[exim-cvs] Logging: TLSA lookups should honor slow_lookup_lo…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Logging: TLSA lookups should honor slow_lookup_log
Gitweb: https://git.exim.org/exim.git/commitdiff/30795c5e77e21e90f3c695e6274bc9b4a9b68900
Commit:     30795c5e77e21e90f3c695e6274bc9b4a9b68900
Parent:     bf24ce50fb71af514759f32ed05d1634626962fd
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Nov 1 12:42:44 2019 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Nov 1 22:23:23 2019 +0000


    Logging: TLSA lookups should honor slow_lookup_log
---
 src/src/host.c            | 79 +++++++++++++++++++++++++++++++++++++++++++++--
 src/src/transports/smtp.c | 71 ------------------------------------------
 test/stderr/0606          |  2 +-
 3 files changed, 77 insertions(+), 75 deletions(-)


diff --git a/src/src/host.c b/src/src/host.c
index 3c2b8b3..aa142eb 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -138,7 +138,7 @@ if (!slow_lookup_log)
time_msec = get_time_in_ms();
retval = dns_lookup(dnsa, name, type, fully_qualified_name);
if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
- log_long_lookup(US"name", name, time_msec);
+ log_long_lookup(dns_text_type(type), name, time_msec);
return retval;
} 

@@ -1546,7 +1546,7 @@ hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
 if (  slow_lookup_log
    && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
    )
-  log_long_lookup(US"name", sender_host_address, time_msec);
+  log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);


/* Failed to look up the host. */

@@ -2032,7 +2032,7 @@ for (int i = 1; i <= times; 

   if (   slow_lookup_log
       && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
-    log_long_lookup(US"name", host->name, time_msec);
+    log_long_lookup(US"gethostbyname", host->name, time_msec);


   if (hostdata == NULL)
     {
@@ -3154,6 +3154,79 @@ dns_init(FALSE, FALSE, FALSE);    /* clear the dnssec bit for getaddrbyname */
 return yield;
 }


+
+
+
+#ifdef SUPPORT_DANE
+/* Lookup TLSA record for host/port.
+Return:  OK        success with dnssec; DANE mode
+         DEFER        Do not use this host now, may retry later
+     FAIL_FORCED    No TLSA record; DANE not usable
+     FAIL        Do not use this connection
+*/
+
+int
+tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
+{
+uschar buffer[300];
+const uschar * fullname = buffer;
+int rc;
+BOOL sec;
+
+/* TLSA lookup string */
+(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
+
+rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
+sec = dns_is_secure(dnsa);
+DEBUG(D_transport)
+  debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
+
+switch (rc)
+  {
+  case DNS_AGAIN:
+    return DEFER; /* just defer this TLS'd conn */
+
+  case DNS_SUCCEED:
+    if (sec)
+      {
+      DEBUG(D_transport)
+    {
+    dns_scan dnss;
+    for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+         rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
+      if (rr->type == T_TLSA && rr->size > 3)
+        {
+        uint16_t payload_length = rr->size - 3;
+        uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
+
+        sp += sprintf(CS sp, "%d ", *p++); /* usage */
+        sp += sprintf(CS sp, "%d ", *p++); /* selector */
+        sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
+        while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
+          sp += sprintf(CS sp, "%02x", *p++);
+
+        debug_printf(" %s\n", s);
+        }
+    }
+      return OK;
+      }
+    log_write(0, LOG_MAIN,
+      "DANE error: TLSA lookup for %s not DNSSEC", host->name);
+    /*FALLTRHOUGH*/
+
+  case DNS_NODATA:    /* no TLSA RR for this lookup */
+  case DNS_NOMATCH:    /* no records at all for this lookup */
+    return dane_required ? FAIL : FAIL_FORCED;
+
+  default:
+  case DNS_FAIL:
+    return dane_required ? FAIL : DEFER;
+  }
+}
+#endif    /*SUPPORT_DANE*/
+
+
+
 /*************************************************
 **************************************************
 *             Stand-alone test program           *
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index bf81915..9f86033 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1613,77 +1613,6 @@ return FALSE;




-#ifdef SUPPORT_DANE
-/* Lookup TLSA record for host/port.
-Return:  OK        success with dnssec; DANE mode
-         DEFER        Do not use this host now, may retry later
-     FAIL_FORCED    No TLSA record; DANE not usable
-     FAIL        Do not use this connection
-*/
-
-int
-tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
-{
-/* move this out to host.c given the similarity to dns_lookup() ? */
-uschar buffer[300];
-const uschar * fullname = buffer;
-int rc;
-BOOL sec;
-
-/* TLSA lookup string */
-(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
-
-rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
-sec = dns_is_secure(dnsa);
-DEBUG(D_transport)
-  debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
-
-switch (rc)
-  {
-  case DNS_AGAIN:
-    return DEFER; /* just defer this TLS'd conn */
-
-  case DNS_SUCCEED:
-    if (sec)
-      {
-      DEBUG(D_transport)
-    {
-    dns_scan dnss;
-    for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
-         rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
-      if (rr->type == T_TLSA && rr->size > 3)
-        {
-        uint16_t payload_length = rr->size - 3;
-        uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
-
-        sp += sprintf(CS sp, "%d ", *p++); /* usage */
-        sp += sprintf(CS sp, "%d ", *p++); /* selector */
-        sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
-        while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
-          sp += sprintf(CS sp, "%02x", *p++);
-
-        debug_printf(" %s\n", s);
-        }
-    }
-      return OK;
-      }
-    log_write(0, LOG_MAIN,
-      "DANE error: TLSA lookup for %s not DNSSEC", host->name);
-    /*FALLTRHOUGH*/
-
-  case DNS_NODATA:    /* no TLSA RR for this lookup */
-  case DNS_NOMATCH:    /* no records at all for this lookup */
-    return dane_required ? FAIL : FAIL_FORCED;
-
-  default:
-  case DNS_FAIL:
-    return dane_required ? FAIL : DEFER;
-  }
-}
-#endif
-
-
-
 typedef struct smtp_compare_s
 {
     uschar                          *current_sender_address;
diff --git a/test/stderr/0606 b/test/stderr/0606
index ca6a3b3..cc24461 100644
--- a/test/stderr/0606
+++ b/test/stderr/0606
@@ -13,7 +13,7 @@

>>> routing should_log@???
>>> calling all router
>>> delay1500.test.ex in "*"? yes (matched "*")
-LOG: Long name lookup for 'delay1500.test.ex': ssss msec
+LOG: Long A lookup for 'delay1500.test.ex': ssss msec
>>> local host found for non-MX address
>>> routed by all router
>>> ----------- end verify ------------

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] Testsuite: PIDs can now use more than 5 digits[exim-cvs] ARC: relax restriction on building without SPF->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)