struct dnssec_domains

diff --git a/src/src/functions.h b/src/src/functions.h
index d720f235e6dfdb4f4a590e7de7a9ea712488daa4..6b0689b3c77af03c8bd8ccc6fea6ceb8a36c4490 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -199,7 +199,7 @@ extern void    host_build_log_info(void);
 extern void    host_build_sender_fullhost(void);
 extern BOOL    host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL);
 extern int     host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *,
-                 uschar *, uschar *, uschar *, const uschar **, BOOL *);
+                 uschar *, const dnssec_domains *, const uschar **, BOOL *);
 extern ip_address_item *host_find_interfaces(void);
 extern BOOL    host_is_in_net(const uschar *, const uschar *, int);
 extern BOOL    host_is_tls_on_connect_port(int);

diff --git a/src/src/host.c b/src/src/host.c
index 9c63cb95aeee2bee7a12426086f0c1ba9609813e..b3d38c57824840699e254f8feb7d1e61674dd228 100644 (file)
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -1942,7 +1942,7 @@ some circumstances when the get..byname() function actually calls the DNS. */
 
 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
          (flags & HOST_FIND_SEARCH_PARENTS) != 0,
-        FALSE);        /*XXX dnssec? */
+        FALSE);                /* Cannot retrieve dnssec status so do not request */
 
 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
 kinds of address, so go round the loop twice. Note that we have ensured that
@@ -2494,8 +2494,8 @@ Arguments:
   srv_service           when SRV used, the service name
   srv_fail_domains      DNS errors for these domains => assume nonexist
   mx_fail_domains       DNS errors for these domains => assume nonexist
-  dnssec_request_domains => make dnssec request
-  dnssec_require_domains => ditto and nonexist failures
+  dnssec_d.request =>   make dnssec request: domainlist
+  dnssec_d.require =>   ditto and nonexist failures
   fully_qualified_name  if not NULL, return fully-qualified name
   removed               set TRUE if local host was removed from the list
 
@@ -2513,7 +2513,7 @@ Returns:                HOST_FIND_FAILED  Failed to find the host or domain;
 int
 host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
   uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
-  uschar *dnssec_request_domains, uschar *dnssec_require_domains,
+  const dnssec_domains *dnssec_d,
   const uschar **fully_qualified_name, BOOL *removed)
 {
 host_item *h, *last;
@@ -2523,11 +2523,13 @@ int ind_type = 0;
 int yield;
 dns_answer dnsa;
 dns_scan dnss;
-BOOL dnssec_require = match_isinlist(host->name, CUSS &dnssec_require_domains,
+BOOL dnssec_require = dnssec_d
+                   && match_isinlist(host->name, CUSS &dnssec_d->require,
                                    0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
 BOOL dnssec_request = dnssec_require
-                   || match_isinlist(host->name, CUSS &dnssec_request_domains,
-                                   0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
+                   || (  dnssec_d
+                      && match_isinlist(host->name, CUSS &dnssec_d->request,
+                                   0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
 dnssec_status_t dnssec;
 
 /* Set the default fully qualified name to the incoming name, initialize the
@@ -3203,6 +3205,7 @@ while (Ufgets(buffer, 256, stdin) != NULL)
   else
     {
     int flags = whichrrs;
+    dnssec d;
 
     h.name = buffer;
     h.next = NULL;
@@ -3215,12 +3218,13 @@ while (Ufgets(buffer, 256, stdin) != NULL)
     if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
     if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
 
