-/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.10 2005/02/17 11:58:27 ph10 Exp $ */
+/* $Cambridge: exim/src/src/lookups/dnsdb.c,v 1.17.2.1 2009/04/30 08:21:30 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2007 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
#endif
#endif
"cname",
+ "csa",
"mx",
"mxh",
"ns",
#endif
#endif
T_CNAME,
+ T_CSA, /* Private type for "Client SMTP Authorization". */
T_MX,
T_MXH, /* Private type for "MX hostnames" */
T_NS,
int type = T_TXT;
int failrc = FAIL;
uschar *outsep = US"\n";
-uschar *equals, *domain;
+uschar *equals, *domain, *found;
uschar buffer[256];
/* Because we're the working in the search pool, we try to reclaim as much
it is treated as one item. */
if (type == T_PTR && keystring[0] != '<' &&
- string_is_ip_address(keystring, NULL) > 0)
+ string_is_ip_address(keystring, NULL) != 0)
sep = -1;
/* Now scan the list and do a lookup for each item */
!= NULL)
{
uschar rbuffer[256];
- int searchtype = (type == T_ZNS)? T_NS : /* record type we want */
- (type == T_MXH)? T_MX : type;
-
- /* If the type is PTR, we have to construct the relevant magic lookup key if
- the original is an IP address (some experimental protocols are using PTR
- records for different purposes where the key string is a host name). This
- code for doing the reversal is now in a separate function. */
-
- if (type == T_PTR && string_is_ip_address(domain, NULL) > 0)
+ int searchtype = (type == T_CSA)? T_SRV : /* record type we want */
+ (type == T_MXH)? T_MX :
+ (type == T_ZNS)? T_NS : type;
+
+ /* If the type is PTR or CSA, we have to construct the relevant magic lookup
+ key if the original is an IP address (some experimental protocols are using
+ PTR records for different purposes where the key string is a host name, and
+ Exim's extended CSA can be keyed by domains or IP addresses). This code for
+ doing the reversal is now in a separate function. */
+
+ if ((type == T_PTR || type == T_CSA) &&
+ string_is_ip_address(domain, NULL) != 0)
{
dns_build_reverse(domain, rbuffer);
domain = rbuffer;
DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
- /* Do the lookup and sort out the result. There are two special types that
- are handled specially: T_ZNS and T_MXH. The former is handled in a special
- lookup function so that the facility could be used from other parts of the
- Exim code. The latter affects only what happens later on in this function,
- but for tidiness it is handled in a similar way. If the lookup fails,
- continue with the next domain. In the case of DEFER, adjust the final
- "nothing found" result, but carry on to the next domain. */
+ /* Do the lookup and sort out the result. There are three special types that
+ are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
+ a special lookup function so that the facility could be used from other
+ parts of the Exim code. The latter affects only what happens later on in
+ this function, but for tidiness it is handled in a similar way. If the
+ lookup fails, continue with the next domain. In the case of DEFER, adjust
+ the final "nothing found" result, but carry on to the next domain. */
- rc = dns_special_lookup(&dnsa, domain, type, NULL);
+ found = domain;
+ rc = dns_special_lookup(&dnsa, domain, type, &found);
if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
if (rc != DNS_SUCCEED)
if (type == T_TXT)
{
- yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
- (rr->data)[0]);
+ int data_offset = 0;
+ while (data_offset < rr->size)
+ {
+ uschar chunk_len = (rr->data)[data_offset++];
+ yield = string_cat(yield, &size, &ptr,
+ (uschar *)((rr->data)+data_offset), chunk_len);
+ data_offset += chunk_len;
+ }
}
- else /* T_CNAME, T_MX, T_MXH, T_NS, T_SRV, T_PTR */
+ else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
{
- int num;
+ int priority, weight, port;
uschar s[264];
uschar *p = (uschar *)(rr->data);
if (type == T_MXH)
{
/* mxh ignores the priority number and includes only the hostnames */
- GETSHORT(num, p); /* pointer is advanced */
+ GETSHORT(priority, p);
}
else if (type == T_MX)
{
- GETSHORT(num, p); /* pointer is advanced */
- sprintf(CS s, "%d ", num);
+ GETSHORT(priority, p);
+ sprintf(CS s, "%d ", priority);
yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
}
else if (type == T_SRV)
{
- int weight, port;
- GETSHORT(num, p); /* pointer is advanced */
+ GETSHORT(priority, p);
GETSHORT(weight, p);
GETSHORT(port, p);
- sprintf(CS s, "%d %d %d ", num, weight, port);
+ sprintf(CS s, "%d %d %d ", priority, weight, port);
yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
}
+ else if (type == T_CSA)
+ {
+ /* See acl_verify_csa() for more comments about CSA. */
+
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+
+ if (priority != 1) continue; /* CSA version must be 1 */
+
+ /* If the CSA record we found is not the one we asked for, analyse
+ the subdomain assertions in the port field, else analyse the direct
+ authorization status in the weight field. */
+
+ if (found != domain)
+ {
+ if (port & 1) *s = 'X'; /* explicit authorization required */
+ else *s = '?'; /* no subdomain assertions here */
+ }
+ else
+ {
+ if (weight < 2) *s = 'N'; /* not authorized */
+ else if (weight == 2) *s = 'Y'; /* authorized */
+ else if (weight == 3) *s = '?'; /* unauthorizable */
+ else continue; /* invalid */
+ }
+
+ s[1] = ' ';
+ yield = string_cat(yield, &size, &ptr, s, 2);
+ }
+
+ /* GETSHORT() has advanced the pointer to the target domain. */
rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
(DN_EXPAND_ARG4_TYPE)(s), sizeof(s));