only for A records. */
2298 || !(whichrrs & HOST_FIND_BY_AAAA)
2300 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
2301 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
2303 i = 0; /* look up A records only */
2305 #endif /* STAND_ALONE */
2307 i = 1; /* look up AAAA and A records */
2309 /* The IPv4 world */
2311 #else /* HAVE_IPV6 */
2312 i = 0; /* look up A records only */
2313 #endif /* HAVE_IPV6 */
2317 static int types[] = { T_A, T_AAAA };
2318 int type = types[i];
2319 int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
2320 ? 500 : 0; /* Ensures v6/4 sort order */
2321 dns_answer * dnsa = store_get_dns_answer();
2324 int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);
2325 lookup_dnssec_authenticated = !dnssec_request ? NULL
2326 : dns_is_secure(dnsa) ? US"yes" : US"no";
2329 if ( (dnssec_request || dnssec_require)
2330 && !dns_is_secure(dnsa)
2333 debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name);
2335 /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups
2336 fails or times out, but not if another one succeeds. (In the early
2337 IPv6 days there are name servers that always fail on AAAA, but are happy
2338 to give out an A record. We want to proceed with that A record.) */
2340 if (rc != DNS_SUCCEED)
2342 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2344 if (host->address != NULL) return HOST_FOUND; /* AAAA was found */
2345 if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2346 return HOST_FIND_AGAIN;
2347 return HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2350 /* Tried for an AAAA record: remember if this was a temporary
2351 error, and look for the next record type. */
2353 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2359 if (dns_is_secure(dnsa))
2361 DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name);
2362 if (host->dnssec == DS_UNK) /* set in host_find_bydns() */
2363 host->dnssec = DS_YES;
2370 DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
2371 i>0 ? "AAAA" : "A", host->name);
2374 if (host->dnssec == DS_YES) /* set in host_find_bydns() */
2376 DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name);
2377 host->dnssec = DS_NO;
2378 lookup_dnssec_authenticated = US"no";
2383 /* Lookup succeeded: fill in the given host item with the first non-ignored
2384 address found; create additional items for any others. A single A6 record
2385 may generate more than one address. The lookup had a chance to update the
2386 fqdn; we do not want any later times round the loop to do so. */
2388 fully_qualified_name = NULL;
2390 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2392 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
2394 dns_address * da = dns_address_from_rr(dnsa, rr);
2396 DEBUG(D_host_lookup)
2397 if (!da) debug_printf("no addresses extracted from A6 RR for %s\n",
2400 /* This loop runs only once for A and AAAA records, but may run
2401 several times for an A6 record that generated multiple addresses. */
2403 for (; da; da = da->next)
2406 if (ignore_target_hosts != NULL &&
2407 verify_check_this_host(&ignore_target_hosts, NULL,
2408 host->name, da->address, NULL) == OK)
2410 DEBUG(D_host_lookup)
2411 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2416 /* If this is the first address, stick it in the given host block,
2417 and change the name if the returned RR has a different name. */
2419 if (thishostlast == NULL)
2421 if (strcmpic(host->name, rr->name) != 0)
2422 host->name = string_copy_dnsdomain(rr->name);
2423 host->address = da->address;
2424 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2425 host->status = hstatus_unknown;
2426 host->why = hwhy_unknown;
2427 thishostlast = host;
2430 /* Not the first address. Check for, and ignore, duplicates. Then
2431 insert in the chain at a random point. */
2438 /* End of our local chain is specified by "thishostlast". */
2440 for (next = host;; next = next->next)
2442 if (Ustrcmp(CS da->address, next->address) == 0) break;
2443 if (next == thishostlast) { next = NULL; break; }
2445 if (next != NULL) continue; /* With loop for next address */
2447 /* Not a duplicate */
2449 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2450 next = store_get(sizeof(host_item), FALSE);
2452 /* New address goes first: insert the new block after the first one
2453 (so as not to disturb the original pointer) but put the new address
2454 in the original block. */
2456 if (new_sort_key < host->sort_key)
2458 *next = *host; /* Copies port */
2460 host->address = da->address;
2461 host->sort_key = new_sort_key;
2462 if (thishostlast == host) thishostlast = next; /* Local last */
2463 if (*lastptr == host) *lastptr = next; /* Global last */
2466 /* Otherwise scan down the addresses for this host to find the
2467 one to insert after. */
2471 host_item *h = host;
2472 while (h != thishostlast)
2474 if (new_sort_key < h->next->sort_key) break;
2477 *next = *h; /* Copies port */
2479 next->address = da->address;
2480 next->sort_key = new_sort_key;
2481 if (h == thishostlast) thishostlast = next; /* Local last */
2482 if (h == *lastptr) *lastptr = next; /* Global last */
2489 /* Control gets here only if the second lookup (the A record) succeeded.
