summaryrefslogtreecommitdiffstats
path: root/src/routers/iplookup.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:44:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:44:07 +0000
commit39ce00b8d520cbecbd6af87257e8fb11df0ec273 (patch)
tree4c21a2674c19e5c44be3b3550b476b9e63d8ae3d /src/routers/iplookup.c
parentInitial commit. (diff)
downloadexim4-39ce00b8d520cbecbd6af87257e8fb11df0ec273.tar.xz
exim4-39ce00b8d520cbecbd6af87257e8fb11df0ec273.zip
Adding upstream version 4.94.2.upstream/4.94.2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--src/routers/iplookup.c422
1 files changed, 422 insertions, 0 deletions
diff --git a/src/routers/iplookup.c b/src/routers/iplookup.c
new file mode 100644
index 0000000..02b43ee
--- /dev/null
+++ b/src/routers/iplookup.c
@@ -0,0 +1,422 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+#include "../exim.h"
+#include "rf_functions.h"
+#include "iplookup.h"
+
+
+/* IP connection types */
+
+#define ip_udp 0
+#define ip_tcp 1
+
+
+/* Options specific to the iplookup router. */
+
+optionlist iplookup_router_options[] = {
+ { "hosts", opt_stringptr,
+ OPT_OFF(iplookup_router_options_block, hosts) },
+ { "optional", opt_bool,
+ OPT_OFF(iplookup_router_options_block, optional) },
+ { "port", opt_int,
+ OPT_OFF(iplookup_router_options_block, port) },
+ { "protocol", opt_stringptr,
+ OPT_OFF(iplookup_router_options_block, protocol_name) },
+ { "query", opt_stringptr,
+ OPT_OFF(iplookup_router_options_block, query) },
+ { "reroute", opt_stringptr,
+ OPT_OFF(iplookup_router_options_block, reroute) },
+ { "response_pattern", opt_stringptr,
+ OPT_OFF(iplookup_router_options_block, response_pattern) },
+ { "timeout", opt_time,
+ OPT_OFF(iplookup_router_options_block, timeout) }
+};
+
+/* Size of the options list. An extern variable has to be used so that its
+address can appear in the tables drtables.c. */
+
+int iplookup_router_options_count =
+ sizeof(iplookup_router_options)/sizeof(optionlist);
+
+
+#ifdef MACRO_PREDEF
+
+/* Dummy entries */
+iplookup_router_options_block iplookup_router_option_defaults = {0};
+void iplookup_router_init(router_instance *rblock) {}
+int iplookup_router_entry(router_instance *rblock, address_item *addr,
+ struct passwd *pw, int verify, address_item **addr_local,
+ address_item **addr_remote, address_item **addr_new,
+ address_item **addr_succeed) {return 0;}
+
+#else /*!MACRO_PREDEF*/
+
+
+/* Default private options block for the iplookup router. */
+
+iplookup_router_options_block iplookup_router_option_defaults = {
+ -1, /* port */
+ ip_udp, /* protocol */
+ 5, /* timeout */
+ NULL, /* protocol_name */
+ NULL, /* hosts */
+ NULL, /* query; NULL => local_part@domain */
+ NULL, /* response_pattern; NULL => don't apply regex */
+ NULL, /* reroute; NULL => just used returned data */
+ NULL, /* re_response_pattern; compiled pattern */
+ FALSE /* optional */
+};
+
+
+
+/*************************************************
+* Initialization entry point *
+*************************************************/
+
+/* Called for each instance, after its options have been read, to enable
+consistency checks to be done, or anything else that needs to be set up. */
+
+void
+iplookup_router_init(router_instance *rblock)
+{
+iplookup_router_options_block *ob =
+ (iplookup_router_options_block *)(rblock->options_block);
+
+/* A port and a host list must be given */
+
+if (ob->port < 0)
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
+ "a port must be specified", rblock->name);
+
+if (ob->hosts == NULL)
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
+ "a host list must be specified", rblock->name);
+
+/* Translate protocol name into value */
+
+if (ob->protocol_name != NULL)
+ {
+ if (Ustrcmp(ob->protocol_name, "udp") == 0) ob->protocol = ip_udp;
+ else if (Ustrcmp(ob->protocol_name, "tcp") == 0) ob->protocol = ip_tcp;
+ else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
+ "protocol not specified as udp or tcp", rblock->name);
+ }
+
+/* If a response pattern is given, compile it now to get the error early. */
+
+if (ob->response_pattern != NULL)
+ ob->re_response_pattern =
+ regex_must_compile(ob->response_pattern, FALSE, TRUE);
+}
+
+
+
+/*************************************************
+* Main entry point *
+*************************************************/
+
+/* See local README for interface details. This router returns:
+
+DECLINE
+ . pattern or identification match on returned data failed
+
+DEFER
+ . failed to expand the query or rerouting string
+ . failed to create socket ("optional" not set)
+ . failed to find a host, failed to connect, timed out ("optional" not set)
+ . rerouting string is not in the form localpart@domain
+ . verifying the errors address caused a deferment or a big disaster such
