tom 2009/05/27 18:26:55 BST
Modified files: (Branch: DEVEL_PDKIM)
exim-src/src dkim.c expand.c globals.c globals.h
macros.h readconf.c receive.c smtp_in.c
spool_in.c
exim-src/src/pdkim pdkim.c
Log:
Add some more glue code for the DKIM acl
Revision Changes Path
1.1.2.13 +20 -3 exim/exim-src/src/dkim.c
1.97.2.2 +2 -0 exim/exim-src/src/expand.c
1.81.2.5 +7 -1 exim/exim-src/src/globals.c
1.62.2.4 +9 -5 exim/exim-src/src/globals.h
1.37.2.1 +1 -0 exim/exim-src/src/macros.h
1.1.2.17 +1 -1 exim/exim-src/src/pdkim/pdkim.c
1.35.2.2 +3 -0 exim/exim-src/src/readconf.c
1.45.2.4 +40 -2 exim/exim-src/src/receive.c
1.63.2.4 +1 -0 exim/exim-src/src/smtp_in.c
1.23.2.4 +1 -0 exim/exim-src/src/spool_in.c
Index: dkim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/Attic/dkim.c,v
retrieving revision 1.1.2.12
retrieving revision 1.1.2.13
diff -u -r1.1.2.12 -r1.1.2.13
--- dkim.c 20 May 2009 14:30:14 -0000 1.1.2.12
+++ dkim.c 27 May 2009 17:26:54 -0000 1.1.2.13
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.12 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/dkim.c,v 1.1.2.13 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -79,6 +79,9 @@
void dkim_exim_verify_finish(void) {
+ int dkim_signing_domains_size = 0;
+ int dkim_signing_domains_ptr = 0;
+ dkim_signing_domains = NULL;
/* Delete eventual previous signature chain */
dkim_signatures = NULL;
@@ -96,10 +99,11 @@
/* Finish DKIM operation and fetch link to signatures chain */
if (pdkim_feed_finish(dkim_verify_ctx,&dkim_signatures) != PDKIM_OK) return;
- /* Log a line for each signature */
+
while (dkim_signatures != NULL) {
int size = 0;
int ptr = 0;
+ /* Log a line for each signature */
uschar *logmsg = string_append(NULL, &size, &ptr, 5,
string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
@@ -109,7 +113,6 @@
(dkim_signatures->canon_body == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
(dkim_signatures->algo == PDKIM_ALGO_RSA_SHA256)?"rsa-sha256":"rsa-sha1"
),
-
((dkim_signatures->identity != NULL)?
string_sprintf("i=%s ", dkim_signatures->identity)
:
@@ -173,9 +176,23 @@
logmsg[ptr] = '\0';
log_write(0, LOG_MAIN, (char *)logmsg);
- /* Log next signature */
+ /* Build a colon-separated list of signing domains in dkim_signing_domains */
+ dkim_signing_domains = string_append(dkim_signing_domains,
+ &dkim_signing_domains_size,
+ &dkim_signing_domains_ptr,
+ 2,
+ dkim_signatures->domain,
+ ":")
+ );
+
+ /* Process next signature */
dkim_signatures = dkim_signatures->next;
}
+
+ /* Chop the last colon from the domain list */
+ if ((dkim_signing_domains != NULL) &&
+ (Ustrlen(dkim_signing_domains) > 0))
+ dkim_signing_domains[strlen(dkim_signing_domains)-1] = '\0';
}
Index: expand.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/expand.c,v
retrieving revision 1.97.2.1
retrieving revision 1.97.2.2
diff -u -r1.97.2.1 -r1.97.2.2
--- expand.c 24 Feb 2009 15:57:55 -0000 1.97.2.1
+++ expand.c 27 May 2009 17:26:54 -0000 1.97.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/expand.c,v 1.97.2.1 2009/02/24 15:57:55 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/expand.c,v 1.97.2.2 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -404,6 +404,7 @@
#ifndef DISABLE_DKIM
{ "dkim_domain", vtype_stringptr, &dkim_signing_domain },
{ "dkim_selector", vtype_stringptr, &dkim_signing_selector },
+ { "dkim_signing_domains",vtype_stringptr, &dkim_signing_domains },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_matched", vtype_stringptr, &dnslist_matched },
@@ -1544,6 +1545,7 @@
sprintf(CS var_buffer, "%d", inodes);
}
return var_buffer;
+
}
}
Index: globals.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.c,v
retrieving revision 1.81.2.4
retrieving revision 1.81.2.5
diff -u -r1.81.2.4 -r1.81.2.5
--- globals.c 20 May 2009 14:30:14 -0000 1.81.2.4
+++ globals.c 27 May 2009 17:26:54 -0000 1.81.2.5
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.c,v 1.81.2.4 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.c,v 1.81.2.5 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -182,6 +182,9 @@