2490 However, the address may not be filled in if it was ignored. */
2492 return host->address
2495 ? HOST_FIND_SECURITY
2502 /*************************************************
2503 * Find IP addresses and host names via DNS *
2504 *************************************************/
2506 /* The input is a host_item structure with the name field filled in and the
2507 address field set to NULL. This may be in a chain of other host items. The
2508 lookup may result in more than one IP address, in which case we must created
2509 new host blocks for the additional addresses, and insert them into the chain.
2510 The original name may not be fully qualified. Use the fully_qualified_name
2511 argument to return the official name, as returned by the resolver.
2514 host point to initial host item
2515 ignore_target_hosts a list of hosts to ignore
2516 whichrrs flags indicating which RRs to look for:
2517 HOST_FIND_BY_SRV => look for SRV
2518 HOST_FIND_BY_MX => look for MX
2519 HOST_FIND_BY_A => look for A
2520 HOST_FIND_BY_AAAA => look for AAAA
2521 also flags indicating how the lookup is done
2522 HOST_FIND_QUALIFY_SINGLE ) passed to the
2523 HOST_FIND_SEARCH_PARENTS ) resolver
2524 HOST_FIND_IPV4_FIRST => reverse usual result ordering
2525 HOST_FIND_IPV4_ONLY => MX results elide ipv6
2526 srv_service when SRV used, the service name
2527 srv_fail_domains DNS errors for these domains => assume nonexist
2528 mx_fail_domains DNS errors for these domains => assume nonexist
2529 dnssec_d.request => make dnssec request: domainlist
2530 dnssec_d.require => ditto and nonexist failures
2531 fully_qualified_name if not NULL, return fully-qualified name
2532 removed set TRUE if local host was removed from the list
2534 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2535 if there was a syntax error,
2536 host_find_failed_syntax is set.
2537 HOST_FIND_AGAIN Could not resolve at this time
2538 HOST_FIND_SECURITY dnsssec required but not acheived
2539 HOST_FOUND Host found
2540 HOST_FOUND_LOCAL The lowest MX record points to this
2541 machine, if MX records were found, or
2542 an A record that was found contains
2543 an address of the local host
2547 host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
2548 uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
2549 const dnssec_domains *dnssec_d,
2550 const uschar **fully_qualified_name, BOOL *removed)
2552 host_item *h, *last;
2556 dns_answer * dnsa = store_get_dns_answer();
2558 BOOL dnssec_require = dnssec_d
2559 && match_isinlist(host->name, CUSS &dnssec_d->require,
2560 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
2561 BOOL dnssec_request = dnssec_require
2563 && match_isinlist(host->name, CUSS &dnssec_d->request,
2564 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
2565 dnssec_status_t dnssec;
2567 /* Set the default fully qualified name to the incoming name, initialize the
2568 resolver if necessary, set up the relevant options, and initialize the flag
2569 that gets set for DNS syntax check errors. */
2571 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2572 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2573 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
2575 f.host_find_failed_syntax = FALSE;
2577 /* First, if requested, look for SRV records. The service name is given; we
2578 assume TCP protocol. DNS domain names are constrained to a maximum of 256
2579 characters, so the code below should be safe. */
2581 if (whichrrs & HOST_FIND_BY_SRV)
2584 uschar * temp_fully_qualified_name;
2587 g = string_fmt_append(NULL, "_%s._tcp.%n%.256s",
2588 srv_service, &prefix_length, host->name);
2589 temp_fully_qualified_name = string_from_gstring(g);
2592 /* Search for SRV records. If the fully qualified name is different to
2593 the input name, pass back the new original domain, without the prepended
2597 lookup_dnssec_authenticated = NULL;
2598 rc = dns_lookup_timerwrap(dnsa, temp_fully_qualified_name, ind_type,
2599 CUSS &temp_fully_qualified_name);
2602 if ((dnssec_request || dnssec_require)
2603 && !dns_is_secure(dnsa)
2605 debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
2609 if (dns_is_secure(dnsa))
2610 { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