+ as an expansion failure (rf_get_errors_address)
+ . expanding a headers_{add,remove} string caused a deferment or another
+ expansion error (rf_get_munge_headers)
+
+PASS
+ . failed to create socket ("optional" set)
+ . failed to find a host, failed to connect, timed out ("optional" set)
+
+OK
+ . new address added to addr_new
+*/
+
+int
+iplookup_router_entry(
+ router_instance *rblock, /* data for this instantiation */
+ address_item *addr, /* address we are working on */
+ struct passwd *pw, /* passwd entry after check_local_user */
+ int verify, /* v_none/v_recipient/v_sender/v_expn */
+ address_item **addr_local, /* add it to this if it's local */
+ address_item **addr_remote, /* add it to this if it's remote */
+ address_item **addr_new, /* put new addresses on here */
+ address_item **addr_succeed) /* put old address here on success */
+{
+uschar *query = NULL;
+uschar *reply;
+uschar *hostname, *reroute, *domain;
+const uschar *listptr;
+uschar host_buffer[256];
+host_item *host = store_get(sizeof(host_item), FALSE);
+address_item *new_addr;
+iplookup_router_options_block *ob =
+ (iplookup_router_options_block *)(rblock->options_block);
+const pcre *re = ob->re_response_pattern;
+int count, query_len, rc;
+int sep = 0;
+
+addr_local = addr_local; /* Keep picky compilers happy */
+addr_remote = addr_remote;
+addr_succeed = addr_succeed;
+pw = pw;
+
+DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n",
+ rblock->name, addr->address, addr->domain);
+
+reply = store_get(256, TRUE); /* tainted data */
+
+/* Build the query string to send. If not explicitly given, a default of
+"user@domain user@domain" is used. */
+
+if (ob->query == NULL)
+ query = string_sprintf("%s@%s %s@%s", addr->local_part, addr->domain,
+ addr->local_part, addr->domain);
+else
+ {
+ query = expand_string(ob->query);
+ if (query == NULL)
+ {
+ addr->message = string_sprintf("%s router: failed to expand %s: %s",
+ rblock->name, ob->query, expand_string_message);
+ return DEFER;
+ }
+ }
+
+query_len = Ustrlen(query);
+DEBUG(D_route) debug_printf("%s router query is \"%s\"\n", rblock->name,
+ string_printing(query));
+
+/* Now connect to the required port for each of the hosts in turn, until a
+response it received. Initialization insists on the port being set and there
+being a host list. */
+
+listptr = ob->hosts;
+while ((hostname = string_nextinlist(&listptr, &sep, host_buffer,
+ sizeof(host_buffer))))
+ {
+ host_item *h;
+
+ DEBUG(D_route) debug_printf("calling host %s\n", hostname);
+
+ host->name = hostname;
+ host->address = NULL;
+ host->port = PORT_NONE;
+ host->mx = MX_NONE;
+ host->next = NULL;
+
+ if (string_is_ip_address(host->name, NULL) != 0)
+ host->address = host->name;
+ else
+ {
+/*XXX might want dnssec request/require on an iplookup router? */
+ int rc = host_find_byname(host, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
+ if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) continue;
+ }
+
+ /* Loop for possible multiple IP addresses for the given name. */
+
+ for (h = host; h; h = h->next)
+ {
+ int host_af;
+ client_conn_ctx query_cctx = {0};
+
+ /* Skip any hosts for which we have no address */
+
+ if (!h->address) continue;
+
+ /* Create a socket, for UDP or TCP, as configured. IPv6 addresses are
+ detected by checking for a colon in the address. */
+
+ host_af = (Ustrchr(h->address, ':') != NULL)? AF_INET6 : AF_INET;
+
+ query_cctx.sock = ip_socket(ob->protocol == ip_udp ? SOCK_DGRAM:SOCK_STREAM,
+ host_af);
+ if (query_cctx.sock < 0)
+ {
+ if (ob->optional) return PASS;
+ addr->message = string_sprintf("failed to create socket in %s router",
+ rblock->name);
+ return DEFER;
+ }
+
+ /* Connect to the remote host, under a timeout. In fact, timeouts can occur
+ here only for TCP calls; for a UDP socket, "connect" always works (the
+ router will timeout later on the read call). */
+/*XXX could take advantage of TFO */
+
+ if (ip_connect(query_cctx.sock, host_af, h->address,ob->port, ob->timeout,
+ ob->protocol == ip_udp ? NULL : &tcp_fastopen_nodata) < 0)
+ {
+ close(query_cctx.sock);
+ DEBUG(D_route)
+ debug_printf("connection to %s failed: %s\n", h->address,
+ strerror(errno));
+ continue;
+ }
+
+ /* Send the query. If it fails, just continue with the next address. */
+
+ if (send(query_cctx.sock, query, query_len, 0) < 0)
+ {
+ DEBUG(D_route) debug_printf("send to %s failed\n", h->address);
+ (void)close(query_cctx.sock);
+ continue;
+ }
+
+ /* Read the response and close the socket. If the read fails, try the
+ next IP address. */
+
+ count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, time(NULL) + ob->timeout);
+ (void)close(query_cctx.sock);
+ if (count <= 0)
+ {
+ DEBUG(D_route) debug_printf("%s from %s\n", (errno == ETIMEDOUT)?
