summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/src/functions.h2
-rw-r--r--src/src/host.c24
-rw-r--r--src/src/match.c3
-rw-r--r--src/src/route.c4
-rw-r--r--src/src/routers/dnslookup.c3
-rw-r--r--src/src/routers/rf_lookup_hostlist.c6
-rw-r--r--src/src/structs.h9
-rw-r--r--src/src/transports/smtp.c6
-rw-r--r--src/src/transports/smtp.h3
-rw-r--r--src/src/verify.c7
10 files changed, 35 insertions, 32 deletions
diff --git a/src/src/functions.h b/src/src/functions.h
index d720f235e..6b0689b3c 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -199,7 +199,7 @@ extern void host_build_log_info(void);
extern void host_build_sender_fullhost(void);
extern BOOL host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL);
extern int host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *,
- uschar *, uschar *, uschar *, const uschar **, BOOL *);
+ uschar *, const dnssec_domains *, const uschar **, BOOL *);
extern ip_address_item *host_find_interfaces(void);
extern BOOL host_is_in_net(const uschar *, const uschar *, int);
extern BOOL host_is_tls_on_connect_port(int);
diff --git a/src/src/host.c b/src/src/host.c
index 9c63cb95a..b3d38c578 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -1942,7 +1942,7 @@ some circumstances when the get..byname() function actually calls the DNS. */
dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
(flags & HOST_FIND_SEARCH_PARENTS) != 0,
- FALSE); /*XXX dnssec? */
+ FALSE); /* Cannot retrieve dnssec status so do not request */
/* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
kinds of address, so go round the loop twice. Note that we have ensured that
@@ -2494,8 +2494,8 @@ Arguments:
srv_service when SRV used, the service name
srv_fail_domains DNS errors for these domains => assume nonexist
mx_fail_domains DNS errors for these domains => assume nonexist
- dnssec_request_domains => make dnssec request
- dnssec_require_domains => ditto and nonexist failures
+ dnssec_d.request => make dnssec request: domainlist
+ dnssec_d.require => ditto and nonexist failures
fully_qualified_name if not NULL, return fully-qualified name
removed set TRUE if local host was removed from the list
@@ -2513,7 +2513,7 @@ Returns: HOST_FIND_FAILED Failed to find the host or domain;
int
host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
- uschar *dnssec_request_domains, uschar *dnssec_require_domains,
+ const dnssec_domains *dnssec_d,
const uschar **fully_qualified_name, BOOL *removed)
{
host_item *h, *last;
@@ -2523,11 +2523,13 @@ int ind_type = 0;
int yield;
dns_answer dnsa;
dns_scan dnss;
-BOOL dnssec_require = match_isinlist(host->name, CUSS &dnssec_require_domains,
+BOOL dnssec_require = dnssec_d
+ && match_isinlist(host->name, CUSS &dnssec_d->require,
0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
BOOL dnssec_request = dnssec_require
- || match_isinlist(host->name, CUSS &dnssec_request_domains,
- 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+ || ( dnssec_d
+ && match_isinlist(host->name, CUSS &dnssec_d->request,
+ 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
dnssec_status_t dnssec;
/* Set the default fully qualified name to the incoming name, initialize the
@@ -3203,6 +3205,7 @@ while (Ufgets(buffer, 256, stdin) != NULL)
else
{
int flags = whichrrs;
+ dnssec d;
h.name = buffer;
h.next = NULL;
@@ -3215,12 +3218,13 @@ while (Ufgets(buffer, 256, stdin) != NULL)
if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
+ d.request = request_dnssec ? &h.name : NULL;
+ d.require = require_dnssec ? &h.name : NULL;
+
rc = byname
? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
: host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
- request_dnssec ? &h.name : NULL,
- require_dnssec ? &h.name : NULL,
- &fully_qualified_name, NULL);
+ &d, &fully_qualified_name, NULL);
if (rc == HOST_FIND_FAILED) printf("Failed\n");
else if (rc == HOST_FIND_AGAIN) printf("Again\n");
diff --git a/src/src/match.c b/src/src/match.c
index 893ff4863..3547e467f 100644
--- a/src/src/match.c
+++ b/src/src/match.c
@@ -221,8 +221,7 @@ if (cb->at_is_special && pattern[0] == '@')
NULL, /* service name not relevant */
NULL, /* srv_fail_domains not relevant */
NULL, /* mx_fail_domains not relevant */
- NULL, /* no dnssec request XXX ? */
- NULL, /* no dnssec require XXX ? */
+ NULL, /* no dnssec request/require XXX ? */
NULL, /* no feedback FQDN */
&removed); /* feedback if local removed */
diff --git a/src/src/route.c b/src/src/route.c
index 2f534b7bf..cd7e5d535 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -55,9 +55,9 @@ optionlist optionlist_routers[] = {
{ "disable_logging", opt_bool | opt_public,
(void *)offsetof(router_instance, disable_logging) },
{ "dnssec_request_domains", opt_stringptr|opt_public,
- (void *)offsetof(router_instance, dnssec_request_domains) },
+ (void *)offsetof(router_instance, dnssec.request) },
{ "dnssec_require_domains", opt_stringptr|opt_public,