2612 { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
2615 if (temp_fully_qualified_name != g->s && fully_qualified_name != NULL)
2616 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2618 /* On DNS failures, we give the "try again" error unless the domain is
2619 listed as one for which we continue. */
2621 if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(dnsa))
2623 log_write(L_host_lookup_failed, LOG_MAIN,
2624 "dnssec fail on SRV for %.256s", host->name);
2627 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2630 if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
2631 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2633 { yield = HOST_FIND_AGAIN; goto out; }
2634 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2635 "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
2639 /* If we did not find any SRV records, search the DNS for MX records, if
2640 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2641 domain, and there's no point in going on to look for address records with the
2642 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2643 records. On DNS failures, we give the "try again" error unless the domain is
2644 listed as one for which we continue. */
2646 if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
2650 lookup_dnssec_authenticated = NULL;
2651 rc = dns_lookup_timerwrap(dnsa, host->name, ind_type, fully_qualified_name);
2654 if ( (dnssec_request || dnssec_require)
2655 && !dns_is_secure(dnsa)
2657 debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
2660 if (dns_is_secure(dnsa))
2662 DEBUG(D_host_lookup) debug_printf("%s (MX resp) DNSSEC\n", host->name);
2663 dnssec = DS_YES; lookup_dnssec_authenticated = US"yes";
2667 dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
2673 yield = HOST_FIND_FAILED; goto out;
2676 if (!dnssec_require || dns_is_secure(dnsa))
2678 DEBUG(D_host_lookup)
2679 debug_printf("dnssec fail on MX for %.256s", host->name);
2681 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2682 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2683 { yield = HOST_FIND_SECURITY; goto out; }
2691 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2692 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2694 { yield = HOST_FIND_AGAIN; goto out; }
2695 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2696 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2701 /* If we haven't found anything yet, and we are requested to do so, try for an
2702 A or AAAA record. If we find it (or them) check to see that it isn't the local
2705 if (rc != DNS_SUCCEED)
2707 if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA)))
2709 DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n");
2710 yield = HOST_FIND_FAILED;
2714 last = host; /* End of local chainlet */
2716 host->port = PORT_NONE;
2717 host->dnssec = DS_UNK;
2718 lookup_dnssec_authenticated = NULL;
2719 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2720 fully_qualified_name, dnssec_request, dnssec_require, whichrrs);
2722 /* If one or more address records have been found, check that none of them
2723 are local. Since we know the host items all have their IP addresses
2724 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2725 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2726 because set_address_from_dns() removes them. */
2728 if (rc == HOST_FOUND)
2729 rc = host_scan_for_local_hosts(host, &last, removed);
2731 if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
2733 DEBUG(D_host_lookup)
2736 if (fully_qualified_name)
2737 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2738 for (host_item * h = host; h != last->next; h = h->next)
2739 debug_printf("%s %s mx=%d sort=%d %s\n", h->name,
2740 h->address ? h->address : US"<null>", h->mx, h->sort_key,
2741 h->status >= hstatus_unusable ? US"*" : US"");
2748 /* We have found one or more MX or SRV records. Sort them according to
2749 precedence. Put the data for the first one into the existing host block, and
2750 insert new host_item blocks into the chain for the remainder. For equal
2751 precedences one is supposed to randomize the order. To make this happen, the
2752 sorting is actually done on the MX value * 1000 + a random number. This is put
2753 into a host field called sort_key.
