"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dns/dns_lookup.c" between
postfix-3.5.8.tar.gz and postfix-3.5.9.tar.gz

About: Postfix is a mail system (an alternative to sendmail).

dns_lookup.c  (postfix-3.5.8):dns_lookup.c  (postfix-3.5.9)
skipping to change at line 174 skipping to change at line 174
/* list of requested resource records. /* list of requested resource records.
/* .IP fqdn /* .IP fqdn
/* A null pointer, or storage for the fully-qualified domain /* A null pointer, or storage for the fully-qualified domain
/* name found for \fIname\fR. /* name found for \fIname\fR.
/* .IP why /* .IP why
/* A null pointer, or storage for the reason for failure. /* A null pointer, or storage for the reason for failure.
/* .IP rcode /* .IP rcode
/* Pointer to storage for the reply RCODE value. This gives /* Pointer to storage for the reply RCODE value. This gives
/* more detailed information than DNS_FAIL, DNS_RETRY, etc. /* more detailed information than DNS_FAIL, DNS_RETRY, etc.
/* DIAGNOSTICS /* DIAGNOSTICS
/* If DNSSEC validation is requested but the response is not
/* DNSSEC validated, dns_lookup() will send a one-time probe
/* query as configured with the \fBdnssec_probe\fR configuration
/* parameter, and will log a warning when the probe response
/* was not DNSSEC validated.
/* .PP
/* dns_lookup() returns one of the following codes and sets the /* dns_lookup() returns one of the following codes and sets the
/* \fIwhy\fR argument accordingly: /* \fIwhy\fR argument accordingly:
/* .IP DNS_OK /* .IP DNS_OK
/* The DNS query succeeded. /* The DNS query succeeded.
/* .IP DNS_POLICY /* .IP DNS_POLICY
/* The DNS query succeeded, but the answer did not pass the /* The DNS query succeeded, but the answer did not pass the
/* policy filter. /* policy filter.
/* .IP DNS_NOTFOUND /* .IP DNS_NOTFOUND
/* The DNS query succeeded; the requested information was not found. /* The DNS query succeeded; the requested information was not found.
/* .IP DNS_NULLMX /* .IP DNS_NULLMX
skipping to change at line 466 skipping to change at line 472
#define USER_FLAGS (RES_DEBUG | RES_DNSRCH | RES_DEFNAMES | RES_USE_DNSSEC) #define USER_FLAGS (RES_DEBUG | RES_DNSRCH | RES_DEFNAMES | RES_USE_DNSSEC)
if ((flags & USER_FLAGS) != flags) if ((flags & USER_FLAGS) != flags)
msg_panic("dns_query: bad flags: %d", flags); msg_panic("dns_query: bad flags: %d", flags);
/* /*
* Set extra options that aren't exposed to the application. * Set extra options that aren't exposed to the application.
*/ */
#define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD) #define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD)
if (flags & RES_USE_DNSSEC) if (DNS_WANT_DNSSEC_VALIDATION(flags))
flags |= (RES_USE_EDNS0 | RES_TRUSTAD); flags |= (RES_USE_EDNS0 | RES_TRUSTAD);
/* /*
* Can't append domains: we need the right SOA TTL. * Can't append domains: we need the right SOA TTL.