+    d.request = request_dnssec ? &h.name : NULL;
+    d.require = require_dnssec ? &h.name : NULL;
+
     rc = byname
       ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
       : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
-                       request_dnssec ? &h.name : NULL,
-                       require_dnssec ? &h.name : NULL,
-                       &fully_qualified_name, NULL);
+                       &d, &fully_qualified_name, NULL);
 
     if (rc == HOST_FIND_FAILED) printf("Failed\n");
       else if (rc == HOST_FIND_AGAIN) printf("Again\n");

diff --git a/src/src/match.c b/src/src/match.c
index 893ff4863958e7d79213781dd535524e5e008ff4..3547e467fb52ffe5f116d9e956b4552f2fef360f 100644 (file)
--- a/src/src/match.c
+++ b/src/src/match.c
@@ -221,8 +221,7 @@ if (cb->at_is_special && pattern[0] == '@')
       NULL,                /* service name not relevant */
       NULL,                /* srv_fail_domains not relevant */
       NULL,                /* mx_fail_domains not relevant */
-      NULL,                /* no dnssec request XXX ? */
-      NULL,                /* no dnssec require XXX ? */
+      NULL,                /* no dnssec request/require XXX ? */
       NULL,                /* no feedback FQDN */
       &removed);           /* feedback if local removed */
 

diff --git a/src/src/route.c b/src/src/route.c
index 2f534b7bf797b68b9c4fb151d32e2e9f094aa613..cd7e5d535f67525412294722138da4af85d2d8f4 100644 (file)
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -55,9 +55,9 @@ optionlist optionlist_routers[] = {
   { "disable_logging",    opt_bool | opt_public,
                  (void *)offsetof(router_instance, disable_logging) },
   { "dnssec_request_domains",            opt_stringptr|opt_public,
-                 (void *)offsetof(router_instance, dnssec_request_domains) },
+                 (void *)offsetof(router_instance, dnssec.request) },
   { "dnssec_require_domains",            opt_stringptr|opt_public,
-                 (void *)offsetof(router_instance, dnssec_require_domains) },
+                 (void *)offsetof(router_instance, dnssec.require) },
   { "domains",            opt_stringptr|opt_public,
                  (void *)offsetof(router_instance, domains) },
   { "driver",             opt_stringptr|opt_public,

diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c
index 69b24042876b756e05a2fafe4d40f5ccaf0a3e49..b4ad5eafd426f95eaa4a98d44a9b4510a76c5442 100644 (file)
--- a/src/src/routers/dnslookup.c
+++ b/src/src/routers/dnslookup.c
@@ -265,8 +265,7 @@ for (;;)
 
   rc = host_find_bydns(&h, CUS rblock->ignore_target_hosts, flags, srv_service,
     ob->srv_fail_domains, ob->mx_fail_domains,
-    rblock->dnssec_request_domains, rblock->dnssec_require_domains,
-    &fully_qualified_name, &removed);
+    &rblock->dnssec, &fully_qualified_name, &removed);
   if (removed) setflag(addr, af_local_host_removed);
 
   /* If host found with only address records, test for the domain's being in

diff --git a/src/src/routers/rf_lookup_hostlist.c b/src/src/routers/rf_lookup_hostlist.c
index 7ff7f45e1adce0a09843b0ad0f4880453feb0eac..0b514355a6a50d1a7987aaddeb37a9b532162409 100644 (file)
--- a/src/src/routers/rf_lookup_hostlist.c
+++ b/src/src/routers/rf_lookup_hostlist.c
@@ -94,8 +94,7 @@ for (h = addr->host_list; h != NULL; h = next_h)
         NULL,                           /* SRV service not relevant */
         NULL,                           /* failing srv domains not relevant */
         NULL,                           /* no special mx failing domains */
-       rblock->dnssec_request_domains,         /* no dnssec request XXX ? */
-       rblock->dnssec_require_domains,         /* no dnssec require XXX ? */
+        &rblock->dnssec,               /* dnssec request/require */
         NULL,                           /* fully_qualified_name */
         NULL);                          /* indicate local host removed */
     }
@@ -120,8 +119,7 @@ for (h = addr->host_list; h != NULL; h = next_h)
     DEBUG(D_route|D_host_lookup) debug_printf("doing DNS lookup\n");
     rc = host_find_bydns(h, ignore_target_hosts, HOST_FIND_BY_A, NULL, NULL,
       NULL,
-      rblock->dnssec_request_domains,         /* no dnssec request XXX ? */
-      rblock->dnssec_require_domains,         /* no dnssec require XXX ? */
+      &rblock->dnssec,                 /* domains for request/require */
       &canonical_name, &removed);
     if (rc == HOST_FOUND)
       {

diff --git a/src/src/structs.h b/src/src/structs.h
index 3f9fb6050f0ef3efa1b6705d44f55a3307f88d0b..ea23cb6ad9bea95dbce378c0a6cc0c303872a72a 100644 (file)
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -218,6 +218,11 @@ typedef struct transport_info {
 
