Re: PATCH: Access map matches sub domain with empty parent_domain_matches_subdomains

[Wietse Venema]

> -#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \
> -                      | MA_FIND_PDMS | MA_FIND_LOCALPART_AT)
> +    lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN
> +     | MA_FIND_PDMS | MA_FIND_LOCALPART_AT
> +     | (access_parent_style == MATCH_FLAG_PARENT ?
> +        MA_FIND_PDMS : MA_FIND_PDDMDS);

That always sets MA_FIND_PDMS and therefore always matches the
subdomain. Corrected patch follows.

        Wietse

--- ./src/smtpd/smtpd_check.c-  2017-02-05 15:55:35.000000000 -0500
+++ ./src/smtpd/smtpd_check.c   2017-05-31 17:29:46.000000000 -0400
@@ -3174,6 +3174,7 @@
     const char *myname = "check_mail_access";
     const RESOLVE_REPLY *reply;
     const char *value;
+    int     lookup_strategy;
     int     status;
     MAPS   *maps;
 
@@ -3213,8 +3214,10 @@
      * Look up user+foo@domain if the address has an extension, user@domain
      * otherwise.
      */
-#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \
-                        | MA_FIND_PDMS | MA_FIND_LOCALPART_AT)
+    lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN
+       | MA_FIND_LOCALPART_AT
+       | (access_parent_style == MATCH_FLAG_PARENT ?
+          MA_FIND_PDMS : MA_FIND_PDDMDS);
 
     if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) {
        msg_warn("%s: unexpected dictionary: %s", myname, table);
@@ -3225,7 +3228,7 @@
                                   def_acl));
     }
     if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient),
-                                     (char **) 0, LOOKUP_STRATEGY)) != 0) {
+                                     (char **) 0, lookup_strategy)) != 0) {
        *found = 1;
        status = check_table_result(state, table, value,
                                    CONST_STR(reply->recipient),