Gitweb:
https://git.exim.org/exim.git/commitdiff/7dc8d146a675f52b441310e731314d86c66b2114
Commit: 7dc8d146a675f52b441310e731314d86c66b2114
Parent: e93ae25c007845adff89736d7d292fe75b8a0c7a
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Aug 28 22:01:24 2024 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Aug 29 09:33:26 2024 +0100
dmarc dynamic module
---
doc/doc-docbook/spec.xfpt | 14 ++++-
src/OS/Makefile-Base | 2 -
src/scripts/Configure-Makefile | 12 +++-
src/scripts/MakeLinks | 4 +-
src/src/EDITME | 7 +++
src/src/acl.c | 51 +++++++++++++---
src/src/arc.c | 2 +-
src/src/daemon.c | 3 -
src/src/drtables.c | 56 ++++++++++++++++--
src/src/exim.c | 6 +-
src/src/exim.h | 2 +-
src/src/expand.c | 21 +++++--
src/src/functions.h | 8 ++-
src/src/globals.c | 9 ---
src/src/globals.h | 9 ---
src/src/lookups/spf.c | 6 +-
src/src/miscmods/Makefile | 3 +-
src/src/{ => miscmods}/dmarc.c | 128 ++++++++++++++++++++++++++++++++---------
src/src/{ => miscmods}/dmarc.h | 13 +----
src/src/miscmods/spf.c | 27 ++++-----
src/src/moan.c | 3 +-
src/src/readconf.c | 21 ++++---
src/src/receive.c | 16 ++++--
src/src/smtp_in.c | 35 +++--------
src/src/structs.h | 3 +
test/runtest | 4 +-
test/stderr/0437 | 1 +
27 files changed, 312 insertions(+), 154 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 428cbc079..90fb6dd47 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -32055,12 +32055,20 @@ This control turns off DKIM verification processing entirely. For details on
the operation and configuration of DKIM, see section &<<SECDKIM>>&.
-.vitem &*control&~=&~dmarc_disable_verify*&
+.vitem &*control&~=&~enforce_sync*& &&&
+ &*control&~=&~no_enforce_sync*&
+
+.vitem &*control&~=&~dmarc_disable_verify*& &&&
+ &*control&~=&~dmarc_enable_forensic*&
.cindex "disable DMARC verify"
-.cindex "DMARC" "disable verify"
-This control turns off DMARC verification processing entirely. For details on
+.cindex DMARC "disable verify"
+.cindex DMARC controls
+.cindex DMARC "forensic mails"
+These control affect DMARC processing. For details on
the operation and configuration of DMARC, see section &<<SECDMARC>>&.
+The &"disable"& turns off DMARC verification processing entirely.
+
.vitem &*control&~=&~dscp/*&<&'value'&>
.cindex "&ACL;" "setting DSCP value"
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index caae1e536..43cec361c 100644
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -499,7 +499,6 @@ OBJ_EXPERIMENTAL = arc.o \
bmi_spam.o \
dane.o \
dcc.o \
- dmarc.o \
imap_utf7.o \
utf8.o \
xclient.o
@@ -901,7 +900,6 @@ arc.o: $(HDRS) pdkim/pdkim.h arc.c
bmi_spam.o: $(HDRS) bmi_spam.c
dane.o: $(HDRS) dane.c dane-openssl.c
dcc.o: $(HDRS) dcc.h dcc.c
-dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
imap_utf7.o: $(HDRS) imap_utf7.c
utf8.o: $(HDRS) utf8.c
xclient.o: $(HDRS) xclient.c
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
index af0de26e4..2b8a9bcb5 100755
--- a/src/scripts/Configure-Makefile
+++ b/src/scripts/Configure-Makefile
@@ -29,6 +29,16 @@ fi
archtype=`../scripts/arch-type` || exit 1
+# Linux now whines about egrep, saying "use grep -E".
+# Solarix doesn't support -E on grep. Thanks so much for
+# going non-back-compatible, Linux.