2755 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2756 IPv6 address in preference. At this stage, we don't know what kind of address
2757 the host has. We choose a random number < 500; if later we find an A record
2758 first, we add 500 to the random number. Then for any other address records, we
2759 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2762 At this point we remove any duplicates that point to the same host, retaining
2763 only the one with the lowest precedence. We cannot yet check for precedence
2764 greater than that of the local host, because that test cannot be properly done
2765 until the addresses have been found - an MX record may point to a name for this
2766 host which is not the primary hostname. */
2768 last = NULL; /* Indicates that not even the first item is filled yet */
2770 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2772 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type)
2774 int precedence, weight;
2775 int port = PORT_NONE;
2776 const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
2779 GETSHORT(precedence, s); /* Pointer s is advanced */
2781 /* For MX records, we use a random "weight" which causes multiple records of
2782 the same precedence to sort randomly. */
2784 if (ind_type == T_MX)
2785 weight = random_number(500);
2788 /* SRV records are specified with a port and a weight. The weight is used
2789 in a special algorithm. However, to start with, we just use it to order the
2790 records of equal priority (precedence). */
2791 GETSHORT(weight, s);
2795 /* Get the name of the host pointed to. */
2797 (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
2798 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2800 /* Check that we haven't already got this host on the chain; if we have,
2801 keep only the lower precedence. This situation shouldn't occur, but you
2802 never know what junk might get into the DNS (and this case has been seen on
2803 more than one occasion). */
2805 if (last) /* This is not the first record */
2807 host_item *prev = NULL;
2809 for (h = host; h != last->next; prev = h, h = h->next)
2810 if (strcmpic(h->name, data) == 0)
2812 DEBUG(D_host_lookup)
2813 debug_printf("discarded duplicate host %s (MX=%d)\n", data,
2814 precedence > h->mx ? precedence : h->mx);
2815 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2816 if (h == host) /* Override first item */
2819 host->sort_key = precedence * 1000 + weight;
2823 /* Unwanted host item is not the first in the chain, so we can get
2824 get rid of it by cutting it out. */
2826 prev->next = h->next;
2827 if (h == last) last = prev;
2832 /* If this is the first MX or SRV record, put the data into the existing host
2833 block. Otherwise, add a new block in the correct place; if it has to be
2834 before the first block, copy the first block's data to a new second block. */
2838 host->name = string_copy_dnsdomain(data);
2839 host->address = NULL;
2841 host->mx = precedence;
2842 host->sort_key = precedence * 1000 + weight;
2843 host->status = hstatus_unknown;
2844 host->why = hwhy_unknown;
2845 host->dnssec = dnssec;
2850 /* Make a new host item and seek the correct insertion place */
2852 int sort_key = precedence * 1000 + weight;
2853 host_item *next = store_get(sizeof(host_item), FALSE);
2854 next->name = string_copy_dnsdomain(data);
2855 next->address = NULL;
2857 next->mx = precedence;
2858 next->sort_key = sort_key;
2859 next->status = hstatus_unknown;
2860 next->why = hwhy_unknown;
2861 next->dnssec = dnssec;
2864 /* Handle the case when we have to insert before the first item. */
2866 if (sort_key < host->sort_key)
2873 if (last == host) last = next;
2877 /* Else scan down the items we have inserted as part of this exercise;
2878 don't go further. */
2880 for (h = host; h != last; h = h->next)
2881 if (sort_key < h->next->sort_key)
2883 next->next = h->next;
2888 /* Join on after the last host item that's part of this
2889 processing if we haven't stopped sooner. */
2893 next->next = last->next;
2900 NEXT_MX_RR: continue;
2903 if (!last) /* No rr of correct type; give up */
2905 yield = HOST_FIND_FAILED;
2909 /* If the list of hosts was obtained from SRV records, there are two things to
2910 do. First, if there is only one host, and it's name is ".", it means there is
2911 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2912 priority according to their weights, using an algorithm that is defined in RFC
2913 2782. The hosts are currently sorted by priority and weight. For each priority
2914 group we have to pick off one host and put it first, and then repeat for any
2915 remaining in the same priority group. */
2917 if (ind_type == T_SRV)
2921 if (host == last && host->name[0] == 0)
2923 DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n");
2924 yield = HOST_FIND_FAILED;
2928 DEBUG(D_host_lookup)
2930 debug_printf("original ordering of hosts from SRV records:\n");
2931 for (h = host; h != last->next; h = h->next)
2932 debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2935 for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
2940 /* Find the last following host that has the same precedence. At the same
2941 time, compute the sum of the weights and the running totals. These can be
2942 stored in the sort_key field. */
2944 for (hh = h; hh != last; hh = hh->next)
2946 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2949 if (hh->mx != hh->next->mx) break;
2952 /* If there's more than one host at this precedence (priority), we need to
2953 pick one to go first. */
2959 int randomizer = random_number(sum + 1);
2961 for (ppptr = pptr, hhh = h;
2963 ppptr = &hhh->next, hhh = hhh->next)
2964 if (hhh->sort_key >= randomizer)
2967 /* hhh now points to the host that should go first; ppptr points to the
2968 place that points to it. Unfortunately, if the start of the minilist is
2969 the start of the entire list, we can't just swap the items over, because
2970 we must not change the value of host, since it is passed in from outside.
