tom 2009/04/09 14:57:22 BST
Modified files: (Branch: DEVEL_PDKIM)
exim-src/src dkim.c dkim.h globals.c globals.h
receive.c smtp_in.c spool_in.c tls-gnu.c
tls-openssl.c
exim-src/src/pdkim pdkim.h
Log:
Add verification glue code
Revision Changes Path
1.1.2.6 +97 -3 exim/exim-src/src/dkim.c
1.1.2.3 +5 -4 exim/exim-src/src/dkim.h
1.81.2.2 +2 -1 exim/exim-src/src/globals.c
1.62.2.2 +1 -0 exim/exim-src/src/globals.h
1.1.2.10 +1 -1 exim/exim-src/src/pdkim/pdkim.h
1.45.2.2 +4 -4 exim/exim-src/src/receive.c
1.63.2.2 +4 -0 exim/exim-src/src/smtp_in.c
1.23.2.2 +1 -0 exim/exim-src/src/spool_in.c
1.20.2.1 +3 -1 exim/exim-src/src/tls-gnu.c
1.13.2.1 +3 -1 exim/exim-src/src/tls-openssl.c
Index: dkim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/Attic/dkim.c,v
retrieving revision 1.1.2.5
retrieving revision 1.1.2.6
diff -u -r1.1.2.5 -r1.1.2.6
--- dkim.c 17 Mar 2009 21:44:10 -0000 1.1.2.5
+++ dkim.c 9 Apr 2009 13:57:21 -0000 1.1.2.6
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.5 2009/03/17 21:44:10 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.6 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -16,17 +16,111 @@
#include "pdkim/pdkim.h"
+pdkim_ctx *dkim_verify_ctx = NULL;
+pdkim_signature *dkim_signatures = NULL;
-void dkim_exim_verify_init(void) {
+int dkim_exim_query_dns_txt(char *name, char *answer) {
+ dns_answer dnsa;
+ dns_scan dnss;
+ dns_record *rr;
+
+ if (dns_lookup(&dnsa, (uschar *)name, T_TXT, NULL) != DNS_SUCCEED) return 1;
+
+ /* Search for TXT record */
+ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+ rr != NULL;
+ rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ if (rr->type == T_TXT) break;
+
+ /* Copy record content to the answer buffer */
+ if (rr != NULL) {
+ int len = (rr->data)[0];
+ //if (len > 511) len = 127; // ???
+ snprintf(answer, PDKIM_DNS_TXT_MAX_RECLEN, "%.*s", len, (char *)(rr->data+1));
+ }
+ else return 1;
+
+ return PDKIM_OK;
+}
+
+
+int dkim_exim_verify_init(void) {
+
+ /* Free previous context if there is one */
+ if (dkim_verify_ctx) pdkim_free_ctx(dkim_verify_ctx);
+
+ /* Create new context */
+ dkim_verify_ctx = pdkim_init_verify(PDKIM_INPUT_SMTP,
+ &dkim_exim_query_dns_txt
+ );
+
+ if (dkim_verify_ctx != NULL) {
+ dkim_collect_input = 1;
+ pdkim_set_debug_stream(dkim_verify_ctx,debug_file);
+ return 1;
+ }
+ else {
+ dkim_collect_input = 0;
+ return 0;
+ }
+}
+
+
+int dkim_exim_verify_feed(uschar *data, int len) {
+ if (pdkim_feed(dkim_verify_ctx,
+ (char *)data,
+ len) != PDKIM_OK) return 0;
+ return 1;
}
-void dkim_exim_verify_finish(void) {
+
+int dkim_exim_verify_finish(void) {
+ dkim_signatures = NULL;
+ dkim_collect_input = 0;
+ if (pdkim_feed_finish(dkim_verify_ctx,&dkim_signatures) != PDKIM_OK) return 0;
+
+ while (dkim_signatures != NULL) {
+ debug_printf("DKIM: Signature from domain '%s': ",dkim_signatures->domain);
+ switch(dkim_signatures->verify_status) {
+ case PDKIM_VERIFY_NONE:
+ debug_printf("not verified\n");
+ log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
+ "not verified", dkim_signatures->domain, dkim_signatures->selector);
+ break;
+ case PDKIM_VERIFY_INVALID:
+ debug_printf("invalid\n");
+ log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
+ "invalid", dkim_signatures->domain, dkim_signatures->selector);
+ break;
+ case PDKIM_VERIFY_FAIL:
+ debug_printf("verification failed\n");
+ log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
+ "verification failed", dkim_signatures->domain, dkim_signatures->selector);
+ break;
+ case PDKIM_VERIFY_PASS:
+ debug_printf("verification succeeded\n");
+ log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
+ "verification succeeded", dkim_signatures->domain, dkim_signatures->selector);
+ break;
+ }
+ /* Try next signature */
+ dkim_signatures = dkim_signatures->next;
+ }
+
+ return dkim_signatures?1:0;
}
+
int dkim_exim_verify_result(uschar *domain, uschar **result, uschar **error) {