+ "timed out" : "recv failed", h->address);
+ *reply = 0;
+ continue;
+ }
+
+ /* Success; break the loop */
+
+ reply[count] = 0;
+ DEBUG(D_route) debug_printf("%s router received \"%s\" from %s\n",
+ rblock->name, string_printing(reply), h->address);
+ break;
+ }
+
+ /* If h == NULL we have tried all the IP addresses and failed on all of them,
+ so we must continue to try more host names. Otherwise we have succeeded. */
+
+ if (h) break;
+ }
+
+
+/* If hostname is NULL, we have failed to find any host, or failed to
+connect to any of the IP addresses, or timed out while reading or writing to
+those we have connected to. In all cases, we must pass if optional and
+defer otherwise. */
+
+if (hostname == NULL)
+ {
+ DEBUG(D_route) debug_printf("%s router failed to get anything\n", rblock->name);
+ if (ob->optional) return PASS;
+ addr->message = string_sprintf("%s router: failed to communicate with any "
+ "host", rblock->name);
+ return DEFER;
+ }
+
+
+/* If a response pattern was supplied, match the returned string against it. A
+failure to match causes the router to decline. After a successful match, the
+numerical variables for expanding the rerouted address are set up. */
+
+if (re != NULL)
+ {
+ if (!regex_match_and_setup(re, reply, 0, -1))
+ {
+ DEBUG(D_route) debug_printf("%s router: %s failed to match response %s\n",
+ rblock->name, ob->response_pattern, reply);
+ return DECLINE;
+ }
+ }
+
+
+/* If no response pattern was supplied, set up $0 as the response up to the
+first white space (if any). Also, if no query was specified, check that what
+follows the white space matches user@domain. */
+
+else
+ {
+ int n = 0;
+ while (reply[n] != 0 && !isspace(reply[n])) n++;
+ expand_nmax = 0;
+ expand_nstring[0] = reply;
+ expand_nlength[0] = n;
+
+ if (ob->query == NULL)
+ {
+ int nn = n;
+ while (isspace(reply[nn])) nn++;
+ if (Ustrcmp(query + query_len/2 + 1, reply+nn) != 0)
+ {
+ DEBUG(D_route) debug_printf("%s router: failed to match identification "
+ "in response %s\n", rblock->name, reply);
+ return DECLINE;
+ }
+ }
+
+ reply[n] = 0; /* Terminate for the default case */
+ }
+
+/* If an explicit rerouting string is specified, expand it. Otherwise, use
+what was sent back verbatim. */
+
+if (ob->reroute != NULL)
+ {
+ reroute = expand_string(ob->reroute);
+ expand_nmax = -1;
+ if (reroute == NULL)
+ {
+ addr->message = string_sprintf("%s router: failed to expand %s: %s",
+ rblock->name, ob->reroute, expand_string_message);
+ return DEFER;
+ }
+ }
+else reroute = reply;
+
+/* We should now have a new address in the form user@domain. */
+
+domain = Ustrchr(reroute, '@');
+if (domain == NULL)
+ {
+ log_write(0, LOG_MAIN, "%s router: reroute string %s is not of the form "
+ "user@domain", rblock->name, reroute);
+ addr->message = string_sprintf("%s router: reroute string %s is not of the "
+ "form user@domain", rblock->name, reroute);
+ return DEFER;
+ }
+
+/* Create a child address with the old one as parent. Put the new address on
+the chain of new addressess. */
+
+new_addr = deliver_make_addr(reroute, TRUE);
+new_addr->parent = addr;
+
+new_addr->prop = addr->prop;
+
+if (addr->child_count == USHRT_MAX)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
+ "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
+addr->child_count++;
+new_addr->next = *addr_new;
+*addr_new = new_addr;
+
+/* Set up the errors address, if any, and the additional and removable headers
+for this new address. */
+
+rc = rf_get_errors_address(addr, rblock, verify, &new_addr->prop.errors_address);
+if (rc != OK) return rc;
+
+rc = rf_get_munge_headers(addr, rblock, &new_addr->prop.extra_headers,
+ &new_addr->prop.remove_headers);
+if (rc != OK) return rc;
+
+return OK;
+}
+
+#endif /*!MACRO_PREDEF*/
+/* End of routers/iplookup.c */