[exim.git] / src / src / lookups / dnsdb.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2012 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "lf_functions.h"


/* Ancient systems (e.g. SunOS4) don't appear to have T_TXT defined in their
header files. */

#ifndef T_TXT
#define T_TXT 16
#endif

/* Many systems do not have T_SPF. */
#ifndef T_SPF
#define T_SPF 99
#endif

/* Table of recognized DNS record types and their integer values. */

static const char *type_names[] = {
  "a",
#if HAVE_IPV6
  "aaaa",
  #ifdef SUPPORT_A6
  "a6",
  #endif
#endif
  "cname",
  "csa",
  "mx",
  "mxh",
  "ns",
  "ptr",
  "spf",
  "srv",
  "txt",
  "zns"
};

static int type_values[] = {
  T_A,
#if HAVE_IPV6
  T_AAAA,
  #ifdef SUPPORT_A6
  T_A6,
  #endif
#endif
  T_CNAME,
  T_CSA,     /* Private type for "Client SMTP Authorization". */
  T_MX,
  T_MXH,     /* Private type for "MX hostnames" */
  T_NS,
  T_PTR,
  T_SPF,
  T_SRV,
  T_TXT,
  T_ZNS      /* Private type for "zone nameservers" */
};


/*************************************************
*              Open entry point                  *
*************************************************/

/* See local README for interface description. */

static void *
dnsdb_open(uschar *filename, uschar **errmsg)
{
filename = filename;   /* Keep picky compilers happy */
errmsg = errmsg;       /* Ditto */
return (void *)(-1);   /* Any non-0 value */
}


/*************************************************
*           Find entry point for dnsdb           *
*************************************************/

/* See local README for interface description. The query in the "keystring" may
consist of a number of parts.

(a) If the first significant character is '>' then the next character is the
separator character that is used when multiple records are found. The default
separator is newline.

(b) If the next character is ',' then the next character is the separator
character used for multiple items of text in "TXT" records. Alternatively,
if the next character is ';' then these multiple items are concatenated with
no separator. With neither of these options specified, only the first item
is output.  Similarly for "SPF" records, but the default for joining multiple
items in one SPF record is the empty string, for direct concatenation.

(c) If the next sequence of characters is 'defer_FOO' followed by a comma,
the defer behaviour is set to FOO. The possible behaviours are: 'strict', where
any defer causes the whole lookup to defer; 'lax', where a defer causes the
whole lookup to defer only if none of the DNS queries succeeds; and 'never',
where all defers are as if the lookup failed. The default is 'lax'.

(d) If the next sequence of characters is a sequence of letters and digits
followed by '=', it is interpreted as the name of the DNS record type. The
default is "TXT".

(e) Then there follows list of domain names. This is a generalized Exim list,
which may start with '<' in order to set a specific separator. The default
separator, as always, is colon. */

static int
dnsdb_find(void *handle, uschar *filename, uschar *keystring, int length,
  uschar **result, uschar **errmsg, BOOL *do_cache)
{
int rc;
int size = 256;
int ptr = 0;
int sep = 0;
int defer_mode = PASS;
int type = T_TXT;
int failrc = FAIL;
uschar *outsep = US"\n";
uschar *outsep2 = NULL;
uschar *equals, *domain, *found;
uschar buffer[256];

/* Because we're the working in the search pool, we try to reclaim as much
store as possible later, so we preallocate the result here */

uschar *yield = store_get(size);

dns_record *rr;
dns_answer dnsa;
dns_scan dnss;

handle = handle;           /* Keep picky compilers happy */
filename = filename;
length = length;
do_cache = do_cache;

/* If the string starts with '>' we change the output separator.
If it's followed by ';' or ',' we set the TXT output separator. */

while (isspace(*keystring)) keystring++;
if (*keystring == '>')
  {
  outsep = keystring + 1;
  keystring += 2;
  if (*keystring == ',')
    {
    outsep2 = keystring + 1;
    keystring += 2;
    }
  else if (*keystring == ';')
    {
    outsep2 = US"";
    keystring++;
    }
  while (isspace(*keystring)) keystring++;
  }

