dnsdb tlsa lookup

author: Todd Lyons <tlyons@exim.org> 2014-04-09 17:11:21 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2014-04-09 17:11:21 +0100
commit: 1e06383a8b5eaaf67910c94c737e8d9b5d16a00a (patch)
tree: bdb7ef0a0003881efbf903759e476a64aa748756 /src
parent: 930407fb53c45465429f3ae16a43ab70308b6c2a (diff)
3 files changed, 37 insertions, 0 deletions
diff --git a/src/src/dns.c b/src/src/dns.c
index 88fa36baa..2aeb5af62 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -479,6 +479,7 @@ switch(t)
   case T_SRV:   return US"SRV";
   case T_NS:    return US"NS";
   case T_CNAME: return US"CNAME";
+  case T_TLSA:  return US"TLSA";
   default:      return US"?";
   }
 }
diff --git a/src/src/exim.h b/src/src/exim.h
index b2d47d74e..c72c1f10a 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -321,6 +321,12 @@ header files. I don't suppose they have T_SRV either. */
 #define T_SPF 99
 #endif
 
+/* New TLSA record for DANE */
+#ifndef T_TLSA
+#define T_TLSA 52
+#endif
+#define MAX_TLSA_EXPANDED_SIZE 8192
+
 /* It seems that some versions of arpa/nameser.h don't define *any* of the
 T_xxx macros, which seem to be non-standard nowadays. Just to be on the safe
 side, put in definitions for all the ones that Exim uses. */
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index a8eab2e47..beba09508 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -22,6 +22,11 @@ header files. */
 #define T_SPF 99
 #endif
 
+/* New TLSA record for DANE */
+#ifndef T_TLSA
+#define T_TLSA 52
+#endif
+
 /* Table of recognized DNS record types and their integer values. */
 
 static const char *type_names[] = {
@@ -41,6 +46,7 @@ static const char *type_names[] = {
   "ptr",
   "spf",
   "srv",
+  "tlsa",
   "txt",
   "zns"
 };
@@ -62,6 +68,7 @@ static int type_values[] = {
   T_PTR,
   T_SPF,
   T_SRV,
+  T_TLSA,
   T_TXT,
   T_ZNS      /* Private type for "zone nameservers" */
 };
@@ -378,6 +385,29 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
             }
           }
         }
+      else if (type == T_TLSA)
+        {
+        uint8_t usage, selector, matching_type;
+        uint16_t i, payload_length;
+        uschar s[MAX_TLSA_EXPANDED_SIZE];
+	uschar * sp = s;
+        uschar *p = (uschar *)(rr->data);
+
+        usage = *p++;
+        selector = *p++;
+        matching_type = *p++;
+        /* What's left after removing the first 3 bytes above */
+        payload_length = rr->size - 3;
+        sp += sprintf(CS s, "%d %d %d ", usage, selector, matching_type);
+        /* Now append the cert/identifier, one hex char at a time */
+        for (i=0;
+             i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4);
+             i++)
+          {
+          sp += sprintf(CS sp, "%02x", (unsigned char)p[i]);
+          }
+        yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+        }
       else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
         {
         int priority, weight, port;
author	Todd Lyons <tlyons@exim.org>	2014-04-09 17:11:21 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2014-04-09 17:11:21 +0100
commit	1e06383a8b5eaaf67910c94c737e8d9b5d16a00a (patch)
tree	bdb7ef0a0003881efbf903759e476a64aa748756 /src
parent	930407fb53c45465429f3ae16a43ab70308b6c2a (diff)