2971 One day, this could perhaps be changed.
2973 The special case is fudged by putting the new item *second* in the chain,
2974 and then transferring the data between the first and second items. We
2975 can't just swap the first and the chosen item, because that would mean
2976 that an item with zero weight might no longer be first. */
2980 *ppptr = hhh->next; /* Cuts it out of the chain */
2984 host_item temp = *h;
2987 hhh->next = temp.next;
2992 hhh->next = h; /* The rest of the chain follows it */
2993 *pptr = hhh; /* It takes the place of h */
2994 h = hhh; /* It's now the start of this minilist */
2999 /* A host has been chosen to be first at this priority and h now points
3000 to this host. There may be others at the same priority, or others at a
3001 different priority. Before we leave this host, we need to put back a sort
3002 key of the traditional MX kind, in case this host is multihomed, because
3003 the sort key is used for ordering the multiple IP addresses. We do not need
3004 to ensure that these new sort keys actually reflect the order of the hosts,
3007 h->sort_key = h->mx * 1000 + random_number(500);
3008 } /* Move on to the next host */
3011 /* Now we have to find IP addresses for all the hosts. We have ensured above
3012 that the names in all the host items are unique. Before release 4.61 we used to
3013 process records from the additional section in the DNS packet that returned the
3014 MX or SRV records. However, a DNS name server is free to drop any resource
3015 records from the additional section. In theory, this has always been a
3016 potential problem, but it is exacerbated by the advent of IPv6. If a host had
3017 several IPv4 addresses and some were not in the additional section, at least
3018 Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
3019 and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
3020 connection, and never try an IPv4 address. When there was only IPv4
3021 connectivity, this was a disaster that did in practice occur.
3023 So, from release 4.61 onwards, we always search for A and AAAA records
3024 explicitly. The names shouldn't point to CNAMES, but we use the general lookup
3025 function that handles them, just in case. If any lookup gives a soft error,
3026 change the default yield.