/* SPF strings should be concatenated without a separator, thus make
it the default if not defined (see RFC 4408 section 3.1.3).
Multiple SPF records are forbidden (section 3.1.2) but are currently
not handled specially, thus they are concatenated with \n by default. */

if (type == T_SPF && outsep2 == NULL)
  outsep2 = US"";

/* Check for a defer behaviour keyword. */

if (strncmpic(keystring, US"defer_", 6) == 0)
  {
  keystring += 6;
  if (strncmpic(keystring, US"strict", 6) == 0)
    {
    defer_mode = DEFER;
    keystring += 6;
    }
  else if (strncmpic(keystring, US"lax", 3) == 0)
    {
    defer_mode = PASS;
    keystring += 3;
    }
  else if (strncmpic(keystring, US"never", 5) == 0)
    {
    defer_mode = OK;
    keystring += 5;
    }
  else
    {
    *errmsg = US"unsupported dnsdb defer behaviour";
    return DEFER;
    }
  while (isspace(*keystring)) keystring++;
  if (*keystring++ != ',')
    {
    *errmsg = US"dnsdb defer behaviour syntax error";
    return DEFER;
    }
  while (isspace(*keystring)) keystring++;
  }

/* If the keystring contains an = this must be preceded by a valid type name. */

if ((equals = Ustrchr(keystring, '=')) != NULL)
  {
  int i, len;
  uschar *tend = equals;

  while (tend > keystring && isspace(tend[-1])) tend--;
  len = tend - keystring;

  for (i = 0; i < sizeof(type_names)/sizeof(uschar *); i++)
    {
    if (len == Ustrlen(type_names[i]) &&
        strncmpic(keystring, US type_names[i], len) == 0)
      {
      type = type_values[i];
      break;
      }
    }

  if (i >= sizeof(type_names)/sizeof(uschar *))
    {
    *errmsg = US"unsupported DNS record type";
    return DEFER;
    }

  keystring = equals + 1;
  while (isspace(*keystring)) keystring++;
  }

/* Initialize the resolver in case this is the first time it has been used. */

dns_init(FALSE, FALSE);

/* The remainder of the string must be a list of domains. As long as the lookup
for at least one of them succeeds, we return success. Failure means that none
of them were found.

The original implementation did not support a list of domains. Adding the list
feature is compatible, except in one case: when PTR records are being looked up
for a single IPv6 address. Fortunately, we can hack in a compatibility feature
here: If the type is PTR and no list separator is specified, and the entire
remaining string is valid as an IP address, set an impossible separator so that
it is treated as one item. */

if (type == T_PTR && keystring[0] != '<' &&
    string_is_ip_address(keystring, NULL) != 0)
  sep = -1;

/* Now scan the list and do a lookup for each item */

while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
        != NULL)
  {
  uschar rbuffer[256];
  int searchtype = (type == T_CSA)? T_SRV :         /* record type we want */
                   (type == T_MXH)? T_MX :
                   (type == T_ZNS)? T_NS : type;

  /* If the type is PTR or CSA, we have to construct the relevant magic lookup
  key if the original is an IP address (some experimental protocols are using
  PTR records for different purposes where the key string is a host name, and
  Exim's extended CSA can be keyed by domains or IP addresses). This code for
  doing the reversal is now in a separate function. */

  if ((type == T_PTR || type == T_CSA) &&
      string_is_ip_address(domain, NULL) != 0)
    {
    dns_build_reverse(domain, rbuffer);
    domain = rbuffer;
    }

  DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);

  /* Do the lookup and sort out the result. There are three special types that
  are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
  a special lookup function so that the facility could be used from other
  parts of the Exim code. The latter affects only what happens later on in
  this function, but for tidiness it is handled in a similar way. If the
  lookup fails, continue with the next domain. In the case of DEFER, adjust
  the final "nothing found" result, but carry on to the next domain. */

  found = domain;
  rc = dns_special_lookup(&dnsa, domain, type, &found);

  if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
  if (rc != DNS_SUCCEED)
    {
    if (defer_mode == DEFER) return DEFER;          /* always defer */
      else if (defer_mode == PASS) failrc = DEFER;  /* defer only if all do */
    continue;                                       /* treat defer as fail */
    }

