git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' of ssh://git.exim.org/home/git/exim
[exim.git]
/
src
/
src
/
host.c
diff --git
a/src/src/host.c
b/src/src/host.c
index 495a44d58a545b3a2a98372816ecd36984393036..a59c4381b9c45160360a32af25b91baa99e9ef3c 100644
(file)
--- a/
src/src/host.c
+++ b/
src/src/host.c
@@
-220,6
+220,8
@@
else
int rc = dns_lookup(&dnsa, lname, type, NULL);
int count = 0;
int rc = dns_lookup(&dnsa, lname, type, NULL);
int count = 0;
+ lookup_dnssec_authenticated = NULL;
+
switch(rc)
{
case DNS_SUCCEED: break;
switch(rc)
{
case DNS_SUCCEED: break;
@@
-1622,7
+1624,7
@@
while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
{
if (strcmpic(ordername, US"bydns") == 0)
{
{
if (strcmpic(ordername, US"bydns") == 0)
{
- dns_init(FALSE, FALSE, FALSE);
/*XXX dnssec?
*/
+ dns_init(FALSE, FALSE, FALSE);
/* dnssec ctrl by dns_dnssec_ok glbl
*/
dns_build_reverse(sender_host_address, buffer);
rc = dns_lookup(&dnsa, buffer, T_PTR, NULL);
dns_build_reverse(sender_host_address, buffer);
rc = dns_lookup(&dnsa, buffer, T_PTR, NULL);
@@
-2063,6
+2065,7
@@
for (i = 1; i <= times;
host->port = PORT_NONE;
host->status = hstatus_unknown;
host->why = hwhy_unknown;
host->port = PORT_NONE;
host->status = hstatus_unknown;
host->why = hwhy_unknown;
+ host->dnssec = DS_UNK;
last = host;
}
last = host;
}
@@
-2078,6
+2081,7
@@
for (i = 1; i <= times;
next->port = PORT_NONE;
next->status = hstatus_unknown;
next->why = hwhy_unknown;
next->port = PORT_NONE;
next->status = hstatus_unknown;
next->why = hwhy_unknown;
+ next->dnssec = DS_UNK;
next->last_try = 0;
next->next = last->next;
last->next = next;
next->last_try = 0;
next->next = last->next;
last->next = next;
@@
-2207,7
+2211,7
@@
Returns: HOST_FIND_FAILED couldn't find A record
static int
set_address_from_dns(host_item *host, host_item **lastptr,
uschar *ignore_target_hosts, BOOL allow_ip, uschar **fully_qualified_name,
static int
set_address_from_dns(host_item *host, host_item **lastptr,
uschar *ignore_target_hosts, BOOL allow_ip, uschar **fully_qualified_name,
- BOOL dnssec_require)
+ BOOL dnssec_requ
ested, BOOL dnssec_requ
ire)
{
dns_record *rr;
host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
{
dns_record *rr;
host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
@@
-2268,6
+2272,8
@@
for (; i >= 0; i--)
dns_scan dnss;
int rc = dns_lookup(&dnsa, host->name, type, fully_qualified_name);
dns_scan dnss;
int rc = dns_lookup(&dnsa, host->name, type, fully_qualified_name);
+ lookup_dnssec_authenticated = !dnssec_requested ? NULL
+ : dns_is_secure(&dnsa) ? US"yes" : US"no";
/* We want to return HOST_FIND_AGAIN if one of the A, A6, or AAAA lookups
fails or times out, but not if another one succeeds. (In the early
/* We want to return HOST_FIND_AGAIN if one of the A, A6, or AAAA lookups
fails or times out, but not if another one succeeds. (In the early
@@
-2471,10
+2477,12
@@
int ind_type = 0;
int yield;
dns_answer dnsa;
dns_scan dnss;
int yield;
dns_answer dnsa;
dns_scan dnss;
-BOOL dnssec_request = match_isinlist(host->name, &dnssec_request_domains,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_require = match_isinlist(host->name, &dnssec_require_domains,
0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_require = match_isinlist(host->name, &dnssec_require_domains,
0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+BOOL dnssec_request = dnssec_require
+ || match_isinlist(host->name, &dnssec_request_domains,
+ 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
resolver if necessary, set up the relevant options, and initialize the flag
/* Set the default fully qualified name to the incoming name, initialize the
resolver if necessary, set up the relevant options, and initialize the flag
@@
-2483,7
+2491,7
@@
that gets set for DNS syntax check errors. */
if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
(whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
(whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
- dnssec_request
|| dnssec_require
+ dnssec_request
);
host_find_failed_syntax = FALSE;
);
host_find_failed_syntax = FALSE;
@@
-2505,7
+2513,18
@@
if ((whichrrs & HOST_FIND_BY_SRV) != 0)