3028 For these DNS lookups, we must disable qualify_single and search_parents;
3029 otherwise invalid host names obtained from MX or SRV records can cause trouble
3030 if they happen to match something local. */
3032 yield = HOST_FIND_FAILED; /* Default yield */
3033 dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */
3034 dnssec_request || dnssec_require);
3036 for (h = host; h != last->next; h = h->next)
3038 if (h->address) continue; /* Inserted by a multihomed host */
3040 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
3041 NULL, dnssec_request, dnssec_require,
3042 whichrrs & HOST_FIND_IPV4_ONLY
3043 ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA);
3044 if (rc != HOST_FOUND)
3046 h->status = hstatus_unusable;
3049 case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break;
3050 case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break;
3051 case HOST_IGNORED: h->why = hwhy_ignored; break;
3052 default: h->why = hwhy_failed; break;
3057 /* Scan the list for any hosts that are marked unusable because they have
3058 been explicitly ignored, and remove them from the list, as if they did not
3059 exist. If we end up with just a single, ignored host, flatten its fields as if
3060 nothing was found. */
3062 if (ignore_target_hosts)
3064 host_item *prev = NULL;
3065 for (h = host; h != last->next; h = h->next)
3068 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3070 else if (prev == NULL) /* First host is ignored */
3072 if (h != last) /* First is not last */
3074 if (h->next == last) last = h; /* Overwrite it with next */
3075 *h = *(h->next); /* and reprocess it. */
3076 goto REDO; /* C should have redo, like Perl */
3079 else /* Ignored host is not first - */
3081 prev->next = h->next;
3082 if (h == last) last = prev;
3086 if (host->why == hwhy_ignored) host->address = NULL;
3089 /* There is still one complication in the case of IPv6. Although the code above
3090 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3091 hosts, it doesn't do this for addresses that apply to different hosts with the
3092 same MX precedence, because the sorting on MX precedence happens first. So we
3093 have to make another pass to check for this case. We ensure that, within a
3094 single MX preference value, IPv6 addresses come first. This can separate the
3095 addresses of a multihomed host, but that should not matter. */
3098 if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
3101 host_item *next = h->next;
3103 if ( h->mx != next->mx /* If next is different MX */
3104 || !h->address /* OR this one is unset */
3106 continue; /* move on to next */
3108 if ( whichrrs & HOST_FIND_IPV4_FIRST
3109 ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */
3111 && Ustrchr(next->address, ':') /* OR next is IPv6 */
3113 : Ustrchr(h->address, ':') /* OR this one is IPv6 */
3115 && !Ustrchr(next->address, ':') /* OR next is IPv4 */
3117 continue; /* move on to next */
3119 temp = *h; /* otherwise, swap */
3120 temp.next = next->next;
3127 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3128 whose IP addresses are on the local host. If any are found, all hosts with the
3129 same or higher MX values are removed. However, if the local host has the lowest
3130 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3131 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3132 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3133 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3134 be HOST_FIND_FAILED. */
3136 host_remove_duplicates(host, &last);
3137 rc = host_scan_for_local_hosts(host, &last, removed);
3138 if (rc != HOST_FIND_FAILED) yield = rc;
3140 DEBUG(D_host_lookup)
3142 if (fully_qualified_name)
3143 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
3144 debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
3145 yield == HOST_FOUND ? "HOST_FOUND" :
3146 yield == HOST_FOUND_LOCAL ? "HOST_FOUND_LOCAL" :
3147 yield == HOST_FIND_SECURITY ? "HOST_FIND_SECURITY" :
3148 yield == HOST_FIND_AGAIN ? "HOST_FIND_AGAIN" :
3149 yield == HOST_FIND_FAILED ? "HOST_FIND_FAILED" : "?",
3151 for (h = host; h != last->next; h = h->next)
3153 debug_printf(" %s %s MX=%d %s", h->name,
3154 !h->address ? US"<null>" : h->address, h->mx,
3155 h->dnssec == DS_YES ? US"DNSSEC " : US"");
3156 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3157 if (h->status >= hstatus_unusable) debug_printf("*");
3164 dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
3172 /* Lookup TLSA record for host/port.