  /* Search the returned records */

  for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
       rr != NULL;
       rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
    {
    if (rr->type != searchtype) continue;

    /* There may be several addresses from an A6 record. Put the configured
    separator between them, just as for between several records. However, A6
    support is not normally configured these days. */

    if (type == T_A ||
        #ifdef SUPPORT_A6
        type == T_A6 ||
        #endif
        type == T_AAAA)
      {
      dns_address *da;
      for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
        {
        if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
        yield = string_cat(yield, &size, &ptr, da->address,
          Ustrlen(da->address));
        }
      continue;
      }

    /* Other kinds of record just have one piece of data each, but there may be
    several of them, of course. */

    if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);

    if (type == T_TXT || type == T_SPF)
      {
      if (outsep2 == NULL)
        {
        /* output only the first item of data */
        yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
          (rr->data)[0]);
        }
      else
        {
        /* output all items */
        int data_offset = 0;
        while (data_offset < rr->size)
          {
          uschar chunk_len = (rr->data)[data_offset++];
          if (outsep2[0] != '\0' && data_offset != 1)
            yield = string_cat(yield, &size, &ptr, outsep2, 1);
          yield = string_cat(yield, &size, &ptr,
                             (uschar *)((rr->data)+data_offset), chunk_len);
          data_offset += chunk_len;
          }
        }
      }
    else   /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
      {
      int priority, weight, port;
      uschar s[264];
      uschar *p = (uschar *)(rr->data);

      if (type == T_MXH)
        {
        /* mxh ignores the priority number and includes only the hostnames */
        GETSHORT(priority, p);
        }
      else if (type == T_MX)
        {
        GETSHORT(priority, p);
        sprintf(CS s, "%d ", priority);
        yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
        }
      else if (type == T_SRV)
        {
        GETSHORT(priority, p);
        GETSHORT(weight, p);
        GETSHORT(port, p);
        sprintf(CS s, "%d %d %d ", priority, weight, port);
        yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
        }
      else if (type == T_CSA)
        {
        /* See acl_verify_csa() for more comments about CSA. */

        GETSHORT(priority, p);
        GETSHORT(weight, p);
        GETSHORT(port, p);

        if (priority != 1) continue;      /* CSA version must be 1 */

        /* If the CSA record we found is not the one we asked for, analyse
        the subdomain assertions in the port field, else analyse the direct
        authorization status in the weight field. */

        if (found != domain)
          {
          if (port & 1) *s = 'X';         /* explicit authorization required */
          else *s = '?';                  /* no subdomain assertions here */
          }
        else
          {
          if (weight < 2) *s = 'N';       /* not authorized */
          else if (weight == 2) *s = 'Y'; /* authorized */
          else if (weight == 3) *s = '?'; /* unauthorizable */
          else continue;                  /* invalid */
          }

        s[1] = ' ';
        yield = string_cat(yield, &size, &ptr, s, 2);
        }

      /* GETSHORT() has advanced the pointer to the target domain. */

      rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
        (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));

      /* If an overlong response was received, the data will have been
      truncated and dn_expand may fail. */

      if (rc < 0)
        {
        log_write(0, LOG_MAIN, "host name alias list truncated: type=%s "
          "domain=%s", dns_text_type(type), domain);
        break;
        }
      else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
      }
    }    /* Loop for list of returned records */
  }      /* Loop for list of domains */

/* Reclaim unused memory */

store_reset(yield + ptr + 1);

/* If ptr == 0 we have not found anything. Otherwise, insert the terminating
zero and return the result. */

if (ptr == 0) return failrc;
yield[ptr] = 0;
*result = yield;
return OK;
}


/*************************************************
*         Version reporting entry point          *
*************************************************/

