[exim-cvs] cvs commit: exim/exim-src/src dkim.c

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-src/src dkim.c
tom 2009/05/19 10:30:41 BST

  Modified files:        (Branch: DEVEL_PDKIM)
    exim-src/src         dkim.c 
  Log:
  Verification: add more detailed logging


  Revision  Changes    Path
  1.1.2.9   +65 -29    exim/exim-src/src/dkim.c


  Index: dkim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/Attic/dkim.c,v
  retrieving revision 1.1.2.8
  retrieving revision 1.1.2.9
  diff -u -r1.1.2.8 -r1.1.2.9
  --- dkim.c    19 May 2009 08:24:47 -0000    1.1.2.8
  +++ dkim.c    19 May 2009 09:30:41 -0000    1.1.2.9
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.8 2009/05/19 08:24:47 tom Exp $ */
  +/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.9 2009/05/19 09:30:41 tom Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -87,46 +87,82 @@
     if (pdkim_feed_finish(dkim_verify_ctx,&dkim_signatures) != PDKIM_OK) return 0;


     while (dkim_signatures != NULL) {
  -    uschar *dkim_log = string_sprintf("DKIM: v=%u d=%s s=%s c=%s/%s a=%s ",
  -                                      dkim_signatures->version,
  -                                      dkim_signatures->domain,
  -                                      dkim_signatures->selector,
  -                                      (dkim_signatures->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
  -                                      (dkim_signatures->canon_body    == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
  -                                      (dkim_signatures->algo          == PDKIM_ALGO_RSA_SHA256)?"rsa-sha256":"rsa-sha1"
  -
  -
  -                                      (dkim_signatures->identity != NULL)?dkim_signatures->identity:"<void>",
  -                                      (dkim_signatures->created>0)?
  -
  -                                      );
  -
  -    dkim_log = string_cat(dkim_log);
  -
  -
  +    int size = 0;
  +    int ptr = 0;
  +    uschar *logmsg = string_append(NULL, &size, &ptr, 5,
  +
  +      string_sprintf( "DKIM: v=%u d=%s s=%s c=%s/%s a=%s ",
  +                      dkim_signatures->version,
  +                      dkim_signatures->domain,
  +                      dkim_signatures->selector,
  +                      (dkim_signatures->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
  +                      (dkim_signatures->canon_body    == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
  +                      (dkim_signatures->algo          == PDKIM_ALGO_RSA_SHA256)?"rsa-sha256":"rsa-sha1"
  +                    ),
  +
  +      ((dkim_signatures->identity != NULL)?
  +        string_sprintf("i=%s ", dkim_signatures->identity)
  +        :
  +        US""
  +      ),
  +      ((dkim_signatures->created > 0)?
  +        string_sprintf("t=%lu ", dkim_signatures->created)
  +        :
  +        US""
  +      ),
  +      ((dkim_signatures->expires > 0)?
  +        string_sprintf("x=%lu ", dkim_signatures->expires)
  +        :
  +        US""
  +      ),
  +      ((dkim_signatures->bodylength > -1)?
  +        string_sprintf("x=%li ", dkim_signatures->bodylength)
  +        :
  +        US""
  +      )
  +    );


       switch(dkim_signatures->verify_status) {
         case PDKIM_VERIFY_NONE:
  -        debug_printf("not verified\n");
  -        log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
  -                  "not verified", dkim_signatures->domain, dkim_signatures->selector);
  +        logmsg = string_append(logmsg, &size, &ptr, 1, "[not verified]");
         break;
         case PDKIM_VERIFY_INVALID:
  -        debug_printf("invalid\n");
  -        log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
  -                  "invalid", dkim_signatures->domain, dkim_signatures->selector);
  +        logmsg = string_append(logmsg, &size, &ptr, 1, "[invalid - ");
  +        switch (dkim_signatures->verify_ext_status) {
  +          case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "public key record (currently?) unavailable]");
  +          break;
  +          case PDKIM_VERIFY_INVALID_BUFFER_SIZE:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "overlong public key record]");
  +          break;
  +          case PDKIM_VERIFY_INVALID_PUBKEY_PARSING:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "syntax error in public key record]");
  +          break;
  +          default:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "unspecified problem]");
  +        }
         break;
         case PDKIM_VERIFY_FAIL:
  -        debug_printf("verification failed\n");
  -        log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
  -                  "verification failed", dkim_signatures->domain, dkim_signatures->selector);
  +        logmsg = string_append(logmsg, &size, &ptr, 1, "[verification failed - ");
  +        switch (dkim_signatures->verify_ext_status) {
  +          case PDKIM_VERIFY_FAIL_BODY:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "body hash mismatch (body probably modified in transit)]");
  +          break;
  +          case PDKIM_VERIFY_FAIL_MESSAGE:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "signature did not verify (headers probably modified in transit)]");
  +          break;
  +          default:
  +            logmsg = string_append(logmsg, &size, &ptr, 1, "unspecified reason]");
  +        }
         break;
         case PDKIM_VERIFY_PASS:
  -        debug_printf("verification succeeded\n");
  -        log_write(0, LOG_MAIN, "DKIM: Signature from domain '%s', selector '%s': "
  -                  "verification succeeded", dkim_signatures->domain, dkim_signatures->selector);
  +        logmsg = string_append(logmsg, &size, &ptr, 1, "[verification succeeded]");
         break;
       }
  +
  +    logmsg[ptr] = '\0';
  +    log_write(0, LOG_MAIN, (char *)logmsg);
  +
       /* Try next signature */
       dkim_signatures = dkim_signatures->next;
     }