3173 Return: OK success with dnssec; DANE mode
3174 DEFER Do not use this host now, may retry later
3175 FAIL_FORCED No TLSA record; DANE not usable
3176 FAIL Do not use this connection
3180 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
3183 const uschar * fullname = buffer;
3187 /* TLSA lookup string */
3188 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
3190 rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
3191 sec = dns_is_secure(dnsa);
3193 debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
3198 return DEFER; /* just defer this TLS'd conn */
3206 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
3207 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
3208 if (rr->type == T_TLSA && rr->size > 3)
3210 uint16_t payload_length = rr->size - 3;
3211 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
3213 sp += sprintf(CS sp, "%d ", *p++); /* usage */
3214 sp += sprintf(CS sp, "%d ", *p++); /* selector */
3215 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
3216 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
3217 sp += sprintf(CS sp, "%02x", *p++);
3219 debug_printf(" %s\n", s);
3224 log_write(0, LOG_MAIN,
3225 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
3228 case DNS_NODATA: /* no TLSA RR for this lookup */
3229 case DNS_NOMATCH: /* no records at all for this lookup */
3230 return dane_required ? FAIL : FAIL_FORCED;
3234 return dane_required ? FAIL : DEFER;
3237 #endif /*SUPPORT_DANE*/
3241 /*************************************************
3242 **************************************************
3243 * Stand-alone test program *
3244 **************************************************
3245 *************************************************/
3249 int main(int argc, char **cargv)
3252 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3253 BOOL byname = FALSE;
3254 BOOL qualify_single = TRUE;
3255 BOOL search_parents = FALSE;
3256 BOOL request_dnssec = FALSE;
3257 BOOL require_dnssec = FALSE;
3258 uschar **argv = USS cargv;
3261 disable_ipv6 = FALSE;
3262 primary_hostname = US"";
3263 store_pool = POOL_MAIN;
3264 debug_selector = D_host_lookup|D_interface;
3265 debug_file = stdout;
3266 debug_fd = fileno(debug_file);
3268 printf("Exim stand-alone host functions test\n");
3270 host_find_interfaces();
3271 debug_selector = D_host_lookup | D_dns;
3273 if (argc > 1) primary_hostname = argv[1];
3275 /* So that debug level changes can be done first */
3277 dns_init(qualify_single, search_parents, FALSE);
3279 printf("Testing host lookup\n");
3281 while (Ufgets(buffer, 256, stdin) != NULL)
3284 int len = Ustrlen(buffer);
3285 uschar *fully_qualified_name;
3287 while (len > 0 && isspace(buffer[len-1])) len--;
3290 if (Ustrcmp(buffer, "q") == 0) break;
3292 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3293 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3294 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3295 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3296 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3297 else if (Ustrcmp(buffer, "srv+a") == 0)
3298 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3299 else if (Ustrcmp(buffer, "srv+mx") == 0)
3300 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3301 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3302 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3303 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3304 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3305 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3306 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3307 else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
3308 else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
3309 else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
3310 else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
3311 else if (Ustrcmp(buffer, "test_harness") == 0)
3312 f.running_in_test_harness = !f.running_in_test_harness;
3313 else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
3314 else if (Ustrcmp(buffer, "res_debug") == 0)
3316 _res.options ^= RES_DEBUG;
3318 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3320 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3321 _res.retrans = dns_retrans;
3323 else if (Ustrncmp(buffer, "retry", 5) == 0)
3325 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3326 _res.retry = dns_retry;
3330 int flags = whichrrs;
3337 h.status = hstatus_unknown;
3338 h.why = hwhy_unknown;
3341 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3342 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3344 d.request = request_dnssec ? &h.name : NULL;
3345 d.require = require_dnssec ? &h.name : NULL;
3348 ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
3349 : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3350 &d, &fully_qualified_name, NULL);
3354 case HOST_FIND_FAILED: printf("Failed\n"); break;
3355 case HOST_FIND_AGAIN: printf("Again\n"); break;
3356 case HOST_FIND_SECURITY: printf("Security\n"); break;
3357 case HOST_FOUND_LOCAL: printf("Local\n"); break;
3364 printf("Testing host_aton\n");
3366 while (Ufgets(buffer, 256, stdin) != NULL)
3369 int len = Ustrlen(buffer);
3371 while (len > 0 && isspace(buffer[len-1])) len--;
3374 if (Ustrcmp(buffer, "q") == 0) break;
3376 len = host_aton(buffer, x);
3377 printf("length = %d ", len);
3378 for (int i = 0; i < len; i++)
3380 printf("%04x ", (x[i] >> 16) & 0xffff);
3381 printf("%04x ", x[i] & 0xffff);
3388 printf("Testing host_name_lookup\n");
3390 while (Ufgets(buffer, 256, stdin) != NULL)
3392 int len = Ustrlen(buffer);
3393 while (len > 0 && isspace(buffer[len-1])) len--;
3395 if (Ustrcmp(buffer, "q") == 0) break;
3396 sender_host_address = buffer;
3397 sender_host_name = NULL;
3398 sender_host_aliases = NULL;
3399 host_lookup_msg = US"";
3400 host_lookup_failed = FALSE;
3401 if (host_name_lookup() == FAIL) /* Debug causes printing */
3402 printf("Lookup failed:%s\n", host_lookup_msg);
3410 #endif /* STAND_ALONE */