/* See local README for interface description. */

#include "../version.h"

void
dnsdb_version_report(FILE *f)
{
#ifdef DYNLOOKUP
fprintf(f, "Library version: DNSDB: Exim version %s\n", EXIM_VERSION_STR);
#endif
}


static lookup_info _lookup_info = {
  US"dnsdb",                     /* lookup name */
  lookup_querystyle,             /* query style */
  dnsdb_open,                    /* open function */
  NULL,                          /* check function */
  dnsdb_find,                    /* find function */
  NULL,                          /* no close function */
  NULL,                          /* no tidy function */
  NULL,                          /* no quoting function */
  dnsdb_version_report           /* version reporting */
};

#ifdef DYNLOOKUP
#define dnsdb_lookup_module_info _lookup_module_info
#endif

static lookup_info *_lookup_list[] = { &_lookup_info };
lookup_module_info dnsdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };

/* End of lookups/dnsdb.c */
Commit	Line	Data
0756eb3c PH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
c4ceed07	5	/* Copyright (c) University of Cambridge 1995 - 2012 */
0756eb3c PH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9	#include "lf_functions.h"
0756eb3c PH	10
	11
	12
	13	/* Ancient systems (e.g. SunOS4) don't appear to have T_TXT defined in their
	14	header files. */
	15
	16	#ifndef T_TXT
	17	#define T_TXT 16
	18	#endif
	19
eae0036b PP	20	/* Many systems do not have T_SPF. */
	21	#ifndef T_SPF
	22	#define T_SPF 99
	23	#endif
	24
0756eb3c PH	25	/* Table of recognized DNS record types and their integer values. */
0756eb3c PH	26
1ba28e2b	27	static const char *type_names[] = {
0756eb3c PH	28	"a",
	29	#if HAVE_IPV6
	30	"aaaa",
	31	#ifdef SUPPORT_A6
	32	"a6",
	33	#endif
	34	#endif
	35	"cname",
e5a9dba6	36	"csa",
0756eb3c	37	"mx",
ea3bc19b	38	"mxh",
0756eb3c PH	39	"ns",
0756eb3c PH	40	"ptr",
eae0036b	41	"spf",
0756eb3c	42	"srv",
33397d19	43	"txt",
8e669ac1	44	"zns"
33397d19	45	};
0756eb3c PH	46
	47	static int type_values[] = {
	48	T_A,
	49	#if HAVE_IPV6
	50	T_AAAA,
	51	#ifdef SUPPORT_A6
	52	T_A6,
	53	#endif
	54	#endif
	55	T_CNAME,
e5a9dba6	56	T_CSA, /* Private type for "Client SMTP Authorization". */
0756eb3c	57	T_MX,
ea3bc19b	58	T_MXH, /* Private type for "MX hostnames" */
0756eb3c PH	59	T_NS,
0756eb3c PH	60	T_PTR,
eae0036b	61	T_SPF,
0756eb3c	62	T_SRV,
33397d19 PH	63	T_TXT,
	64	T_ZNS /* Private type for "zone nameservers" */
	65	};
0756eb3c PH	66
	67
	68	/*************************************************
	69	* Open entry point *
	70	*************************************************/
	71
	72	/* See local README for interface description. */
	73
e6d225ae	74	static void *
0756eb3c PH	75	dnsdb_open(uschar filename, uschar *errmsg)
	76	{
	77	filename = filename; /* Keep picky compilers happy */
	78	errmsg = errmsg; /* Ditto */
	79	return (void )(-1); / Any non-0 value */
	80	}
	81
	82
	83
	84	/*************************************************
	85	* Find entry point for dnsdb *
	86	*************************************************/
	87
7bb56e1f PH	88	/* See local README for interface description. The query in the "keystring" may
	89	consist of a number of parts.
	90
8e669ac1 PH	91	(a) If the first significant character is '>' then the next character is the
8e669ac1 PH	92	separator character that is used when multiple records are found. The default
7bb56e1f PH	93	separator is newline.
7bb56e1f PH	94
0d0c6357 NM	95	(b) If the next character is ',' then the next character is the separator