*/ */
#define APPEND_DOMAIN_FLAGS (RES_DNSRCH | RES_DEFNAMES) #define APPEND_DOMAIN_FLAGS (RES_DNSRCH | RES_DEFNAMES)
if (keep_notfound && (flags & APPEND_DOMAIN_FLAGS)) { if (keep_notfound && (flags & APPEND_DOMAIN_FLAGS)) {
msg_warn("negative caching disables RES_DEFNAMES and RES_DNSRCH"); msg_warn("negative caching disables RES_DEFNAMES and RES_DNSRCH");
flags &= ~APPEND_DOMAIN_FLAGS; flags &= ~APPEND_DOMAIN_FLAGS;
skipping to change at line 513 skipping to change at line 519
reply->buf_len, keep_notfound); reply->buf_len, keep_notfound);
#endif #endif
} else { } else {
len = dns_res_search((char *) name, C_IN, type, reply->buf, len = dns_res_search((char *) name, C_IN, type, reply->buf,
reply->buf_len, keep_notfound); reply->buf_len, keep_notfound);
} }
_res.options &= ~flags; _res.options &= ~flags;
_res.options |= saved_options; _res.options |= saved_options;
reply_header = (HEADER *) reply->buf; reply_header = (HEADER *) reply->buf;
reply->rcode = reply_header->rcode; reply->rcode = reply_header->rcode;
if ((reply->dnssec_ad = !!reply_header->ad) != 0)
DNS_SEC_STATS_SET(DNS_SEC_FLAG_AVAILABLE);
if (h_errno != 0) { if (h_errno != 0) {
if (why) if (why)
vstring_sprintf(why, "Host or domain name not found. " vstring_sprintf(why, "Host or domain name not found. "
"Name service error for name=%s type=%s: %s", "Name service error for name=%s type=%s: %s",
name, dns_strtype(type), dns_strerror(h_errno)); name, dns_strtype(type), dns_strerror(h_errno));
if (msg_verbose) if (msg_verbose)
msg_info("dns_query: %s (%s): %s", msg_info("dns_query: %s (%s): %s",
name, dns_strtype(type), dns_strerror(h_errno)); name, dns_strtype(type), dns_strerror(h_errno));
switch (h_errno) { switch (h_errno) {
case NO_RECOVERY: case NO_RECOVERY:
skipping to change at line 564 skipping to change at line 572
* Paranoia. * Paranoia.
*/ */
if (len > reply->buf_len) { if (len > reply->buf_len) {
msg_warn("reply length %d > buffer length %d for name=%s type=%s", msg_warn("reply length %d > buffer length %d for name=%s type=%s",
len, (int) reply->buf_len, name, dns_strtype(type)); len, (int) reply->buf_len, name, dns_strtype(type));
len = reply->buf_len; len = reply->buf_len;
} }
/* /*
* Initialize the reply structure. Some structure members are filled on * Initialize the reply structure. Some structure members are filled on
* the fly while the reply is being parsed. Coerce AD bit to boolean. * the fly while the reply is being parsed.
*/ */
#if RES_USE_DNSSEC != 0
reply->dnssec_ad = (flags & RES_USE_DNSSEC) ? !!reply_header->ad : 0;
#else
reply->dnssec_ad = 0;
#endif
SET_HAVE_DNS_REPLY_PACKET(reply, len); SET_HAVE_DNS_REPLY_PACKET(reply, len);
reply->query_start = reply->buf + sizeof(HEADER); reply->query_start = reply->buf + sizeof(HEADER);
reply->answer_start = 0; reply->answer_start = 0;
reply->query_count = ntohs(reply_header->qdcount); reply->query_count = ntohs(reply_header->qdcount);
reply->answer_count = ntohs(reply_header->ancount); reply->answer_count = ntohs(reply_header->ancount);
reply->auth_count = ntohs(reply_header->nscount); reply->auth_count = ntohs(reply_header->nscount);
if (msg_verbose > 1) if (msg_verbose > 1)
msg_info("dns_query: reply len=%d ancount=%d nscount=%d", msg_info("dns_query: reply len=%d ancount=%d nscount=%d",
len, reply->answer_count, reply->auth_count); len, reply->answer_count, reply->auth_count);
skipping to change at line 888 skipping to change at line 891
CORRUPT(DNS_RETRY); CORRUPT(DNS_RETRY);
pos += len; pos += len;
/* /*
* Extract the fixed reply data: type, class, ttl, length. * Extract the fixed reply data: type, class, ttl, length.
*/ */
if (pos + RRFIXEDSZ > reply->end) if (pos + RRFIXEDSZ > reply->end)
CORRUPT(DNS_RETRY); CORRUPT(DNS_RETRY);
if ((status = dns_get_fixed(pos, &fixed)) != DNS_OK) if ((status = dns_get_fixed(pos, &fixed)) != DNS_OK)
CORRUPT(status); CORRUPT(status);
if (!valid_rr_name(rr_name, "resource name", fixed.type, reply)) if (strcmp(orig_name, ".") == 0 && *rr_name == 0)
/* Allow empty response name for root queries. */ ;
else if (!valid_rr_name(rr_name, "resource name", fixed.type, reply))
CORRUPT(DNS_INVAL); CORRUPT(DNS_INVAL);
if (fqdn) if (fqdn)
vstring_strcpy(fqdn, rr_name); vstring_strcpy(fqdn, rr_name);
if (msg_verbose) if (msg_verbose)
msg_info("dns_get_answer: type %s for %s", msg_info("dns_get_answer: type %s for %s",
dns_strtype(fixed.type), rr_name); dns_strtype(fixed.type), rr_name);
pos += RRFIXEDSZ; pos += RRFIXEDSZ;
/* /*
* Optionally extract the requested resource or CNAME data. * Optionally extract the requested resource or CNAME data.
