X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Frouters%2Fdnslookup.c;h=9e230b1be492512ba6fe70bc35fdd5d2e2e92b38;hb=4c0a7a9cb02f9904c2e890f77ff8ce3a6beb25f4;hp=650e56d336c443195f4372ee1d6780799a5c197d;hpb=d43cbe256c751f2f2e8c9b55dd8a718967571c21;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c
index 650e56d33..9e230b1be 100644
--- a/src/src/routers/dnslookup.c
+++ b/src/src/routers/dnslookup.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) University of Cambridge 1995 - 2015 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -18,10 +18,6 @@ optionlist dnslookup_router_options[] = {
       (void *)(offsetof(dnslookup_router_options_block, check_secondary_mx)) },
   { "check_srv",          opt_stringptr,
       (void *)(offsetof(dnslookup_router_options_block, check_srv)) },
-  { "dnssec_request_domains",         opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, dnssec_request_domains)) },
-  { "dnssec_require_domains",         opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, dnssec_require_domains)) },
   { "fail_defer_domains", opt_stringptr,
       (void *)(offsetof(dnslookup_router_options_block, fail_defer_domains)) },
   { "mx_domains",         opt_stringptr,
@@ -48,6 +44,22 @@ address can appear in the tables drtables.c. */
 int dnslookup_router_options_count =
   sizeof(dnslookup_router_options)/sizeof(optionlist);
 
+
+#ifdef MACRO_PREDEF
+
+/* Dummy entries */
+dnslookup_router_options_block dnslookup_router_option_defaults = {0};
+void dnslookup_router_init(router_instance *rblock) {}
+int dnslookup_router_entry(router_instance *rblock, address_item *addr,
+  struct passwd *pw, int verify, address_item **addr_local,
+  address_item **addr_remote, address_item **addr_new,
+  address_item **addr_succeed) {return 0;}
+
+#else   /*!MACRO_PREDEF*/
+
+
+
+
 /* Default private options block for the dnslookup router. */
 
 dnslookup_router_options_block dnslookup_router_option_defaults = {
@@ -60,8 +72,6 @@ dnslookup_router_options_block dnslookup_router_option_defaults = {
   NULL,            /* mx_fail_domains */
   NULL,            /* srv_fail_domains */
   NULL,            /* check_srv */
-  NULL,            /* dnssec_request_domains */
-  NULL,            /* dnssec_require_domains */
   NULL             /* fail_defer_domains */
 };
 
@@ -271,8 +281,7 @@ for (;;)
 
   rc = host_find_bydns(&h, CUS rblock->ignore_target_hosts, flags, srv_service,
     ob->srv_fail_domains, ob->mx_fail_domains,
-    ob->dnssec_request_domains, ob->dnssec_require_domains,
-    &fully_qualified_name, &removed);
+    &rblock->dnssec, &fully_qualified_name, &removed);
   if (removed) setflag(addr, af_local_host_removed);
 
   /* If host found with only address records, test for the domain's being in
@@ -298,6 +307,11 @@ for (;;)
   /* Deferral returns forthwith, and anything other than failure breaks the
   loop. */
 
+  if (rc == HOST_FIND_SECURITY)
+    {
+    addr->message = US"host lookup done insecurely";
+    return DEFER;
+    }
   if (rc == HOST_FIND_AGAIN)
     {
     if (rblock->pass_on_timeout)
@@ -312,6 +326,22 @@ for (;;)
 
   if (rc != HOST_FIND_FAILED) break;
 
+  if (ob->fail_defer_domains)
+    switch(match_isinlist(fully_qualified_name,
+	  CUSS &ob->fail_defer_domains, 0,
+	  &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
+      {
+      case DEFER:
+	addr->message = US"lookup defer for fail_defer_domains option";
+	return DEFER;
+
+      case OK:
+	DEBUG(D_route) debug_printf("%s router: matched fail_defer_domains\n",
+	  rblock->name);
+	addr->message = US"missing MX, or all MXs point to missing A records,"
+	  " and defer requested";
+	return DEFER;
+      }
   /* Check to see if the failure is the result of MX records pointing to
   non-existent domains, and if so, set an appropriate error message; the case
   of an MX or SRV record pointing to "." is another special case that we can
@@ -342,22 +372,6 @@ for (;;)
           addr->message);
         }
       }
-    if (ob->fail_defer_domains)
-      {
-      switch(match_isinlist(fully_qualified_name,
-	    CUSS &ob->fail_defer_domains, 0,
-	    &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL))
-	{
-	case DEFER:
-	  addr->message = US"lookup defer for fail_defer_domains";
-	  return DEFER;
-
-	case OK:
-	  DEBUG(D_route) debug_printf("%s router: matched fail_defer_domains\n",
-	    rblock->name);
-	  return DEFER;
-	}
-      }
     return DECLINE;
     }
 
@@ -448,6 +462,7 @@ return rf_queue_add(addr, addr_local, addr_remote, rblock, pw)?
   OK : DEFER;
 }
 
+#endif   /*!MACRO_PREDEF*/
 /* End of routers/dnslookup.c */
 /* vi: aw ai sw=2
 */