	96	character used for multiple items of text in "TXT" records. Alternatively,
	97	if the next character is ';' then these multiple items are concatenated with
	98	no separator. With neither of these options specified, only the first item
8ee4b30e PP	99	is output. Similarly for "SPF" records, but the default for joining multiple
8ee4b30e PP	100	items in one SPF record is the empty string, for direct concatenation.
0d0c6357 NM	101
0d0c6357 NM	102	(c) If the next sequence of characters is 'defer_FOO' followed by a comma,
ff4dbb19 PH	103	the defer behaviour is set to FOO. The possible behaviours are: 'strict', where
	104	any defer causes the whole lookup to defer; 'lax', where a defer causes the
	105	whole lookup to defer only if none of the DNS queries succeeds; and 'never',
	106	where all defers are as if the lookup failed. The default is 'lax'.
	107
0d0c6357	108	(d) If the next sequence of characters is a sequence of letters and digits
8e669ac1	109	followed by '=', it is interpreted as the name of the DNS record type. The
ff4dbb19	110	default is "TXT".
7bb56e1f	111
0d0c6357	112	(e) Then there follows list of domain names. This is a generalized Exim list,
8e669ac1	113	which may start with '<' in order to set a specific separator. The default
7bb56e1f	114	separator, as always, is colon. */
0756eb3c	115
e6d225ae	116	static int
0756eb3c PH	117	dnsdb_find(void handle, uschar filename, uschar *keystring, int length,
	118	uschar result, uschar errmsg, BOOL *do_cache)
	119	{
	120	int rc;
	121	int size = 256;
	122	int ptr = 0;
7bb56e1f	123	int sep = 0;
ff4dbb19	124	int defer_mode = PASS;
0756eb3c	125	int type = T_TXT;
c38d6da9	126	int failrc = FAIL;
7bb56e1f	127	uschar *outsep = US"\n";
0d0c6357	128	uschar *outsep2 = NULL;
e5a9dba6	129	uschar equals, domain, *found;
0756eb3c PH	130	uschar buffer[256];
	131
	132	/* Because we're the working in the search pool, we try to reclaim as much
	133	store as possible later, so we preallocate the result here */
	134
	135	uschar *yield = store_get(size);
	136
	137	dns_record *rr;
	138	dns_answer dnsa;
	139	dns_scan dnss;
	140
	141	handle = handle; /* Keep picky compilers happy */
	142	filename = filename;
	143	length = length;
	144	do_cache = do_cache;
	145
0d0c6357 NM	146	/* If the string starts with '>' we change the output separator.
0d0c6357 NM	147	If it's followed by ';' or ',' we set the TXT output separator. */
0756eb3c	148
7bb56e1f PH	149	while (isspace(*keystring)) keystring++;
7bb56e1f PH	150	if (*keystring == '>')
0756eb3c	151	{
7bb56e1f	152	outsep = keystring + 1;
8e669ac1	153	keystring += 2;
0d0c6357 NM	154	if (*keystring == ',')
	155	{
	156	outsep2 = keystring + 1;
	157	keystring += 2;
	158	}
	159	else if (*keystring == ';')
	160	{
	161	outsep2 = US"";
	162	keystring++;
	163	}
7bb56e1f	164	while (isspace(*keystring)) keystring++;
8e669ac1	165	}
7bb56e1f	166
8ee4b30e PP	167	/* SPF strings should be concatenated without a separator, thus make
	168	it the default if not defined (see RFC 4408 section 3.1.3).
	169	Multiple SPF records are forbidden (section 3.1.2) but are currently
	170	not handled specially, thus they are concatenated with \n by default. */
	171
	172	if (type == T_SPF && outsep2 == NULL)
	173	outsep2 = US"";
	174
ff4dbb19 PH	175	/* Check for a defer behaviour keyword. */
	176
	177	if (strncmpic(keystring, US"defer_", 6) == 0)
	178	{
	179	keystring += 6;
	180	if (strncmpic(keystring, US"strict", 6) == 0)
	181	{
	182	defer_mode = DEFER;
	183	keystring += 6;
	184	}
