X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Flookups%2Fdnsdb.c;h=ac0bff221ad8a45c3b5da7ebfba9cfb6b00a14c5;hb=55414b2;hp=6b4d55c4d0e560d825c5f5da0f9a4df55f0de570;hpb=66be95e02b2ba6a834a6dbee16061176ad85019a;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index 6b4d55c4d..ac0bff221 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -127,7 +127,7 @@ which may start with '<' in order to set a specific separator. The default separator, as always, is colon. */ static int -dnsdb_find(void *handle, uschar *filename, uschar *keystring, int length, +dnsdb_find(void *handle, uschar *filename, const uschar *keystring, int length, uschar **result, uschar **errmsg, BOOL *do_cache) { int rc; @@ -138,8 +138,8 @@ int defer_mode = PASS; int dnssec_mode = OK; int type; int failrc = FAIL; -uschar *outsep = US"\n"; -uschar *outsep2 = NULL; +const uschar *outsep = CUS"\n"; +const uschar *outsep2 = NULL; uschar *equals, *domain, *found; uschar buffer[256]; @@ -295,10 +295,15 @@ if (type == T_PTR && keystring[0] != '<' && /* SPF strings should be concatenated without a separator, thus make it the default if not defined (see RFC 4408 section 3.1.3). Multiple SPF records are forbidden (section 3.1.2) but are currently -not handled specially, thus they are concatenated with \n by default. */ +not handled specially, thus they are concatenated with \n by default. +MX priority and value are space-separated by default. +SRV and TLSA record parts are space-separated by default. */ -if (type == T_SPF && outsep2 == NULL) - outsep2 = US""; +if (!outsep2) switch(type) + { + case T_SPF: outsep2 = US""; break; + case T_SRV: case T_MX: case T_TLSA: outsep2 = US" "; break; + } /* Now scan the list and do a lookup for each item */ @@ -348,18 +353,18 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) # endif else if (searchtype == T_A6) searchtype = T_AAAA; else if (searchtype == T_AAAA) searchtype = T_A; - rc = dns_special_lookup(&dnsa, domain, searchtype, &found); + rc = dns_special_lookup(&dnsa, domain, searchtype, CUSS &found); } else #endif - rc = dns_special_lookup(&dnsa, domain, type, &found); + rc = dns_special_lookup(&dnsa, domain, type, CUSS &found); lookup_dnssec_authenticated = dnssec_mode==OK ? NULL : dns_is_secure(&dnsa) ? US"yes" : US"no"; if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue; if ( rc != DNS_SUCCEED - || dnssec_mode == DEFER && !dns_is_secure(&dnsa) + || (dnssec_mode == DEFER && !dns_is_secure(&dnsa)) ) { if (defer_mode == DEFER) @@ -442,7 +447,8 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) matching_type = *p++; /* What's left after removing the first 3 bytes above */ payload_length = rr->size - 3; - sp += sprintf(CS s, "%d %d %d ", usage, selector, matching_type); + sp += sprintf(CS s, "%d%c%d%c%d%c", usage, *outsep2, + selector, *outsep2, matching_type, *outsep2); /* Now append the cert/identifier, one hex char at a time */ for (i=0; i < payload_length && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4); @@ -466,7 +472,7 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) else if (type == T_MX) { GETSHORT(priority, p); - sprintf(CS s, "%d ", priority); + sprintf(CS s, "%d%c", priority, *outsep2); yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); } else if (type == T_SRV) @@ -474,7 +480,8 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) GETSHORT(priority, p); GETSHORT(weight, p); GETSHORT(port, p); - sprintf(CS s, "%d %d %d ", priority, weight, port); + sprintf(CS s, "%d%c%d%c%d%c", priority, *outsep2, + weight, *outsep2, port, *outsep2); yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); } else if (type == T_CSA) @@ -491,7 +498,7 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) the subdomain assertions in the port field, else analyse the direct authorization status in the weight field. */ - if (found != domain) + if (Ustrcmp(found, domain) != 0) { if (port & 1) *s = 'X'; /* explicit authorization required */ else *s = '?'; /* no subdomain assertions here */