the input name, pass back the new original domain, without the prepended
magic. */
the input name, pass back the new original domain, without the prepended
magic. */
+ dnssec = DS_UNK;
+ lookup_dnssec_authenticated = NULL;
rc = dns_lookup(&dnsa, buffer, ind_type, &temp_fully_qualified_name);
rc = dns_lookup(&dnsa, buffer, ind_type, &temp_fully_qualified_name);
+
+ if (dnssec_request)
+ {
+ if (dns_is_secure(&dnsa))
+ { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
+ else
+ { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
+ }
+
if (temp_fully_qualified_name != buffer && fully_qualified_name != NULL)
*fully_qualified_name = temp_fully_qualified_name + prefix_length;
if (temp_fully_qualified_name != buffer && fully_qualified_name != NULL)
*fully_qualified_name = temp_fully_qualified_name + prefix_length;
@@
-2540,7
+2559,18
@@
listed as one for which we continue. */
if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0)
{
ind_type = T_MX;
if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0)
{
ind_type = T_MX;
+ dnssec = DS_UNK;
+ lookup_dnssec_authenticated = NULL;
rc = dns_lookup(&dnsa, host->name, ind_type, fully_qualified_name);
rc = dns_lookup(&dnsa, host->name, ind_type, fully_qualified_name);
+
+ if (dnssec_request)
+ {
+ if (dns_is_secure(&dnsa))
+ { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
+ else
+ { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
+ }
+
switch (rc)
{
case DNS_NOMATCH:
switch (rc)
{
case DNS_NOMATCH:
@@
-2583,8
+2613,18
@@
if (rc != DNS_SUCCEED)
last = host; /* End of local chainlet */
host->mx = MX_NONE;
host->port = PORT_NONE;
last = host; /* End of local chainlet */
host->mx = MX_NONE;
host->port = PORT_NONE;
+ dnssec = DS_UNK;
+ lookup_dnssec_authenticated = NULL;
rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
- fully_qualified_name, dnssec_require);
+ fully_qualified_name, dnssec_request, dnssec_require);
+
+ if (dnssec_request)
+ {
+ if (dns_is_secure(&dnsa))
+ { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
+ else
+ { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
+ }
/* If one or more address records have been found, check that none of them
are local. Since we know the host items all have their IP addresses
/* If one or more address records have been found, check that none of them
are local. Since we know the host items all have their IP addresses
@@
-2655,9
+2695,7
@@
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
the same precedence to sort randomly. */
if (ind_type == T_MX)
the same precedence to sort randomly. */
if (ind_type == T_MX)
- {
weight = random_number(500);
weight = random_number(500);
- }
/* SRV records are specified with a port and a weight. The weight is used
in a special algorithm. However, to start with, we just use it to order the
/* SRV records are specified with a port and a weight. The weight is used
in a special algorithm. However, to start with, we just use it to order the
@@
-2721,6
+2759,7
@@
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
host->sort_key = precedence * 1000 + weight;
host->status = hstatus_unknown;
host->why = hwhy_unknown;
host->sort_key = precedence * 1000 + weight;
host->status = hstatus_unknown;
host->why = hwhy_unknown;
+ host->dnssec = dnssec;
last = host;
}
last = host;
}
@@
-2737,6
+2776,7
@@
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
next->sort_key = sort_key;
next->status = hstatus_unknown;
next->why = hwhy_unknown;
next->sort_key = sort_key;
next->status = hstatus_unknown;
next->why = hwhy_unknown;
+ next->dnssec = dnssec;
next->last_try = 0;
/* Handle the case when we have to insert before the first item. */
next->last_try = 0;
/* Handle the case when we have to insert before the first item. */
@@
-2914,7
+2954,7
@@
for (h = host; h != last->next; h = h->next)
{
if (h->address != NULL) continue; /* Inserted by a multihomed host */
rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
{
if (h->address != NULL) continue; /* Inserted by a multihomed host */
rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
- NULL, dnssec_require);
+ NULL, dnssec_requ
est, dnssec_requ
ire);
if (rc != HOST_FOUND)
{
h->status = hstatus_unusable;
if (rc != HOST_FOUND)
{
h->status = hstatus_unusable;