+
+ if (dkim_verify_ctx) {
+
+ }
+
return OK;
}
+
uschar *dkim_exim_sign(int dkim_fd,
uschar *dkim_private_key,
uschar *dkim_domain,
@@ -132,7 +226,7 @@
NULL,
pdkim_canon,
pdkim_canon,
- 0,
+ -1,
PDKIM_ALGO_RSA_SHA256,
0,
0);
Index: dkim.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/Attic/dkim.h,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- dkim.h 24 Feb 2009 18:43:59 -0000 1.1.2.2
+++ dkim.h 9 Apr 2009 13:57:21 -0000 1.1.2.3
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/dkim.h,v 1.1.2.2 2009/02/24 18:43:59 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/dkim.h,v 1.1.2.3 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -7,15 +7,16 @@
/* Copyright (c) University of Cambridge 2009 */
/* See the file NOTICE for conditions of use and distribution. */
-uschar *dkim_exim_sign(int ,
+uschar *dkim_exim_sign(int,
uschar *,
uschar *,
uschar *,
uschar *,
uschar *);
-void dkim_exim_verify_init(void);
-void dkim_exim_verify_finish(void);
-int dkim_exim_verify_result(uschar *domain,
+int dkim_exim_verify_init(void);
+int dkim_exim_verify_feed(uschar *, int);
+int dkim_exim_verify_finish(void);
+int dkim_exim_verify_result(uschar *,
uschar **,
uschar **);
Index: globals.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.c,v
retrieving revision 1.81.2.1
retrieving revision 1.81.2.2
diff -u -r1.81.2.1 -r1.81.2.2
--- globals.c 24 Feb 2009 15:57:55 -0000 1.81.2.1
+++ globals.c 9 Apr 2009 13:57:21 -0000 1.81.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.c,v 1.81.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.c,v 1.81.2.2 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -391,7 +391,7 @@
int callout_cache_positive_expire = 24*60*60;
int callout_cache_negative_expire = 2*60*60;
uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing";
-uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W_](?>[a-z0-9/-]*[^\\W_])?)+$";
+uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\.?)$";
int check_log_inodes = 0;
int check_log_space = 0;
BOOL check_rfc2047_length = TRUE;
@@ -530,6 +530,7 @@
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
int dkim_do_verify = 0;
+int dkim_collect_input = 0;
#endif
uschar *dns_again_means_nonexist = NULL;
Index: globals.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.h,v
retrieving revision 1.62.2.1
retrieving revision 1.62.2.2
diff -u -r1.62.2.1 -r1.62.2.2
--- globals.h 24 Feb 2009 15:57:55 -0000 1.62.2.1
+++ globals.h 9 Apr 2009 13:57:21 -0000 1.62.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.h,v 1.62.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.h,v 1.62.2.2 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -299,6 +299,7 @@
extern uschar *dkim_signing_domain; /* Domain used for signing a message. */
extern uschar *dkim_signing_selector; /* Selector used for signing a message. */
extern int dkim_do_verify; /* DKIM verification switch. Set with ACL control statement. */
+extern int dkim_collect_input; /* Set during message reception, when SMTP input is to be fed to the validator. */
#endif
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
Index: receive.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/receive.c,v
retrieving revision 1.45.2.1
retrieving revision 1.45.2.2
diff -u -r1.45.2.1 -r1.45.2.2
--- receive.c 24 Feb 2009 15:57:55 -0000 1.45.2.1
+++ receive.c 9 Apr 2009 13:57:21 -0000 1.45.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/receive.c,v 1.45.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/receive.c,v 1.45.2.2 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1385,9 +1385,9 @@
max_received_linelength = 0;
#ifndef DISABLE_DKIM
-/* Call into DKIM to set up the context. Check if DKIM is to be run are carried out
- inside dkim_exim_verify_init(). */
-dkim_exim_verify_init();
+/* Call into DKIM to set up the context. */
