X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8e669ac162fe3b1040297f1d021de10778dce9d9..184e88237dea64ce48076cdd0184612d057cbafd:/src/src/lookups/dnsdb.c?ds=sidebyside

diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index cdac6a47c..ab3bc430d 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -1,10 +1,10 @@
-/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.10 2005/02/17 11:58:27 ph10 Exp $ */
+/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.17 2007/01/08 10:50:19 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2007 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -31,6 +31,7 @@ static char *type_names[] = {
   #endif
 #endif
   "cname",
+  "csa",
   "mx",
   "mxh",
   "ns",
@@ -49,6 +50,7 @@ static int type_values[] = {
   #endif
 #endif
   T_CNAME,
+  T_CSA,     /* Private type for "Client SMTP Authorization". */
   T_MX,
   T_MXH,     /* Private type for "MX hostnames" */
   T_NS,
@@ -112,7 +114,7 @@ int defer_mode = PASS;
 int type = T_TXT;
 int failrc = FAIL;
 uschar *outsep = US"\n";
-uschar *equals, *domain;
+uschar *equals, *domain, *found;
 uschar buffer[256];
 
 /* Because we're the working in the search pool, we try to reclaim as much
@@ -219,7 +221,7 @@ remaining string is valid as an IP address, set an impossible separator so that
 it is treated as one item. */
 
 if (type == T_PTR && keystring[0] != '<' &&
-    string_is_ip_address(keystring, NULL) > 0)
+    string_is_ip_address(keystring, NULL) != 0)
   sep = -1;
 
 /* Now scan the list and do a lookup for each item */
@@ -228,15 +230,18 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
         != NULL)
   {
   uschar rbuffer[256];
-  int searchtype = (type == T_ZNS)? T_NS :          /* record type we want */
-                   (type == T_MXH)? T_MX : type;
-
-  /* If the type is PTR, we have to construct the relevant magic lookup key if
-  the original is an IP address (some experimental protocols are using PTR
-  records for different purposes where the key string is a host name). This
-  code for doing the reversal is now in a separate function. */
-
-  if (type == T_PTR && string_is_ip_address(domain, NULL) > 0)
+  int searchtype = (type == T_CSA)? T_SRV :         /* record type we want */
+                   (type == T_MXH)? T_MX :
+                   (type == T_ZNS)? T_NS : type;
+
+  /* If the type is PTR or CSA, we have to construct the relevant magic lookup
+  key if the original is an IP address (some experimental protocols are using
+  PTR records for different purposes where the key string is a host name, and
+  Exim's extended CSA can be keyed by domains or IP addresses). This code for
+  doing the reversal is now in a separate function. */
+
+  if ((type == T_PTR || type == T_CSA) &&
+      string_is_ip_address(domain, NULL) != 0)
     {
     dns_build_reverse(domain, rbuffer);
     domain = rbuffer;
@@ -244,15 +249,16 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
 
   DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
 
-  /* Do the lookup and sort out the result. There are two special types that
-  are handled specially: T_ZNS and T_MXH. The former is handled in a special
-  lookup function so that the facility could be used from other parts of the
-  Exim code. The latter affects only what happens later on in this function,
-  but for tidiness it is handled in a similar way. If the lookup fails,
-  continue with the next domain. In the case of DEFER, adjust the final
-  "nothing found" result, but carry on to the next domain. */
+  /* Do the lookup and sort out the result. There are three special types that
+  are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
+  a special lookup function so that the facility could be used from other
+  parts of the Exim code. The latter affects only what happens later on in
+  this function, but for tidiness it is handled in a similar way. If the
+  lookup fails, continue with the next domain. In the case of DEFER, adjust
+  the final "nothing found" result, but carry on to the next domain. */
 
-  rc = dns_special_lookup(&dnsa, domain, type, NULL);
+  found = domain;
+  rc = dns_special_lookup(&dnsa, domain, type, &found);
 
   if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
   if (rc != DNS_SUCCEED)
@@ -300,32 +306,63 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
       yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
         (rr->data)[0]);
       }
-    else   /* T_CNAME, T_MX, T_MXH, T_NS, T_SRV, T_PTR */
+    else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
       {
-      int num;
+      int priority, weight, port;
       uschar s[264];
       uschar *p = (uschar *)(rr->data);
 
       if (type == T_MXH)
         {
         /* mxh ignores the priority number and includes only the hostnames */
-        GETSHORT(num, p);            /* pointer is advanced */
+        GETSHORT(priority, p);
         }
       else if (type == T_MX)
         {
-        GETSHORT(num, p);            /* pointer is advanced */
-        sprintf(CS s, "%d ", num);
+        GETSHORT(priority, p);
+        sprintf(CS s, "%d ", priority);
         yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
         }
       else if (type == T_SRV)
         {
-        int weight, port;
-        GETSHORT(num, p);            /* pointer is advanced */
+        GETSHORT(priority, p);
         GETSHORT(weight, p);
         GETSHORT(port, p);
-        sprintf(CS s, "%d %d %d ", num, weight, port);
+        sprintf(CS s, "%d %d %d ", priority, weight, port);
         yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
         }
+      else if (type == T_CSA)
+        {
+        /* See acl_verify_csa() for more comments about CSA. */
+
+        GETSHORT(priority, p);
+        GETSHORT(weight, p);
+        GETSHORT(port, p);
+
+        if (priority != 1) continue;      /* CSA version must be 1 */
+
+        /* If the CSA record we found is not the one we asked for, analyse
+        the subdomain assertions in the port field, else analyse the direct
+        authorization status in the weight field. */
+
+        if (found != domain)
+          {
+          if (port & 1) *s = 'X';         /* explicit authorization required */
+          else *s = '?';                  /* no subdomain assertions here */
+          }
+        else
+          {
+          if (weight < 2) *s = 'N';       /* not authorized */
+          else if (weight == 2) *s = 'Y'; /* authorized */
+          else if (weight == 3) *s = '?'; /* unauthorizable */
+          else continue;                  /* invalid */
+          }
+
+        s[1] = ' ';
+        yield = string_cat(yield, &size, &ptr, s, 2);
+        }
+
+      /* GETSHORT() has advanced the pointer to the target domain. */
 
       rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
         (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));