+if echo 1 | grep -E 1 >/dev/null; then
+ egrep="grep -E"
+else
+ egrep="egrep"
+fi
+
+
# Now test for either the non-existence of Makefile, or for any of its
# components being newer. Note that the "newer" script gives the right
# answer (for our purposes) when the first file is non-existent.
@@ -311,7 +321,7 @@ done <<-END
routers ROUTER ACCEPT DNSLOOKUP IPLITERAL IPLOOKUP MANUALROUTE QUERYPROGRAM REDIRECT
transports TRANSPORT APPENDFILE AUTOREPLY LMTP PIPE QUEUEFILE SMTP
auths AUTH CRAM_MD5 CYRUS_SASL DOVECOT EXTERNAL GSASL HEIMDAL_GSSAPI PLAINTEXT SPA TLS
- miscmods SUPPORT SPF
+ miscmods SUPPORT SPF DMARC
END
# See if there is a definition of EXIM_PERL in what we have built so far.
diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks
index 09d18b63c..e45097243 100755
--- a/src/scripts/MakeLinks
+++ b/src/scripts/MakeLinks
@@ -94,7 +94,7 @@ d="miscmods"
mkdir $d
cd $d
# Makefile is generated
-for f in spf.c spf.h
+for f in dmarc.c dmarc.h spf.c spf.h
do
ln -s ../../src/$d/$f $f
done
@@ -140,7 +140,7 @@ for f in blob.h dbfunctions.h exim.h functions.h globals.h \
string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-cipher-stdname.c \
tls-gnu.c tls-openssl.c \
tod.c transport.c tree.c verify.c version.c xtextencode.c \
- dkim.c dkim.h dkim_transport.c dmarc.c dmarc.h \
+ dkim.c dkim.h dkim_transport.c \
valgrind.h memcheck.h \
macro_predef.c macro_predef.h
do
diff --git a/src/src/EDITME b/src/src/EDITME
index e507ab3cd..35c497697 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -642,9 +642,16 @@ DISABLE_MAL_MKS=yes
# Uncomment the following line to add DMARC checking capability, implemented
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
+#
+# If set to "2" instead of "yes" then the support will be
+# built as a module and must be installed into LOOKUP_MODULE_DIR (the name
+# is historic). The same rules as for other module builds apply; use
+# SUPPORT_DMARC_{INCLUDE,LIBS}.
+#
# SUPPORT_DMARC=yes
# CFLAGS += -I/usr/local/include
# LDFLAGS += -lopendmarc
+#
# Uncomment the following if you need to change the default. You can
# override it at runtime (main config option dmarc_tld_file)
# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds
diff --git a/src/src/acl.c b/src/src/acl.c
index e285da65c..30fc09174 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -218,7 +218,11 @@ static condition_def conditions[] = {
},
#endif
#ifdef SUPPORT_DMARC
- [ACLC_DMARC_STATUS] = { US"dmarc_status", ACD_EXP,
+ [ACLC_DMARC_STATUS] = { US"dmarc_status",
+# if SUPPORT_DMARC==2
+ ACD_LOAD |
+# endif
+ ACD_EXP,
PERMITTED(ACL_BIT_DATA) },
#endif
@@ -393,6 +397,9 @@ for (condition_def * c = conditions; c < conditions + nelem(conditions); c++)
#ifndef MACRO_PREDEF
+/* These tables support loading of dynamic modules triggered by an ACL
+condition use, spotted during readconf. See acl_read(). */
+
# ifdef LOOKUP_MODULE_DIR
typedef struct condition_module {
const uschar * mod_name; /* module for the givien conditions */
@@ -403,11 +410,17 @@ typedef struct condition_module {
# if SUPPORT_SPF==2
static int spf_condx[] = { ACLC_SPF, ACLC_SPF_GUESS, -1 };
# endif
+# if SUPPORT_DMARC==2
+static int dmarc_condx[] = { ACLC_DMARC_STATUS, -1 };
+# endif
static condition_module condition_modules[] = {
# if SUPPORT_SPF==2
{.mod_name = US"spf", .conditions = spf_condx},
# endif
+# if SUPPORT_SPF==2
+ {.mod_name = US"dmarc", .conditions = dmarc_condx},
+# endif
};
# endif
@@ -3942,14 +3955,36 @@ for (; cb; cb = cb->next)
