From 1e06383a8b5eaaf67910c94c737e8d9b5d16a00a Mon Sep 17 00:00:00 2001 From: Todd Lyons Date: Wed, 9 Apr 2014 17:11:21 +0100 Subject: dnsdb tlsa lookup --- src/src/dns.c | 1 + src/src/exim.h | 6 ++++++ src/src/lookups/dnsdb.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) (limited to 'src') diff --git a/src/src/dns.c b/src/src/dns.c index 88fa36baa..2aeb5af62 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -479,6 +479,7 @@ switch(t) case T_SRV: return US"SRV"; case T_NS: return US"NS"; case T_CNAME: return US"CNAME"; + case T_TLSA: return US"TLSA"; default: return US"?"; } } diff --git a/src/src/exim.h b/src/src/exim.h index b2d47d74e..c72c1f10a 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -321,6 +321,12 @@ header files. I don't suppose they have T_SRV either. */ #define T_SPF 99 #endif +/* New TLSA record for DANE */ +#ifndef T_TLSA +#define T_TLSA 52 +#endif +#define MAX_TLSA_EXPANDED_SIZE 8192 + /* It seems that some versions of arpa/nameser.h don't define *any* of the T_xxx macros, which seem to be non-standard nowadays. Just to be on the safe side, put in definitions for all the ones that Exim uses. */ diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index a8eab2e47..beba09508 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -22,6 +22,11 @@ header files. */ #define T_SPF 99 #endif +/* New TLSA record for DANE */ +#ifndef T_TLSA +#define T_TLSA 52 +#endif + /* Table of recognized DNS record types and their integer values. */ static const char *type_names[] = { @@ -41,6 +46,7 @@ static const char *type_names[] = { "ptr", "spf", "srv", + "tlsa", "txt", "zns" }; @@ -62,6 +68,7 @@ static int type_values[] = { T_PTR, T_SPF, T_SRV, + T_TLSA, T_TXT, T_ZNS /* Private type for "zone nameservers" */ }; @@ -378,6 +385,29 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) } } } + else if (type == T_TLSA) + { + uint8_t usage, selector, matching_type; + uint16_t i, payload_length; + uschar s[MAX_TLSA_EXPANDED_SIZE]; + uschar * sp = s; + uschar *p = (uschar *)(rr->data); + + usage = *p++; + selector = *p++; + matching_type = *p++; + /* What's left after removing the first 3 bytes above */ + payload_length = rr->size - 3; + sp += sprintf(CS s, "%d %d %d ", usage, selector, matching_type); + /* Now append the cert/identifier, one hex char at a time */ + for (i=0; + i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4); + i++) + { + sp += sprintf(CS sp, "%02x", (unsigned char)p[i]); + } + yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + } else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */ { int priority, weight, port; -- cgit v1.2.3