X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fsrc%2Facl.c;h=799af39c3e72fefa9570cfda5bd6282d186c3cda;hb=44e90dfa8316518d0fcba106c9fc083a56e15101;hp=c8ad795fee834bc4ce95ae17ff922aaaf616d7f0;hpb=6d95688d6a272297a6a47f2fd2695cc8e5b8b730;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/acl.c b/src/src/acl.c
index c8ad795fe..799af39c3 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -70,7 +70,7 @@ enum { ACLC_ACL,
        ACLC_DKIM_SIGNER,
        ACLC_DKIM_STATUS,
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
        ACLC_DMARC_STATUS,
 #endif
        ACLC_DNSLISTS,
@@ -192,7 +192,7 @@ static condition_def conditions[] = {
   [ACLC_DKIM_SIGNER] =		{ US"dkim_signers",	TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
   [ACLC_DKIM_STATUS] =		{ US"dkim_status",	TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
   [ACLC_DMARC_STATUS] =		{ US"dmarc_status",	TRUE, FALSE, (unsigned int) ~ACL_BIT_DATA },
 #endif
 
@@ -346,7 +346,7 @@ enum {
 #ifndef DISABLE_DKIM
   CONTROL_DKIM_VERIFY,
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
   CONTROL_DMARC_VERIFY,
   CONTROL_DMARC_FORENSIC,
 #endif
@@ -417,7 +417,7 @@ static control_def controls_list[] = {
   },
 #endif
 
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
 [CONTROL_DMARC_VERIFY] =
   { US"dmarc_disable_verify",    FALSE,
 	  ACL_BIT_DATA | ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
@@ -1310,7 +1310,7 @@ acl_verify_csa(const uschar *domain)
 tree_node *t;
 const uschar *found;
 int priority, weight, port;
-dns_answer dnsa;
+dns_answer * dnsa = store_get_dns_answer();
 dns_scan dnss;
 dns_record *rr;
 int rc, type;
@@ -1345,8 +1345,7 @@ extension to CSA, so we allow it to be turned off for proper conformance. */
 if (string_is_ip_address(domain, NULL) != 0)
   {
   if (!dns_csa_use_reverse) return CSA_UNKNOWN;
-  dns_build_reverse(domain, target);
-  domain = target;
+  domain = dns_build_reverse(domain);
   }
 
 /* Find out if we've already done the CSA check for this domain. If we have,
@@ -1364,7 +1363,7 @@ Ustrcpy(t->name, domain);
 /* Now we are ready to do the actual DNS lookup(s). */
 
 found = domain;
-switch (dns_special_lookup(&dnsa, domain, T_CSA, &found))
+switch (dns_special_lookup(dnsa, domain, T_CSA, &found))
   {
   /* If something bad happened (most commonly DNS_AGAIN), defer. */
 
@@ -1385,9 +1384,9 @@ switch (dns_special_lookup(&dnsa, domain, T_CSA, &found))
 
 /* Scan the reply for well-formed CSA SRV records. */
 
-for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
      rr;
-     rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV)
+     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_SRV)
   {
   const uschar * p = rr->data;
 
@@ -1427,7 +1426,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
   client's IP address is listed as one of the SRV target addresses. Save the
   target hostname then break to scan the additional data for its addresses. */
 
-  (void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
+  (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, p,
     (DN_EXPAND_ARG4_TYPE)target, sizeof(target));
 
   DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target);
@@ -1452,7 +1451,7 @@ to the target. If the name server didn't return any additional data (e.g.
 because it does not fully support SRV records), we need to do another lookup
 to obtain the target addresses; otherwise we have a definitive result. */
 
-rc = acl_verify_csa_address(&dnsa, &dnss, RESET_ADDITIONAL, target);
+rc = acl_verify_csa_address(dnsa, &dnss, RESET_ADDITIONAL, target);
 if (rc != CSA_FAIL_NOADDR) return t->data.val = rc;
 
 /* The DNS lookup type corresponds to the IP version used by the client. */
@@ -1466,7 +1465,7 @@ else
 
 
 lookup_dnssec_authenticated = NULL;
-switch (dns_lookup(&dnsa, target, type, NULL))
+switch (dns_lookup(dnsa, target, type, NULL))
   {
   /* If something bad happened (most commonly DNS_AGAIN), defer. */
 
@@ -1476,7 +1475,7 @@ switch (dns_lookup(&dnsa, target, type, NULL))
   /* If the query succeeded, scan the addresses and return the result. */
 
   case DNS_SUCCEED:
-    rc = acl_verify_csa_address(&dnsa, &dnss, RESET_ANSWERS, target);
+    rc = acl_verify_csa_address(dnsa, &dnss, RESET_ANSWERS, target);
     if (rc != CSA_FAIL_NOADDR) return t->data.val = rc;
     /* else fall through */
 
@@ -3029,18 +3028,18 @@ for (; cb; cb = cb->next)
 	break;
 	#endif
 
-	#ifndef DISABLE_DKIM
+#ifndef DISABLE_DKIM
 	case CONTROL_DKIM_VERIFY:
 	f.dkim_disable_verify = TRUE;
-	#ifdef EXPERIMENTAL_DMARC
+# ifdef SUPPORT_DMARC
 	/* Since DKIM was blocked, skip DMARC too */
 	f.dmarc_disable_verify = TRUE;
 	f.dmarc_enable_forensic = FALSE;
-	#endif
+# endif
 	break;
-	#endif
+#endif
 
-	#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
 	case CONTROL_DMARC_VERIFY:
 	f.dmarc_disable_verify = TRUE;
 	break;
@@ -3048,7 +3047,7 @@ for (; cb; cb = cb->next)
 	case CONTROL_DMARC_FORENSIC:
 	f.dmarc_enable_forensic = TRUE;
 	break;
-	#endif
+#endif
 
 	case CONTROL_DSCP:
 	if (*p == '/')
@@ -3442,7 +3441,7 @@ for (; cb; cb = cb->next)
     break;
     #endif
 
-    #ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
     case ACLC_DMARC_STATUS:
     if (!f.dmarc_has_been_checked)
       dmarc_process();
@@ -3452,7 +3451,7 @@ for (; cb; cb = cb->next)
     rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
                         &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
     break;
-    #endif
+#endif
 
     case ACLC_DNSLISTS:
     rc = verify_check_dnsbl(where, &arg, log_msgptr);