	185	else if (strncmpic(keystring, US"lax", 3) == 0)
	186	{
	187	defer_mode = PASS;
	188	keystring += 3;
	189	}
	190	else if (strncmpic(keystring, US"never", 5) == 0)
	191	{
	192	defer_mode = OK;
	193	keystring += 5;
	194	}
	195	else
	196	{
	197	*errmsg = US"unsupported dnsdb defer behaviour";
	198	return DEFER;
	199	}
	200	while (isspace(*keystring)) keystring++;
	201	if (*keystring++ != ',')
	202	{
	203	*errmsg = US"dnsdb defer behaviour syntax error";
	204	return DEFER;
	205	}
	206	while (isspace(*keystring)) keystring++;
	207	}
	208
7bb56e1f PH	209	/* If the keystring contains an = this must be preceded by a valid type name. */
	210
	211	if ((equals = Ustrchr(keystring, '=')) != NULL)
	212	{
	213	int i, len;
	214	uschar *tend = equals;
8e669ac1 PH	215
	216	while (tend > keystring && isspace(tend[-1])) tend--;
	217	len = tend - keystring;
	218
0756eb3c PH	219	for (i = 0; i < sizeof(type_names)/sizeof(uschar *); i++)
	220	{
	221	if (len == Ustrlen(type_names[i]) &&
	222	strncmpic(keystring, US type_names[i], len) == 0)
	223	{
	224	type = type_values[i];
	225	break;
	226	}
	227	}
8e669ac1	228
0756eb3c PH	229	if (i >= sizeof(type_names)/sizeof(uschar *))
	230	{
	231	*errmsg = US"unsupported DNS record type";
	232	return DEFER;
	233	}
8e669ac1	234
7bb56e1f PH	235	keystring = equals + 1;
7bb56e1f PH	236	while (isspace(*keystring)) keystring++;
0756eb3c	237	}
8e669ac1	238
7bb56e1f	239	/* Initialize the resolver in case this is the first time it has been used. */
0756eb3c PH	240
0756eb3c PH	241	dns_init(FALSE, FALSE);
0756eb3c	242
8e669ac1 PH	243	/* The remainder of the string must be a list of domains. As long as the lookup
	244	for at least one of them succeeds, we return success. Failure means that none
	245	of them were found.
0756eb3c	246
8e669ac1 PH	247	The original implementation did not support a list of domains. Adding the list
	248	feature is compatible, except in one case: when PTR records are being looked up
	249	for a single IPv6 address. Fortunately, we can hack in a compatibility feature
	250	here: If the type is PTR and no list separator is specified, and the entire
	251	remaining string is valid as an IP address, set an impossible separator so that
7bb56e1f	252	it is treated as one item. */
33397d19	253
7bb56e1f	254	if (type == T_PTR && keystring[0] != '<' &&
7e66e54d	255	string_is_ip_address(keystring, NULL) != 0)
7bb56e1f	256	sep = -1;
0756eb3c	257
7bb56e1f	258	/* Now scan the list and do a lookup for each item */
0756eb3c	259
8e669ac1	260	while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
7bb56e1f	261	!= NULL)
8e669ac1	262	{
7bb56e1f	263	uschar rbuffer[256];
e5a9dba6 PH	264	int searchtype = (type == T_CSA)? T_SRV : /* record type we want */
	265	(type == T_MXH)? T_MX :
	266	(type == T_ZNS)? T_NS : type;
	267
	268	/* If the type is PTR or CSA, we have to construct the relevant magic lookup
	269	key if the original is an IP address (some experimental protocols are using
	270	PTR records for different purposes where the key string is a host name, and
	271	Exim's extended CSA can be keyed by domains or IP addresses). This code for
	272	doing the reversal is now in a separate function. */
	273
	274	if ((type == T_PTR \|\| type == T_CSA) &&
7e66e54d	275	string_is_ip_address(domain, NULL) != 0)
0756eb3c	276	{
7bb56e1f PH	277	dns_build_reverse(domain, rbuffer);
7bb56e1f PH	278	domain = rbuffer;
0756eb3c	279	}
8e669ac1	280
7bb56e1f	281	DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
8e669ac1	282