uschar *acl_smtp_auth = NULL;
uschar *acl_smtp_connect = NULL;
uschar *acl_smtp_data = NULL;
+#ifndef DISABLE_DKIM
+uschar *acl_smtp_dkim = NULL;
+#endif
uschar *acl_smtp_etrn = NULL;
uschar *acl_smtp_expn = NULL;
uschar *acl_smtp_helo = NULL;
@@ -210,6 +213,7 @@
US"MAIL",
US"PREDATA",
US"MIME",
+ US"DKIM",
US"DATA",
US"non-SMTP",
US"AUTH",
@@ -229,6 +233,7 @@
US"550", /* MAIL */
US"550", /* PREDATA */
US"550", /* MIME */
+ US"550", /* DKIM */
US"550", /* DATA */
US"0", /* not SMTP; not relevant */
US"503", /* AUTH */
@@ -527,9 +532,10 @@
BOOL disable_logging = FALSE;
#ifndef DISABLE_DKIM
+uschar *dkim_signing_domains = NULL;
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
-uschar *dkim_verify_domains = US"@dkim_signed";
+uschar *dkim_verify_domains = US"$dkim_signing_domains";
BOOL dkim_collect_input = FALSE;
BOOL dkim_disable_verify = FALSE;
#endif
Index: globals.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/globals.h,v
retrieving revision 1.62.2.3
retrieving revision 1.62.2.4
diff -u -r1.62.2.3 -r1.62.2.4
--- globals.h 20 May 2009 14:30:14 -0000 1.62.2.3
+++ globals.h 27 May 2009 17:26:54 -0000 1.62.2.4
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/globals.h,v 1.62.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/globals.h,v 1.62.2.4 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -118,6 +118,9 @@
extern uschar *acl_smtp_auth; /* ACL run for AUTH */
extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */
extern uschar *acl_smtp_data; /* ACL run after DATA received */
+#ifndef DISABLE_DKIM
+extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */
+#endif
extern uschar *acl_smtp_etrn; /* ACL run for ETRN */
extern uschar *acl_smtp_expn; /* ACL run for EXPN */
extern uschar *acl_smtp_helo; /* ACL run for HELO/EHLO */
@@ -296,11 +299,12 @@
extern BOOL disable_logging; /* Disables log writing when TRUE */
#ifndef DISABLE_DKIM
-extern uschar *dkim_signing_domain; /* Domain used for signing a message. */
-extern uschar *dkim_signing_selector; /* Selector used for signing a message. */
-extern uschar *dkim_verify_domains; /* Colon-separated list of domains for each of which we call the DKIM ACL */
-extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
-extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
+extern uschar *dkim_signing_domains; /* Expansion variable, holds colon-separated list of domains that have signed a message */
+extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */
+extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */
+extern uschar *dkim_verify_domains; /* Colon-separated list of domains for each of which we call the DKIM ACL */
+extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
+extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
#endif
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
Index: macros.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/macros.h,v
retrieving revision 1.37
retrieving revision 1.37.2.1
diff -u -r1.37 -r1.37.2.1
--- macros.h 29 Sep 2008 11:41:07 -0000 1.37
+++ macros.h 27 May 2009 17:26:54 -0000 1.37.2.1
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/macros.h,v 1.37 2008/09/29 11:41:07 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/macros.h,v 1.37.2.1 2009/05/27 17:26:54 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -799,6 +799,7 @@
ACL_WHERE_MAIL, /* ) */
ACL_WHERE_PREDATA, /* ) There are several tests for "in message", */
ACL_WHERE_MIME, /* ) implemented by <= WHERE_NOTSMTP */
+ ACL_WHERE_DKIM, /* ) */
ACL_WHERE_DATA, /* ) */
ACL_WHERE_NOTSMTP, /* ) */
Index: readconf.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/readconf.c,v
retrieving revision 1.35.2.1
retrieving revision 1.35.2.2
diff -u -r1.35.2.1 -r1.35.2.2
--- readconf.c 20 May 2009 14:30:14 -0000 1.35.2.1
+++ readconf.c 27 May 2009 17:26:55 -0000 1.35.2.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/readconf.c,v 1.35.2.1 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/readconf.c,v 1.35.2.2 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -142,6 +142,9 @@