+if (smtp_input && dkim_do_verify) dkim_do_verify = dkim_exim_verify_init();
+else dkim_do_verify = 0;
#endif
@@ -2971,7 +2971,7 @@
{
#ifndef DISABLE_DKIM
- dkim_exim_verify_finish();
+ if (dkim_do_verify) dkim_do_verify = dkim_exim_verify_finish();
#endif
#ifdef WITH_CONTENT_SCAN
Index: smtp_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
retrieving revision 1.63.2.1
retrieving revision 1.63.2.2
diff -u -r1.63.2.1 -r1.63.2.2
--- smtp_in.c 24 Feb 2009 15:57:55 -0000 1.63.2.1
+++ smtp_in.c 9 Apr 2009 13:57:21 -0000 1.63.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.63.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.63.2.2 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -264,6 +264,9 @@
else smtp_had_eof = 1;
return EOF;
}
+#ifndef DISABLE_DKIM
+ if (dkim_collect_input) dkim_collect_input = dkim_exim_verify_feed(smtp_inbuffer, rc);
+#endif
smtp_inend = smtp_inbuffer + rc;
smtp_inptr = smtp_inbuffer;
}
@@ -1039,6 +1042,7 @@
#endif
#ifndef DISABLE_DKIM
dkim_do_verify = 0;
+dkim_collect_input = 0;
#endif
#ifdef EXPERIMENTAL_SPF
spf_header_comment = NULL;
Index: spool_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/spool_in.c,v
retrieving revision 1.23.2.1
retrieving revision 1.23.2.2
diff -u -r1.23.2.1 -r1.23.2.2
--- spool_in.c 24 Feb 2009 15:57:55 -0000 1.23.2.1
+++ spool_in.c 9 Apr 2009 13:57:21 -0000 1.23.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/spool_in.c,v 1.23.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/spool_in.c,v 1.23.2.2 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -280,6 +280,7 @@
#ifndef DISABLE_DKIM
dkim_do_verify = 0;
+dkim_collect_input = 0;
#endif
#ifdef SUPPORT_TLS
Index: tls-gnu.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/tls-gnu.c,v
retrieving revision 1.20
retrieving revision 1.20.2.1
diff -u -r1.20 -r1.20.2.1
--- tls-gnu.c 3 Sep 2008 18:53:29 -0000 1.20
+++ tls-gnu.c 9 Apr 2009 13:57:21 -0000 1.20.2.1
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.20 2008/09/03 18:53:29 fanf2 Exp $ */
+/* $Cambridge: exim/exim-src/src/tls-gnu.c,v 1.20.2.1 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1172,7 +1172,9 @@
ssl_xfer_error = 1;
return EOF;
}
-
+#ifndef DISABLE_DKIM
+ if (dkim_collect_input) dkim_collect_input = dkim_exim_verify_feed(ssl_xfer_buffer, inbytes);
+#endif
ssl_xfer_buffer_hwm = inbytes;
ssl_xfer_buffer_lwm = 0;
}
Index: tls-openssl.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/tls-openssl.c,v
retrieving revision 1.13
retrieving revision 1.13.2.1
diff -u -r1.13 -r1.13.2.1
--- tls-openssl.c 3 Sep 2008 18:53:29 -0000 1.13
+++ tls-openssl.c 9 Apr 2009 13:57:21 -0000 1.13.2.1
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.13 2008/09/03 18:53:29 fanf2 Exp $ */
+/* $Cambridge: exim/exim-src/src/tls-openssl.c,v 1.13.2.1 2009/04/09 13:57:21 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -887,7 +887,9 @@
ssl_xfer_error = 1;
return EOF;
}
-
+#ifndef DISABLE_DKIM
+ if (dkim_collect_input) dkim_collect_input = dkim_exim_verify_feed(ssl_xfer_buffer, inbytes);
+#endif
ssl_xfer_buffer_hwm = inbytes;
ssl_xfer_buffer_lwm = 0;
}
Index: pdkim.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.h,v
retrieving revision 1.1.2.9
retrieving revision 1.1.2.10
diff -u -r1.1.2.9 -r1.1.2.10
--- pdkim.h 9 Apr 2009 07:49:11 -0000 1.1.2.9
+++ pdkim.h 9 Apr 2009 13:57:21 -0000 1.1.2.10
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.9 2009/04/09 07:49:11 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.10 2009/04/09 13:57:21 tom Exp $ */
/* -------------------------------------------------------------------------- */
/* Debugging. This can also be enabled/disabled at run-time. I recommend to
@@ -306,7 +306,7 @@
unsigned long);
DLLEXPORT
-int ppdkim_feed (pdkim_ctx *, char *, int);
+int pdkim_feed (pdkim_ctx *, char *, int);
DLLEXPORT
int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
