From 7cd171b76e5bd3cb825c2a8720bc1fe4ad9b37e0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 17 May 2015 21:57:46 +0100 Subject: struct dnssec_domains --- src/src/functions.h | 2 +- src/src/host.c | 24 ++++++++++++++---------- src/src/match.c | 3 +-- src/src/route.c | 4 ++-- src/src/routers/dnslookup.c | 3 +-- src/src/routers/rf_lookup_hostlist.c | 6 ++---- src/src/structs.h | 9 +++++++-- src/src/transports/smtp.c | 6 +++--- src/src/transports/smtp.h | 3 +-- src/src/verify.c | 7 +++---- 10 files changed, 35 insertions(+), 32 deletions(-) diff --git a/src/src/functions.h b/src/src/functions.h index d720f235e..6b0689b3c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -199,7 +199,7 @@ extern void host_build_log_info(void); extern void host_build_sender_fullhost(void); extern BOOL host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL); extern int host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *, - uschar *, uschar *, uschar *, const uschar **, BOOL *); + uschar *, const dnssec_domains *, const uschar **, BOOL *); extern ip_address_item *host_find_interfaces(void); extern BOOL host_is_in_net(const uschar *, const uschar *, int); extern BOOL host_is_tls_on_connect_port(int); diff --git a/src/src/host.c b/src/src/host.c index 9c63cb95a..b3d38c578 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1942,7 +1942,7 @@ some circumstances when the get..byname() function actually calls the DNS. */ dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0, (flags & HOST_FIND_SEARCH_PARENTS) != 0, - FALSE); /*XXX dnssec? */ + FALSE); /* Cannot retrieve dnssec status so do not request */ /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both kinds of address, so go round the loop twice. Note that we have ensured that @@ -2494,8 +2494,8 @@ Arguments: srv_service when SRV used, the service name srv_fail_domains DNS errors for these domains => assume nonexist mx_fail_domains DNS errors for these domains => assume nonexist - dnssec_request_domains => make dnssec request - dnssec_require_domains => ditto and nonexist failures + dnssec_d.request => make dnssec request: domainlist + dnssec_d.require => ditto and nonexist failures fully_qualified_name if not NULL, return fully-qualified name removed set TRUE if local host was removed from the list @@ -2513,7 +2513,7 @@ Returns: HOST_FIND_FAILED Failed to find the host or domain; int host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs, uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains, - uschar *dnssec_request_domains, uschar *dnssec_require_domains, + const dnssec_domains *dnssec_d, const uschar **fully_qualified_name, BOOL *removed) { host_item *h, *last; @@ -2523,11 +2523,13 @@ int ind_type = 0; int yield; dns_answer dnsa; dns_scan dnss; -BOOL dnssec_require = match_isinlist(host->name, CUSS &dnssec_require_domains, +BOOL dnssec_require = dnssec_d + && match_isinlist(host->name, CUSS &dnssec_d->require, 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK; BOOL dnssec_request = dnssec_require - || match_isinlist(host->name, CUSS &dnssec_request_domains, - 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK; + || ( dnssec_d + && match_isinlist(host->name, CUSS &dnssec_d->request, + 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK); dnssec_status_t dnssec; /* Set the default fully qualified name to the incoming name, initialize the @@ -3203,6 +3205,7 @@ while (Ufgets(buffer, 256, stdin) != NULL) else { int flags = whichrrs; + dnssec d; h.name = buffer; h.next = NULL; @@ -3215,12 +3218,13 @@ while (Ufgets(buffer, 256, stdin) != NULL) if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE; if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS; + d.request = request_dnssec ? &h.name : NULL; + d.require = require_dnssec ? &h.name : NULL; + rc = byname ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE) : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL, - request_dnssec ? &h.name : NULL, - require_dnssec ? &h.name : NULL, - &fully_qualified_name, NULL); + &d, &fully_qualified_name, NULL); if (rc == HOST_FIND_FAILED) printf("Failed\n"); else if (rc == HOST_FIND_AGAIN) printf("Again\n"); diff --git a/src/src/match.c b/src/src/match.c index 893ff4863..3547e467f 100644 --- a/src/src/match.c +++ b/src/src/match.c @@ -221,8 +221,7 @@ if (cb->at_is_special && pattern[0] == '@') NULL, /* service name not relevant */ NULL, /* srv_fail_domains not relevant */ NULL, /* mx_fail_domains not relevant */ - NULL, /* no dnssec request XXX ? */ - NULL, /* no dnssec require XXX ? */ + NULL, /* no dnssec request/require XXX ? */ NULL, /* no feedback FQDN */ &removed); /* feedback if local removed */ diff --git a/src/src/route.c b/src/src/route.c index 2f534b7bf..cd7e5d535 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -55,9 +55,9 @@ optionlist optionlist_routers[] = { { "disable_logging", opt_bool | opt_public, (void *)offsetof(router_instance, disable_logging) }, { "dnssec_request_domains", opt_stringptr|opt_public, - (void *)offsetof(router_instance, dnssec_request_domains) }, + (void *)offsetof(router_instance, dnssec.request) }, { "dnssec_require_domains", opt_stringptr|opt_public, - (void *)offsetof(router_instance, dnssec_require_domains) }, + (void *)offsetof(router_instance, dnssec.require) }, { "domains", opt_stringptr|opt_public, (void *)offsetof(router_instance, domains) }, { "driver", opt_stringptr|opt_public, diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c index 69b240428..b4ad5eafd 100644 --- a/src/src/routers/dnslookup.c +++ b/src/src/routers/dnslookup.c @@ -265,8 +265,7 @@ for (;;) rc = host_find_bydns(&h, CUS rblock->ignore_target_hosts, flags, srv_service, ob->srv_fail_domains, ob->mx_fail_domains, - rblock->dnssec_request_domains, rblock->dnssec_require_domains, - &fully_qualified_name, &removed); + &rblock->dnssec, &fully_qualified_name, &removed); if (removed) setflag(addr, af_local_host_removed); /* If host found with only address records, test for the domain's being in diff --git a/src/src/routers/rf_lookup_hostlist.c b/src/src/routers/rf_lookup_hostlist.c index 7ff7f45e1..0b514355a 100644 --- a/src/src/routers/rf_lookup_hostlist.c +++ b/src/src/routers/rf_lookup_hostlist.c @@ -94,8 +94,7 @@ for (h = addr->host_list; h != NULL; h = next_h) NULL, /* SRV service not relevant */ NULL, /* failing srv domains not relevant */ NULL, /* no special mx failing domains */ - rblock->dnssec_request_domains, /* no dnssec request XXX ? */ - rblock->dnssec_require_domains, /* no dnssec require XXX ? */ + &rblock->dnssec, /* dnssec request/require */ NULL, /* fully_qualified_name */ NULL); /* indicate local host removed */ } @@ -120,8 +119,7 @@ for (h = addr->host_list; h != NULL; h = next_h) DEBUG(D_route|D_host_lookup) debug_printf("doing DNS lookup\n"); rc = host_find_bydns(h, ignore_target_hosts, HOST_FIND_BY_A, NULL, NULL, NULL, - rblock->dnssec_request_domains, /* no dnssec request XXX ? */ - rblock->dnssec_require_domains, /* no dnssec require XXX ? */ + &rblock->dnssec, /* domains for request/require */ &canonical_name, &removed); if (rc == HOST_FOUND) { diff --git a/src/src/structs.h b/src/src/structs.h index 3f9fb6050..ea23cb6ad 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -218,6 +218,11 @@ typedef struct transport_info { +typedef struct { + uschar *request; + uschar *require; +} dnssec_domains; + /* Structure for holding information about the configured routers. */ typedef struct router_instance { @@ -296,8 +301,8 @@ typedef struct router_instance { transport_instance *transport; /* Transport block (when found) */ struct router_instance *pass_router; /* Actual router for passed address */ struct router_instance *redirect_router; /* Actual router for generated address */ - uschar *dnssec_request_domains; /* ask for DNSSEC XXX */ - uschar *dnssec_require_domains; /* require DNSSEC XXX */ + + dnssec_domains dnssec; } router_instance; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 9554652ca..986fcee6f 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -61,9 +61,9 @@ optionlist smtp_transport_options[] = { { "dns_search_parents", opt_bool, (void *)offsetof(smtp_transport_options_block, dns_search_parents) }, { "dnssec_request_domains", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) }, + (void *)offsetof(smtp_transport_options_block, dnssec.request) }, { "dnssec_require_domains", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) }, + (void *)offsetof(smtp_transport_options_block, dnssec.require) }, { "dscp", opt_stringptr, (void *)offsetof(smtp_transport_options_block, dscp) }, { "fallback_hosts", opt_stringptr, @@ -3228,7 +3228,7 @@ for (cutoff_retry = 0; expired && rc = host_find_byname(host, NULL, flags, NULL, TRUE); else rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL, - ob->dnssec_request_domains, ob->dnssec_require_domains, + &ob->dnssec, /* domains for request/require */ NULL, NULL); /* Update the host (and any additional blocks, resulting from diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index 84fb9f50c..49a90b94c 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -51,8 +51,7 @@ typedef struct { BOOL gethostbyname; BOOL dns_qualify_single; BOOL dns_search_parents; - uschar *dnssec_request_domains; - uschar *dnssec_require_domains; + dnssec_domains dnssec; BOOL delay_after_cutoff; BOOL hosts_override; BOOL hosts_randomize; diff --git a/src/src/verify.c b/src/src/verify.c index 27121616d..10cef82f1 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2076,18 +2076,17 @@ while (addr_new != NULL) (void)host_find_byname(host, NULL, flags, NULL, TRUE); else { - uschar * d_request = NULL, * d_require = NULL; + dnssec_domains * dnssec_domains = NULL; if (Ustrcmp(addr->transport->driver_name, "smtp") == 0) { smtp_transport_options_block * ob = (smtp_transport_options_block *) addr->transport->options_block; - d_request = ob->dnssec_request_domains; - d_require = ob->dnssec_require_domains; + dnssec_domains = &ob->dnssec; } (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL, - d_request, d_require, NULL, NULL); + dnssec_domains, NULL, NULL); } } } -- cgit v1.2.3