* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2014 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
header files. */
#ifndef T_TXT
-#define T_TXT 16
+# define T_TXT 16
#endif
/* Many systems do not have T_SPF. */
#ifndef T_SPF
-#define T_SPF 99
+# define T_SPF 99
#endif
/* New TLSA record for DANE */
#ifndef T_TLSA
-#define T_TLSA 52
+# define T_TLSA 52
#endif
/* Table of recognized DNS record types and their integer values. */
"mxh",
"ns",
"ptr",
+ "soa",
"spf",
"srv",
"tlsa",
T_MXH, /* Private type for "MX hostnames" */
T_NS,
T_PTR,
+ T_SOA,
T_SPF,
T_SRV,
T_TLSA,
static int
dnsdb_find(void *handle, uschar *filename, const uschar *keystring, int length,
- uschar **result, uschar **errmsg, BOOL *do_cache)
+ uschar **result, uschar **errmsg, uint *do_cache)
{
int rc;
-int size = 256;
-int ptr = 0;
int sep = 0;
int defer_mode = PASS;
int dnssec_mode = OK;
const uschar *outsep2 = NULL;
uschar *equals, *domain, *found;
-/* Because we're the working in the search pool, we try to reclaim as much
+/* Because we're working in the search pool, we try to reclaim as much
store as possible later, so we preallocate the result here */
-uschar *yield = store_get(size);
+gstring * yield = string_get(256);
dns_record *rr;
dns_answer dnsa;
else if (strncmpic(keystring, US"retry_", 6) == 0)
{
int retries;
- if ((retries = (int)strtol(keystring + 6, CSS &keystring, 0)) < 0)
+ if ((retries = (int)strtol(CCS keystring + 6, CSS &keystring, 0)) < 0)
{
*errmsg = US"unsupported dnsdb retry count";
return DEFER;
while (tend > keystring && isspace(tend[-1])) tend--;
len = tend - keystring;
- for (i = 0; i < sizeof(type_names)/sizeof(uschar *); i++)
- {
+ for (i = 0; i < nelem(type_names); i++)
if (len == Ustrlen(type_names[i]) &&
strncmpic(keystring, US type_names[i], len) == 0)
{
type = type_values[i];
break;
}
- }
- if (i >= sizeof(type_names)/sizeof(uschar *))
+ if (i >= nelem(type_names))
{
*errmsg = US"unsupported DNS record type";
return DEFER;
/* Search the returned records */
- for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
- rr != NULL;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr;
+ rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == searchtype)
{
- if (rr->type != searchtype) continue;
-
- /* There may be several addresses from an A6 record. Put the configured
- separator between them, just as for between several records. However, A6
- support is not normally configured these days. */
+ if (*do_cache > rr->ttl)
+ *do_cache = rr->ttl;
if (type == T_A || type == T_AAAA || type == T_ADDRESSES)
{
dns_address *da;
- for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
+ for (da = dns_address_from_rr(&dnsa, rr); da; da = da->next)
{
- if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
- yield = string_cat(yield, &size, &ptr, da->address,
- Ustrlen(da->address));
+ if (yield->ptr) yield = string_catn(yield, outsep, 1);
+ yield = string_cat(yield, da->address);
}
continue;
}
/* Other kinds of record just have one piece of data each, but there may be
several of them, of course. */
- if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
+ if (yield->ptr) yield = string_catn(yield, outsep, 1);
if (type == T_TXT || type == T_SPF)
{
- if (outsep2 == NULL)
- {
- /* output only the first item of data */
- yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
- (rr->data)[0]);
- }
+ if (outsep2 == NULL) /* output only the first item of data */
+ yield = string_catn(yield, US (rr->data+1), (rr->data)[0]);
else
{
/* output all items */
{
uschar chunk_len = (rr->data)[data_offset++];
if (outsep2[0] != '\0' && data_offset != 1)
- yield = string_cat(yield, &size, &ptr, outsep2, 1);
- yield = string_cat(yield, &size, &ptr,
- (uschar *)((rr->data)+data_offset), chunk_len);
+ yield = string_catn(yield, outsep2, 1);
+ yield = string_catn(yield, US ((rr->data)+data_offset), chunk_len);
data_offset += chunk_len;
}
}
uint16_t i, payload_length;
uschar s[MAX_TLSA_EXPANDED_SIZE];
uschar * sp = s;
- uschar *p = (uschar *)(rr->data);
+ uschar * p = US rr->data;
usage = *p++;
selector = *p++;
for (i=0;
i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4);
i++)
- {
sp += sprintf(CS sp, "%02x", (unsigned char)p[i]);
- }
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+
+ yield = string_cat(yield, s);
}
- else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
+ else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SOA, T_SRV */
{
int priority, weight, port;
uschar s[264];
- uschar *p = (uschar *)(rr->data);
-
- if (type == T_MXH)
- {
- /* mxh ignores the priority number and includes only the hostnames */