- (void *)offsetof(router_instance, dnssec_require_domains) },
+ (void *)offsetof(router_instance, dnssec.require) },
{ "domains", opt_stringptr|opt_public,
(void *)offsetof(router_instance, domains) },
{ "driver", opt_stringptr|opt_public,
diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c
index 69b240428..b4ad5eafd 100644
--- a/src/src/routers/dnslookup.c
+++ b/src/src/routers/dnslookup.c
@@ -265,8 +265,7 @@ for (;;)
rc = host_find_bydns(&h, CUS rblock->ignore_target_hosts, flags, srv_service,
ob->srv_fail_domains, ob->mx_fail_domains,
- rblock->dnssec_request_domains, rblock->dnssec_require_domains,
- &fully_qualified_name, &removed);
+ &rblock->dnssec, &fully_qualified_name, &removed);
if (removed) setflag(addr, af_local_host_removed);
/* If host found with only address records, test for the domain's being in
diff --git a/src/src/routers/rf_lookup_hostlist.c b/src/src/routers/rf_lookup_hostlist.c
index 7ff7f45e1..0b514355a 100644
--- a/src/src/routers/rf_lookup_hostlist.c
+++ b/src/src/routers/rf_lookup_hostlist.c
@@ -94,8 +94,7 @@ for (h = addr->host_list; h != NULL; h = next_h)
NULL, /* SRV service not relevant */
NULL, /* failing srv domains not relevant */
NULL, /* no special mx failing domains */
- rblock->dnssec_request_domains, /* no dnssec request XXX ? */
- rblock->dnssec_require_domains, /* no dnssec require XXX ? */
+ &rblock->dnssec, /* dnssec request/require */
NULL, /* fully_qualified_name */
NULL); /* indicate local host removed */
}
@@ -120,8 +119,7 @@ for (h = addr->host_list; h != NULL; h = next_h)
DEBUG(D_route|D_host_lookup) debug_printf("doing DNS lookup\n");
rc = host_find_bydns(h, ignore_target_hosts, HOST_FIND_BY_A, NULL, NULL,
NULL,
- rblock->dnssec_request_domains, /* no dnssec request XXX ? */
- rblock->dnssec_require_domains, /* no dnssec require XXX ? */
+ &rblock->dnssec, /* domains for request/require */
&canonical_name, &removed);
if (rc == HOST_FOUND)
{
diff --git a/src/src/structs.h b/src/src/structs.h
index 3f9fb6050..ea23cb6ad 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -218,6 +218,11 @@ typedef struct transport_info {
+typedef struct {
+ uschar *request;
+ uschar *require;
+} dnssec_domains;
+
/* Structure for holding information about the configured routers. */
typedef struct router_instance {
@@ -296,8 +301,8 @@ typedef struct router_instance {
transport_instance *transport; /* Transport block (when found) */
struct router_instance *pass_router; /* Actual router for passed address */
struct router_instance *redirect_router; /* Actual router for generated address */
- uschar *dnssec_request_domains; /* ask for DNSSEC XXX */
- uschar *dnssec_require_domains; /* require DNSSEC XXX */
+
+ dnssec_domains dnssec;
} router_instance;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 9554652ca..986fcee6f 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -61,9 +61,9 @@ optionlist smtp_transport_options[] = {
{ "dns_search_parents", opt_bool,
(void *)offsetof(smtp_transport_options_block, dns_search_parents) },
{ "dnssec_request_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
+ (void *)offsetof(smtp_transport_options_block, dnssec.request) },
{ "dnssec_require_domains", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
+ (void *)offsetof(smtp_transport_options_block, dnssec.require) },
{ "dscp", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dscp) },
{ "fallback_hosts", opt_stringptr,
@@ -3228,7 +3228,7 @@ for (cutoff_retry = 0; expired &&
rc = host_find_byname(host, NULL, flags, NULL, TRUE);
else
rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
- ob->dnssec_request_domains, ob->dnssec_require_domains,
+ &ob->dnssec, /* domains for request/require */
NULL, NULL);
/* Update the host (and any additional blocks, resulting from
diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index 84fb9f50c..49a90b94c 100644
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -51,8 +51,7 @@ typedef struct {
BOOL gethostbyname;
BOOL dns_qualify_single;
BOOL dns_search_parents;
- uschar *dnssec_request_domains;
- uschar *dnssec_require_domains;
+ dnssec_domains dnssec;
BOOL delay_after_cutoff;
BOOL hosts_override;
BOOL hosts_randomize;
diff --git a/src/src/verify.c b/src/src/verify.c
index 27121616d..10cef82f1 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -2076,18 +2076,17 @@ while (addr_new != NULL)
(void)host_find_byname(host, NULL, flags, NULL, TRUE);
else
{
- uschar * d_request = NULL, * d_require = NULL;
+ dnssec_domains * dnssec_domains = NULL;
if (Ustrcmp(addr->transport->driver_name, "smtp") == 0)
{
smtp_transport_options_block * ob =
(smtp_transport_options_block *)
addr->transport->options_block;
- d_request = ob->dnssec_request_domains;
- d_require = ob->dnssec_require_domains;
+ dnssec_domains = &ob->dnssec;
}
(void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
- d_request, d_require, NULL, NULL);
+ dnssec_domains, NULL, NULL);
}
}
}