28e6ef29 TF	283	/* Do the lookup and sort out the result. There are three special types that
	284	are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
	285	a special lookup function so that the facility could be used from other
	286	parts of the Exim code. The latter affects only what happens later on in
	287	this function, but for tidiness it is handled in a similar way. If the
	288	lookup fails, continue with the next domain. In the case of DEFER, adjust
	289	the final "nothing found" result, but carry on to the next domain. */
8e669ac1	290
e5a9dba6 PH	291	found = domain;
e5a9dba6 PH	292	rc = dns_special_lookup(&dnsa, domain, type, &found);
8e669ac1	293
7bb56e1f	294	if (rc == DNS_NOMATCH \|\| rc == DNS_NODATA) continue;
c38d6da9 PH	295	if (rc != DNS_SUCCEED)
c38d6da9 PH	296	{
ff4dbb19 PH	297	if (defer_mode == DEFER) return DEFER; /* always defer */
	298	else if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */
	299	continue; /* treat defer as fail */
c38d6da9	300	}
8e669ac1	301
ea3bc19b PH	302	/* Search the returned records */
ea3bc19b PH	303
7bb56e1f PH	304	for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
	305	rr != NULL;
	306	rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
0756eb3c	307	{
ea3bc19b	308	if (rr->type != searchtype) continue;
8e669ac1 PH	309
	310	/* There may be several addresses from an A6 record. Put the configured
	311	separator between them, just as for between several records. However, A6
7bb56e1f	312	support is not normally configured these days. */
8e669ac1	313
7bb56e1f PH	314	if (type == T_A \|\|
	315	#ifdef SUPPORT_A6
	316	type == T_A6 \|\|
	317	#endif
	318	type == T_AAAA)
0756eb3c	319	{
7bb56e1f PH	320	dns_address *da;
	321	for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
	322	{
	323	if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
8e669ac1	324	yield = string_cat(yield, &size, &ptr, da->address,
7bb56e1f PH	325	Ustrlen(da->address));
	326	}
	327	continue;
0756eb3c	328	}
8e669ac1 PH	329
8e669ac1 PH	330	/* Other kinds of record just have one piece of data each, but there may be
7bb56e1f	331	several of them, of course. */
8e669ac1	332
7bb56e1f	333	if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
8e669ac1	334
eae0036b	335	if (type == T_TXT \|\| type == T_SPF)
0756eb3c	336	{
0d0c6357 NM	337	if (outsep2 == NULL)
	338	{
	339	/* output only the first item of data */
	340	yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
	341	(rr->data)[0]);
	342	}
	343	else
80a47a2c	344	{
0d0c6357 NM	345	/* output all items */
	346	int data_offset = 0;
	347	while (data_offset < rr->size)
	348	{
	349	uschar chunk_len = (rr->data)[data_offset++];
	350	if (outsep2[0] != '\0' && data_offset != 1)
	351	yield = string_cat(yield, &size, &ptr, outsep2, 1);
	352	yield = string_cat(yield, &size, &ptr,
	353	(uschar *)((rr->data)+data_offset), chunk_len);
	354	data_offset += chunk_len;
	355	}
80a47a2c	356	}
0756eb3c	357	}
e5a9dba6	358	else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
0756eb3c	359	{
e5a9dba6	360	int priority, weight, port;
7bb56e1f PH	361	uschar s[264];
7bb56e1f PH	362	uschar p = (uschar )(rr->data);
8e669ac1	363
ea3bc19b PH	364	if (type == T_MXH)
	365	{
	366	/* mxh ignores the priority number and includes only the hostnames */
e5a9dba6	367	GETSHORT(priority, p);
ea3bc19b PH	368	}
ea3bc19b PH	369	else if (type == T_MX)
7bb56e1f	370	{
e5a9dba6 PH	371	GETSHORT(priority, p);
e5a9dba6 PH	372	sprintf(CS s, "%d ", priority);
7bb56e1f PH	373	yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
	374	}
	375	else if (type == T_SRV)