{ "acl_smtp_auth", opt_stringptr, &acl_smtp_auth },
{ "acl_smtp_connect", opt_stringptr, &acl_smtp_connect },
{ "acl_smtp_data", opt_stringptr, &acl_smtp_data },
+#ifndef DISABLE_DKIM
+ { "acl_smtp_dkim", opt_stringptr, &acl_smtp_dkim },
+#endif
{ "acl_smtp_etrn", opt_stringptr, &acl_smtp_etrn },
{ "acl_smtp_expn", opt_stringptr, &acl_smtp_expn },
{ "acl_smtp_helo", opt_stringptr, &acl_smtp_helo },
Index: receive.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/receive.c,v
retrieving revision 1.45.2.3
retrieving revision 1.45.2.4
diff -u -r1.45.2.3 -r1.45.2.4
--- receive.c 20 May 2009 14:30:14 -0000 1.45.2.3
+++ receive.c 27 May 2009 17:26:55 -0000 1.45.2.4
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/receive.c,v 1.45.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/receive.c,v 1.45.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -2969,8 +2969,46 @@
{
#ifndef DISABLE_DKIM
- if (!dkim_disable_verify) dkim_exim_verify_finish();
-#endif
+ if (!dkim_disable_verify)
+ {
+ /* Finish verification, this will log individual signature results to
+ the mainlog */
+ dkim_exim_verify_finish();
+
+ /* Check if we must run the DKIM ACL */
+ if ((acl_smtp_dkim != NULL) &&
+ (dkim_verify_domains != NULL) &&
+ (dkim_verify_domains[0] != '\0'))
+ {
+ uschar *dkim_verify_domains_expanded =
+ expand_string(dkim_verify_domains);
+ if (dkim_verify_domains_expanded == NULL)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "expansion of dkim_verify_domains option failed: %s",
+ expand_string_message);
+ }
+ else
+ {
+ int sep = 0;
+ uschar *ptr = dkim_verify_domains_expanded;
+ uschar *item = NULL;
+ uschar itembuf[256];
+ while ((item = string_nextinlist(&ptr, &sep,
+ itembuf,
+ sizeof(itembuf))) != NULL)
+ {
+
+
+ rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg);
+ if (rc != OK) break;
+ }
+
+ add_acl_headers(US"DKIM");
+ }
+ }
+ }
+#endif /* DISABLE_DKIM */
#ifdef WITH_CONTENT_SCAN
if (acl_smtp_mime != NULL &&
Index: smtp_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/smtp_in.c,v
retrieving revision 1.63.2.3
retrieving revision 1.63.2.4
diff -u -r1.63.2.3 -r1.63.2.4
--- smtp_in.c 20 May 2009 14:30:14 -0000 1.63.2.3
+++ smtp_in.c 27 May 2009 17:26:55 -0000 1.63.2.4
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.63.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/smtp_in.c,v 1.63.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1041,6 +1041,7 @@
bmi_verdicts = NULL;
#endif
#ifndef DISABLE_DKIM
+dkim_signing_domains = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif
Index: spool_in.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/spool_in.c,v
retrieving revision 1.23.2.3
retrieving revision 1.23.2.4
diff -u -r1.23.2.3 -r1.23.2.4
--- spool_in.c 20 May 2009 14:30:14 -0000 1.23.2.3
+++ spool_in.c 27 May 2009 17:26:55 -0000 1.23.2.4
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/spool_in.c,v 1.23.2.3 2009/05/20 14:30:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/spool_in.c,v 1.23.2.4 2009/05/27 17:26:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -279,6 +279,7 @@
#endif
#ifndef DISABLE_DKIM
+dkim_signing_domains = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif
Index: pdkim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.c,v
retrieving revision 1.1.2.16
retrieving revision 1.1.2.17
diff -u -r1.1.2.16 -r1.1.2.17
--- pdkim.c 20 May 2009 14:30:15 -0000 1.1.2.16
+++ pdkim.c 27 May 2009 17:26:55 -0000 1.1.2.17
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.16 2009/05/20 14:30:15 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.17 2009/05/27 17:26:55 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
@@ -39,7 +39,7 @@
#define PDKIM_MAX_HEADER_LEN 65536
#define PDKIM_MAX_HEADERS 512
-#define PDKIM_MAX_BODY_LINE_LEN 1024
+#define PDKIM_MAX_BODY_LINE_LEN 16384
#define PDKIM_DNS_TXT_MAX_NAMELEN 1024
#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\
"Message-ID:To:Cc:MIME-Version:Content-Type:"\