 
 
+typedef struct {
+  uschar *request;
+  uschar *require;
+} dnssec_domains;
+
 /* Structure for holding information about the configured routers. */
 
 typedef struct router_instance {
@@ -296,8 +301,8 @@ typedef struct router_instance {
   transport_instance *transport;  /* Transport block (when found) */
   struct router_instance *pass_router; /* Actual router for passed address */
   struct router_instance *redirect_router; /* Actual router for generated address */
-  uschar  *dnssec_request_domains;     /* ask for DNSSEC XXX */
-  uschar  *dnssec_require_domains;     /* require DNSSEC XXX */
+
+  dnssec_domains dnssec;
 } router_instance;
 
 

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 9554652ca3c7713abc6b7a558bd4350d17a7e010..986fcee6fd0b883396a35cb9bdafed084b7a19e3 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -61,9 +61,9 @@ optionlist smtp_transport_options[] = {
   { "dns_search_parents",   opt_bool,
       (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
   { "dnssec_request_domains", opt_stringptr,
-      (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
+      (void *)offsetof(smtp_transport_options_block, dnssec.request) },
   { "dnssec_require_domains", opt_stringptr,
-      (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
+      (void *)offsetof(smtp_transport_options_block, dnssec.require) },
   { "dscp",                 opt_stringptr,
       (void *)offsetof(smtp_transport_options_block, dscp) },
   { "fallback_hosts",       opt_stringptr,
@@ -3228,7 +3228,7 @@ for (cutoff_retry = 0; expired &&
         rc = host_find_byname(host, NULL, flags, NULL, TRUE);
       else
         rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
-         ob->dnssec_request_domains, ob->dnssec_require_domains,
+         &ob->dnssec,          /* domains for request/require */
           NULL, NULL);
 
       /* Update the host (and any additional blocks, resulting from

diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index 84fb9f50c5082314a96246adee0e56af62282c3b..49a90b94cf117ddb1e00aa55a55f1c38016d5b12 100644 (file)
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -51,8 +51,7 @@ typedef struct {
   BOOL    gethostbyname;
   BOOL    dns_qualify_single;
   BOOL    dns_search_parents;
-  uschar *dnssec_request_domains;
-  uschar *dnssec_require_domains;
+  dnssec_domains dnssec;
   BOOL    delay_after_cutoff;
   BOOL    hosts_override;
   BOOL    hosts_randomize;

diff --git a/src/src/verify.c b/src/src/verify.c
index 27121616d6c5123332699736f03508ca05e13313..10cef82f14055eb1b4753a3a8faa9b63e61679d9 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -2076,18 +2076,17 @@ while (addr_new != NULL)
                 (void)host_find_byname(host, NULL, flags, NULL, TRUE);
               else
                {
-               uschar * d_request = NULL, * d_require = NULL;
+               dnssec_domains * dnssec_domains = NULL;
                if (Ustrcmp(addr->transport->driver_name, "smtp") == 0)
                  {
                  smtp_transport_options_block * ob =
                      (smtp_transport_options_block *)
                        addr->transport->options_block;
-                 d_request = ob->dnssec_request_domains;
-                 d_require = ob->dnssec_require_domains;
+                 dnssec_domains = &ob->dnssec;
                  }
 
                 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
-                 d_request, d_require, NULL, NULL);
+                 dnssec_domains, NULL, NULL);
                }
               }
             }