#ifdef SUPPORT_DMARC
case ACLC_DMARC_STATUS:
+ /* See comment on ACLC_SPF wrt. coding issues */
+ {
+ misc_module_info * mi = misc_mod_find(US"dmarc", &log_message);
+ typedef uschar * (*efn_t)(int);
+ uschar * expanded_query;
+
+debug_printf("%s %d\n", __FUNCTION__, __LINE__);
+ if (!mi)
+ { rc = DEFER; break; } /* shouldn't happen */
+
+debug_printf("%s %d: mi %p\n", __FUNCTION__, __LINE__, mi);
if (!f.dmarc_has_been_checked)
- dmarc_process();
- f.dmarc_has_been_checked = TRUE;
+ {
+ typedef int (*pfn_t)(void);
+ (void) (((pfn_t *) mi->functions)[0]) (); /* dmarc_process */
+ f.dmarc_has_been_checked = TRUE;
+ }
+debug_printf("%s %d\n", __FUNCTION__, __LINE__);
/* used long way of dmarc_exim_expand_query() in case we need more
view into the process in the future. */
- rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
+
+ /*XXX is this call used with any other arg? */
+ expanded_query = (((efn_t *) mi->functions)[1]) (DMARC_VERIFY_STATUS);
+
+debug_printf("%s %d\n", __FUNCTION__, __LINE__);
+ rc = match_isinlist(expanded_query,
&arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
+debug_printf("%s %d\n", __FUNCTION__, __LINE__);
+ }
break;
#endif
@@ -4185,8 +4220,10 @@ for (; cb; cb = cb->next)
#ifdef SUPPORT_SPF
case ACLC_SPF:
case ACLC_SPF_GUESS:
- /* Hardwire the offset of the function in the module functions table
- for now. Work out a more general mech later. */
+ /* We have hardwired function-call numbers, and also prototypes for the
+ functions. We could do a function name table search for the number
+ but I can't see how to deal with prototypes. Is a K&R non-prototyped
+ function still usable with today's compilers? */
{
misc_module_info * mi = misc_mod_find(US"spf", &log_message);
typedef int (*fn_t)(const uschar **, const uschar *, int);
@@ -4195,7 +4232,7 @@ for (; cb; cb = cb->next)
if (!mi)
{ rc = DEFER; break; } /* shouldn't happen */
- fn = ((fn_t *) mi->functions)[1];
+ fn = ((fn_t *) mi->functions)[0]; /* spf_process() */
rc = fn(&arg, sender_address,
cb->type == ACLC_SPF ? SPF_PROCESS_NORMAL : SPF_PROCESS_GUESS);
diff --git a/src/src/arc.c b/src/src/arc.c
index 48f69a8cf..2dcbf2efb 100644
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -19,7 +19,7 @@
# include "pdkim/signing.h"
# ifdef SUPPORT_DMARC
-# include "dmarc.h"
+# include "miscmods/dmarc.h"
# endif
extern pdkim_ctx * dkim_verify_ctx;
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 49bf74a11..456c586da 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -2578,9 +2578,6 @@ smtp_deliver_init(); /* Used for callouts */
#ifdef WITH_CONTENT_SCAN
malware_init();
#endif
-#ifdef SUPPORT_DMARC
-dmarc_init();
-#endif
#ifndef DISABLE_TLS
tls_daemon_init();
#endif
diff --git a/src/src/drtables.c b/src/src/drtables.c
index 35a376dd1..9ed55e29a 100644
--- a/src/src/drtables.c
+++ b/src/src/drtables.c
@@ -432,8 +432,8 @@ static void
misc_mod_add(misc_module_info * mi)
{
if (mi->init) mi->init(mi);
-DEBUG(D_lookup) if (mi->lib_vers_report)
- debug_printf_indent("%Y\n", mi->lib_vers_report(NULL));
+DEBUG(D_any) if (mi->lib_vers_report)
+ debug_printf_indent("%Y", mi->lib_vers_report(NULL));
mi->next = misc_module_list;
misc_module_list = mi;
@@ -459,8 +459,10 @@ mi = (struct misc_module_info *) dlsym(dl,
CS string_sprintf("%s_module_info", name));
if ((errormsg = dlerror()))
{
- fprintf(stderr, "%s does not appear to be an spf module (%s)\n", name, errormsg);
- log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be an spf module (%s)", name, errormsg);
