X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8e669ac162fe3b1040297f1d021de10778dce9d9..0d0c6357ebfc93f3119d2118dbeb62a8ad50c678:/src/src/lookups/dnsdb.c

diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index cdac6a47c..89ad67d28 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -1,10 +1,10 @@
-/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.10 2005/02/17 11:58:27 ph10 Exp $ */
+/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.20 2010/05/29 19:23:26 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -31,6 +31,7 @@ static char *type_names[] = {
   #endif
 #endif
   "cname",
+  "csa",
   "mx",
   "mxh",
   "ns",
@@ -49,6 +50,7 @@ static int type_values[] = {
   #endif
 #endif
   T_CNAME,
+  T_CSA,     /* Private type for "Client SMTP Authorization". */
   T_MX,
   T_MXH,     /* Private type for "MX hostnames" */
   T_NS,
@@ -86,17 +88,23 @@ consist of a number of parts.
 separator character that is used when multiple records are found. The default
 separator is newline.
 
-(b) If the next sequence of characters is 'defer_FOO' followed by a comma,
+(b) If the next character is ',' then the next character is the separator
+character used for multiple items of text in "TXT" records. Alternatively,
+if the next character is ';' then these multiple items are concatenated with
+no separator. With neither of these options specified, only the first item
+is output.
+
+(c) If the next sequence of characters is 'defer_FOO' followed by a comma,
 the defer behaviour is set to FOO. The possible behaviours are: 'strict', where
 any defer causes the whole lookup to defer; 'lax', where a defer causes the
 whole lookup to defer only if none of the DNS queries succeeds; and 'never',
 where all defers are as if the lookup failed. The default is 'lax'.
 
-(c) If the next sequence of characters is a sequence of letters and digits
+(d) If the next sequence of characters is a sequence of letters and digits
 followed by '=', it is interpreted as the name of the DNS record type. The
 default is "TXT".
 
-(d) Then there follows list of domain names. This is a generalized Exim list,
+(e) Then there follows list of domain names. This is a generalized Exim list,
 which may start with '<' in order to set a specific separator. The default
 separator, as always, is colon. */
 
@@ -112,7 +120,8 @@ int defer_mode = PASS;
 int type = T_TXT;
 int failrc = FAIL;
 uschar *outsep = US"\n";
-uschar *equals, *domain;
+uschar *outsep2 = NULL;
+uschar *equals, *domain, *found;
 uschar buffer[256];
 
 /* Because we're the working in the search pool, we try to reclaim as much
@@ -129,13 +138,24 @@ filename = filename;
 length = length;
 do_cache = do_cache;
 
-/* If the string starts with '>' we change the output separator */
+/* If the string starts with '>' we change the output separator.
+If it's followed by ';' or ',' we set the TXT output separator. */
 
 while (isspace(*keystring)) keystring++;
 if (*keystring == '>')
   {
   outsep = keystring + 1;
   keystring += 2;
+  if (*keystring == ',')
+    {
+    outsep2 = keystring + 1;
+    keystring += 2;
+    }
+  else if (*keystring == ';')
+    {
+    outsep2 = US"";
+    keystring++;
+    }
   while (isspace(*keystring)) keystring++;
   }
 
@@ -219,7 +239,7 @@ remaining string is valid as an IP address, set an impossible separator so that
 it is treated as one item. */
 
 if (type == T_PTR && keystring[0] != '<' &&
-    string_is_ip_address(keystring, NULL) > 0)
+    string_is_ip_address(keystring, NULL) != 0)
   sep = -1;
 
 /* Now scan the list and do a lookup for each item */
@@ -228,15 +248,18 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
         != NULL)
   {
   uschar rbuffer[256];
-  int searchtype = (type == T_ZNS)? T_NS :          /* record type we want */
-                   (type == T_MXH)? T_MX : type;
-
-  /* If the type is PTR, we have to construct the relevant magic lookup key if
-  the original is an IP address (some experimental protocols are using PTR
-  records for different purposes where the key string is a host name). This
-  code for doing the reversal is now in a separate function. */
-
-  if (type == T_PTR && string_is_ip_address(domain, NULL) > 0)
+  int searchtype = (type == T_CSA)? T_SRV :         /* record type we want */
+                   (type == T_MXH)? T_MX :
+                   (type == T_ZNS)? T_NS : type;
+
+  /* If the type is PTR or CSA, we have to construct the relevant magic lookup
+  key if the original is an IP address (some experimental protocols are using
+  PTR records for different purposes where the key string is a host name, and
+  Exim's extended CSA can be keyed by domains or IP addresses). This code for
+  doing the reversal is now in a separate function. */
+
+  if ((type == T_PTR || type == T_CSA) &&
+      string_is_ip_address(domain, NULL) != 0)
     {
     dns_build_reverse(domain, rbuffer);
     domain = rbuffer;
@@ -244,15 +267,16 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
 
   DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
 
-  /* Do the lookup and sort out the result. There are two special types that
-  are handled specially: T_ZNS and T_MXH. The former is handled in a special
-  lookup function so that the facility could be used from other parts of the
-  Exim code. The latter affects only what happens later on in this function,
-  but for tidiness it is handled in a similar way. If the lookup fails,
-  continue with the next domain. In the case of DEFER, adjust the final
-  "nothing found" result, but carry on to the next domain. */
+  /* Do the lookup and sort out the result. There are three special types that
+  are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
+  a special lookup function so that the facility could be used from other
+  parts of the Exim code. The latter affects only what happens later on in
+  this function, but for tidiness it is handled in a similar way. If the
+  lookup fails, continue with the next domain. In the case of DEFER, adjust
+  the final "nothing found" result, but carry on to the next domain. */
 
-  rc = dns_special_lookup(&dnsa, domain, type, NULL);
+  found = domain;
+  rc = dns_special_lookup(&dnsa, domain, type, &found);
 
   if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
   if (rc != DNS_SUCCEED)
@@ -297,35 +321,84 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
 
     if (type == T_TXT)
       {
-      yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
-        (rr->data)[0]);
+      if (outsep2 == NULL)
+        {
+        /* output only the first item of data */
+        yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
+          (rr->data)[0]);
+        }
+      else
+        {
+        /* output all items */
+        int data_offset = 0;
+        while (data_offset < rr->size)
+          {
+          uschar chunk_len = (rr->data)[data_offset++];
+          if (outsep2[0] != '\0' && data_offset != 1)
+            yield = string_cat(yield, &size, &ptr, outsep2, 1);
+          yield = string_cat(yield, &size, &ptr,
+                             (uschar *)((rr->data)+data_offset), chunk_len);
+          data_offset += chunk_len;
+          }
+        }
       }
-    else   /* T_CNAME, T_MX, T_MXH, T_NS, T_SRV, T_PTR */
+    else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
       {
-      int num;
+      int priority, weight, port;
       uschar s[264];
       uschar *p = (uschar *)(rr->data);
 
       if (type == T_MXH)
         {
         /* mxh ignores the priority number and includes only the hostnames */
-        GETSHORT(num, p);            /* pointer is advanced */
+        GETSHORT(priority, p);
         }
       else if (type == T_MX)
         {
-        GETSHORT(num, p);            /* pointer is advanced */
-        sprintf(CS s, "%d ", num);
+        GETSHORT(priority, p);
+        sprintf(CS s, "%d ", priority);
         yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
         }
       else if (type == T_SRV)
         {
-        int weight, port;
-        GETSHORT(num, p);            /* pointer is advanced */
+        GETSHORT(priority, p);
         GETSHORT(weight, p);
         GETSHORT(port, p);
-        sprintf(CS s, "%d %d %d ", num, weight, port);
+        sprintf(CS s, "%d %d %d ", priority, weight, port);
         yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
         }
+      else if (type == T_CSA)
+        {
+        /* See acl_verify_csa() for more comments about CSA. */
+
+        GETSHORT(priority, p);
+        GETSHORT(weight, p);
+        GETSHORT(port, p);
+
+        if (priority != 1) continue;      /* CSA version must be 1 */
+
+        /* If the CSA record we found is not the one we asked for, analyse
+        the subdomain assertions in the port field, else analyse the direct
+        authorization status in the weight field. */
+
+        if (found != domain)
+          {
+          if (port & 1) *s = 'X';         /* explicit authorization required */
+          else *s = '?';                  /* no subdomain assertions here */
+          }
+        else
+          {
+          if (weight < 2) *s = 'N';       /* not authorized */
+          else if (weight == 2) *s = 'Y'; /* authorized */
+          else if (weight == 3) *s = '?'; /* unauthorizable */
+          else continue;                  /* invalid */
+          }
+
+        s[1] = ' ';
+        yield = string_cat(yield, &size, &ptr, s, 2);
+        }
+
+      /* GETSHORT() has advanced the pointer to the target domain. */
 
       rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
         (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));