Henrik Larsson:
> > That always sets MA_FIND_PDMS and therefore always matches the
> > subdomain. Corrected patch follows.
>
> I have tested the new patch, and that works for my use case as well.
>
> In both cases, the recipient using a subdomain of the access map was
> blocked.
That is because the implementation does not work as promised :-)
When both MA_FIND_PDDMDS and MA_FIND_PDMS are specified, the flag
MA_FIND_PDDMDS (parent dot-domain matches dot-subdomain) happens
to take precedence over the flag MA_FIND_PDMS (parent-domain matches
subdomain). That's now how the code promises to work.
/*
* Try domain (optionally, subdomains).
*/
if (result == 0 && path->error == 0 && ratsign != 0
&& (strategy & MA_FIND_DOMAIN) != 0) {
const char *name;
const char *next;
for (name = ratsign + 1; *name != 0; name = next) {
if ((result = maps_find(path, name, PARTIAL)) != 0
|| path->error != 0
|| (strategy & (MA_FIND_PDMS | MA_FIND_PDDMDS)) == 0
|| (next = strchr(name + 1, '.')) == 0)
break;
if ((strategy & MA_FIND_PDDMDS) == 0)
next++;
}
}
However, no reasonable code would enable both flags, so perhaps it
is sufficient to just log a warning when that happens. Making it
this code work "correctly" would also make the code uglier.
Wietse