	376	{
e5a9dba6	377	GETSHORT(priority, p);
7bb56e1f PH	378	GETSHORT(weight, p);
7bb56e1f PH	379	GETSHORT(port, p);
e5a9dba6	380	sprintf(CS s, "%d %d %d ", priority, weight, port);
7bb56e1f PH	381	yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
7bb56e1f PH	382	}
e5a9dba6 PH	383	else if (type == T_CSA)
	384	{
	385	/* See acl_verify_csa() for more comments about CSA. */
	386
	387	GETSHORT(priority, p);
	388	GETSHORT(weight, p);
	389	GETSHORT(port, p);
	390
	391	if (priority != 1) continue; /* CSA version must be 1 */
	392
	393	/* If the CSA record we found is not the one we asked for, analyse
	394	the subdomain assertions in the port field, else analyse the direct
	395	authorization status in the weight field. */
	396
	397	if (found != domain)
	398	{
	399	if (port & 1) s = 'X'; / explicit authorization required */
	400	else s = '?'; / no subdomain assertions here */
	401	}
	402	else
	403	{
	404	if (weight < 2) s = 'N'; / not authorized */
	405	else if (weight == 2) s = 'Y'; / authorized */
	406	else if (weight == 3) s = '?'; / unauthorizable */
	407	else continue; /* invalid */
	408	}
	409
	410	s[1] = ' ';
	411	yield = string_cat(yield, &size, &ptr, s, 2);
	412	}
	413
	414	/* GETSHORT() has advanced the pointer to the target domain. */
8e669ac1	415
7bb56e1f PH	416	rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
7bb56e1f PH	417	(DN_EXPAND_ARG4_TYPE)(s), sizeof(s));
8e669ac1	418
7bb56e1f PH	419	/* If an overlong response was received, the data will have been
7bb56e1f PH	420	truncated and dn_expand may fail. */
8e669ac1	421
7bb56e1f PH	422	if (rc < 0)
	423	{
	424	log_write(0, LOG_MAIN, "host name alias list truncated: type=%s "
	425	"domain=%s", dns_text_type(type), domain);
	426	break;
	427	}
	428	else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
0756eb3c	429	}
7bb56e1f PH	430	} /* Loop for list of returned records */
	431	} /* Loop for list of domains */
	432
	433	/* Reclaim unused memory */
0756eb3c	434
7bb56e1f PH	435	store_reset(yield + ptr + 1);
7bb56e1f PH	436
8e669ac1	437	/* If ptr == 0 we have not found anything. Otherwise, insert the terminating
7bb56e1f PH	438	zero and return the result. */
7bb56e1f PH	439
c38d6da9	440	if (ptr == 0) return failrc;
0756eb3c	441	yield[ptr] = 0;
0756eb3c	442	*result = yield;
0756eb3c PH	443	return OK;
	444	}
	445
6545de78 PP	446
	447
	448	/*************************************************
	449	* Version reporting entry point *
	450	*************************************************/
	451
	452	/* See local README for interface description. */
	453
	454	#include "../version.h"
	455
	456	void
	457	dnsdb_version_report(FILE *f)
	458	{
	459	#ifdef DYNLOOKUP
	460	fprintf(f, "Library version: DNSDB: Exim version %s\n", EXIM_VERSION_STR);
	461	#endif
	462	}
	463
	464
e6d225ae DW	465	static lookup_info _lookup_info = {
	466	US"dnsdb", /* lookup name */
	467	lookup_querystyle, /* query style */
	468	dnsdb_open, /* open function */
	469	NULL, /* check function */
	470	dnsdb_find, /* find function */
	471	NULL, /* no close function */
	472	NULL, /* no tidy function */
6545de78 PP	473	NULL, /* no quoting function */
6545de78 PP	474	dnsdb_version_report /* version reporting */
e6d225ae DW	475	};
	476
	477	#ifdef DYNLOOKUP
	478	#define dnsdb_lookup_module_info _lookup_module_info
	479	#endif
	480
	481	static lookup_info *_lookup_list[] = { &_lookup_info };
	482	lookup_module_info dnsdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };
	483
0756eb3c	484	/* End of lookups/dnsdb.c */