skipping to change at line 976 skipping to change at line 981
name); name);
if (rcode) if (rcode)
*rcode = NXDOMAIN; *rcode = NXDOMAIN;
SET_H_ERRNO(HOST_NOT_FOUND); SET_H_ERRNO(HOST_NOT_FOUND);
return (DNS_NOTFOUND); return (DNS_NOTFOUND);
} }
/* /*
* The Linux resolver misbehaves when given an invalid domain name. * The Linux resolver misbehaves when given an invalid domain name.
*/ */
if (!valid_hostname(name, DONT_GRIPE)) { if (strcmp(name, ".") && !valid_hostname(name, DONT_GRIPE)) {
if (why) if (why)
vstring_sprintf(why, vstring_sprintf(why,
"Name service error for %s: invalid host or domain name", "Name service error for %s: invalid host or domain name",
name); name);
if (rcode) if (rcode)
*rcode = NXDOMAIN; *rcode = NXDOMAIN;
SET_H_ERRNO(HOST_NOT_FOUND); SET_H_ERRNO(HOST_NOT_FOUND);
return (DNS_NOTFOUND); return (DNS_NOTFOUND);
} }
skipping to change at line 1013 skipping to change at line 1018
* response, try to extract the negative caching TTL for the SOA * response, try to extract the negative caching TTL for the SOA
* record in the authority section. DO NOT return an error if an * record in the authority section. DO NOT return an error if an
* SOA record is malformed. * SOA record is malformed.
*/ */
if (status == DNS_NOTFOUND && TEST_HAVE_DNS_REPLY_PACKET(&reply) if (status == DNS_NOTFOUND && TEST_HAVE_DNS_REPLY_PACKET(&reply)
&& reply.auth_count > 0) { && reply.auth_count > 0) {
reply.answer_count = reply.auth_count; /* XXX TODO: Fix API */ reply.answer_count = reply.auth_count; /* XXX TODO: Fix API */
(void) dns_get_answer(orig_name, &reply, T_SOA, rrlist, fqdn, (void) dns_get_answer(orig_name, &reply, T_SOA, rrlist, fqdn,
cname, c_len, &maybe_secure); cname, c_len, &maybe_secure);
} }
if (DNS_WANT_DNSSEC_VALIDATION(flags)
&& !DNS_SEC_STATS_TEST(DNS_SEC_FLAG_AVAILABLE | \
DNS_SEC_FLAG_DONT_PROBE))
dns_sec_probe(flags); /* XXX Clobbers 'reply' */
return (status); return (status);
} }
/* /*
* Extract resource records of the requested type. Pick up CNAME * Extract resource records of the requested type. Pick up CNAME
* information just in case the requested data is not found. * information just in case the requested data is not found.
*/ */
status = dns_get_answer(orig_name, &reply, type, rrlist, fqdn, status = dns_get_answer(orig_name, &reply, type, rrlist, fqdn,
cname, c_len, &maybe_secure); cname, c_len, &maybe_secure);
if (DNS_WANT_DNSSEC_VALIDATION(flags)
&& !DNS_SEC_STATS_TEST(DNS_SEC_FLAG_AVAILABLE | \
DNS_SEC_FLAG_DONT_PROBE))
dns_sec_probe(flags); /* XXX Clobbers 'reply' */
switch (status) { switch (status) {
default: default:
if (why) if (why)
vstring_sprintf(why, "Name service error for name=%s type=%s: " vstring_sprintf(why, "Name service error for name=%s type=%s: "
"Malformed or unexpected name server reply", "Malformed or unexpected name server reply",
name, dns_strtype(type)); name, dns_strtype(type));
return (status); return (status);
case DNS_NULLMX: case DNS_NULLMX:
if (why) if (why)
vstring_sprintf(why, "Domain %s does not accept mail (nullMX)", vstring_sprintf(why, "Domain %s does not accept mail (nullMX)",
 End of changes. 9 change blocks. 
9 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)