- GETSHORT(priority, p);
- }
- else if (type == T_MX)
- {
- GETSHORT(priority, p);
- sprintf(CS s, "%d%c", priority, *outsep2);
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
- }
- else if (type == T_SRV)
- {
- GETSHORT(priority, p);
- GETSHORT(weight, p);
- GETSHORT(port, p);
- sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2,
- weight, *outsep2, port, *outsep2);
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
- }
- else if (type == T_CSA)
- {
- /* See acl_verify_csa() for more comments about CSA. */
-
- GETSHORT(priority, p);
- GETSHORT(weight, p);
- GETSHORT(port, p);
-
- if (priority != 1) continue; /* CSA version must be 1 */
-
- /* If the CSA record we found is not the one we asked for, analyse
- the subdomain assertions in the port field, else analyse the direct
- authorization status in the weight field. */
-
- if (Ustrcmp(found, domain) != 0)
- {
- if (port & 1) *s = 'X'; /* explicit authorization required */
- else *s = '?'; /* no subdomain assertions here */
- }
- else
- {
- if (weight < 2) *s = 'N'; /* not authorized */
- else if (weight == 2) *s = 'Y'; /* authorized */
- else if (weight == 3) *s = '?'; /* unauthorizable */
- else continue; /* invalid */
- }
-
- s[1] = ' ';
- yield = string_cat(yield, &size, &ptr, s, 2);
- }
+ uschar * p = US rr->data;
+
+ switch (type)
+ {
+ case T_MXH:
+ /* mxh ignores the priority number and includes only the hostnames */
+ GETSHORT(priority, p);
+ break;
+
+ case T_MX:
+ GETSHORT(priority, p);
+ sprintf(CS s, "%d%c", priority, *outsep2);
+ yield = string_cat(yield, s);
+ break;
+
+ case T_SRV:
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+ sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2,
+ weight, *outsep2, port, *outsep2);
+ yield = string_cat(yield, s);
+ break;
+
+ case T_CSA:
+ /* See acl_verify_csa() for more comments about CSA. */
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+
+ if (priority != 1) continue; /* CSA version must be 1 */
+
+ /* If the CSA record we found is not the one we asked for, analyse
+ the subdomain assertions in the port field, else analyse the direct
+ authorization status in the weight field. */
+
+ if (Ustrcmp(found, domain) != 0)
+ {
+ if (port & 1) *s = 'X'; /* explicit authorization required */
+ else *s = '?'; /* no subdomain assertions here */
+ }
+ else
+ {
+ if (weight < 2) *s = 'N'; /* not authorized */
+ else if (weight == 2) *s = 'Y'; /* authorized */
+ else if (weight == 3) *s = '?'; /* unauthorizable */
+ else continue; /* invalid */
+ }
+
+ s[1] = ' ';
+ yield = string_catn(yield, s, 2);
+ break;
+
+ default:
+ break;
+ }
/* GETSHORT() has advanced the pointer to the target domain. */
rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
- (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));
+ (DN_EXPAND_ARG4_TYPE)s, sizeof(s));
/* If an overlong response was received, the data will have been
truncated and dn_expand may fail. */
"domain=%s", dns_text_type(type), domain);
break;
}
- else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ else yield = string_cat(yield, s);
+
+ if (type == T_SOA && outsep2 != NULL)
+ {
+ unsigned long serial, refresh, retry, expire, minimum;
+
+ p += rc;
+ yield = string_catn(yield, outsep2, 1);
+
+ rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
+ (DN_EXPAND_ARG4_TYPE)s, sizeof(s));
+ if (rc < 0)
+ {
+ log_write(0, LOG_MAIN, "responsible-mailbox truncated: type=%s "
+ "domain=%s", dns_text_type(type), domain);
+ break;
+ }
+ else yield = string_cat(yield, s);
+
+ p += rc;
+ GETLONG(serial, p); GETLONG(refresh, p);
+ GETLONG(retry, p); GETLONG(expire, p); GETLONG(minimum, p);
+ sprintf(CS s, "%c%lu%c%lu%c%lu%c%lu%c%lu",
+ *outsep2, serial, *outsep2, refresh,
+ *outsep2, retry, *outsep2, expire, *outsep2, minimum);
+ yield = string_cat(yield, s);
+ }
}
} /* Loop for list of returned records */
- /* Loop for set of A-lookupu types */
+ /* Loop for set of A-lookup types */
} while (type == T_ADDRESSES && searchtype != T_A);
} /* Loop for list of domains */
/* Reclaim unused memory */
-store_reset(yield + ptr + 1);
+store_reset(yield->s + yield->ptr + 1);
-/* If ptr == 0 we have not found anything. Otherwise, insert the terminating
+/* If yield NULL we have not found anything. Otherwise, insert the terminating
zero and return the result. */
dns_retrans = save_retrans;
dns_retry = save_retry;
dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
-if (ptr == 0) return failrc;
-yield[ptr] = 0;
-*result = yield;
+if (!yield || !yield->ptr) return failrc;
+
+*result = string_from_gstring(yield);
return OK;
}