+ fprintf(stderr, "%s does not appear to be a '%s' module (%s)\n",
+ name, name, errormsg);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "%s does not contain the expected module info symbol (%s)", name, errormsg);
dlclose(dl);
return NULL;
}
@@ -491,6 +493,7 @@ misc_mod_findonly(const uschar * name)
for (misc_module_info * mi = misc_module_list; mi; mi = mi->next)
if (Ustrcmp(name, mi->name) == 0)
return mi;
+return NULL;
}
/* Find a "misc" module, possibly already loaded, by name. */
@@ -508,6 +511,42 @@ return NULL;
}
+/* For any "misc" module having a connection-init routine, call it. */
+
+int
+misc_mod_conn_init(const uschar * sender_helo_name,
+ const uschar * sender_host_address)
+{
+for (const misc_module_info * mi = misc_module_list; mi; mi = mi->next)
+ if (mi->conn_init)
+ if ((mi->conn_init) (sender_helo_name, sender_host_address) != OK)
+ return FAIL;
+return OK;
+}
+
+/* Ditto, smtp-reset */
+
+void
+misc_mod_smtp_reset(void)
+{
+for (const misc_module_info * mi = misc_module_list; mi; mi = mi->next)
+ if (mi->smtp_reset)
+ (mi->smtp_reset)();
+}
+
+/* Ditto, msg-init */
+
+int
+misc_mod_msg_init(void)
+{
+for (const misc_module_info * mi = misc_module_list; mi; mi = mi->next)
+ if (mi->msg_init)
+ if ((mi->msg_init)() != OK)
+ return FAIL;
+return OK;
+}
+
+
@@ -658,6 +697,9 @@ DEBUG(D_lookup) debug_printf("Loaded %d lookup modules\n", countmodules);
}
+#if defined(SUPPORT_DMARC) && SUPPORT_DMARC!=2
+extern misc_module_info dmarc_module_info;
+#endif
#if defined(SUPPORT_SPF) && SUPPORT_SPF!=2
extern misc_module_info spf_module_info;
#endif
@@ -667,9 +709,15 @@ init_misc_mod_list(void)
{
static BOOL onetime = FALSE;
if (onetime) return;
+
#if defined(SUPPORT_SPF) && SUPPORT_SPF!=2
+/* dmarc depends on spf so this add must go first, for the dmarc-static case */
misc_mod_add(&spf_module_info);
#endif
+#if defined(SUPPORT_DMARC) && SUPPORT_DMARC!=2
+misc_mod_add(&dmarc_module_info);
+#endif
+
onetime = TRUE;
}
diff --git a/src/src/exim.c b/src/src/exim.c
index ecc25d6bc..5ad54ffc1 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -1395,9 +1395,9 @@ DEBUG(D_any)
#ifdef SUPPORT_I18N
g = utf8_version_report(g);
#endif
-#ifdef SUPPORT_DMARC
- g = dmarc_version_report(g);
-#endif
+
+/*XXX do we need a "show misc-mods version-report" ?
+Currently they are output in misc_mod_add() */
show_string(is_stdout, g);
g = NULL;
diff --git a/src/src/exim.h b/src/src/exim.h
index 470adb351..284748c5d 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -549,7 +549,7 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly.
# include "dkim.h"
#endif
#ifdef SUPPORT_DMARC
-# include "dmarc.h"
+# include "miscmods/dmarc.h"
# include <opendmarc/dmarc.h>
#endif
diff --git a/src/src/expand.c b/src/src/expand.c
index b3a1575a7..a6b05bd87 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -513,10 +513,10 @@ static var_entry var_table[] = {
{ "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
#endif
#ifdef SUPPORT_DMARC
- { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
- { "dmarc_status", vtype_stringptr, &dmarc_status },
- { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
- { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
+ { "dmarc_domain_policy", vtype_module, US"dmarc" },
+ { "dmarc_status", vtype_module, US"dmarc" },
+ { "dmarc_status_text", vtype_module, US"dmarc" },
+ { "dmarc_used_domain", vtype_module, US"dmarc" },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_matched", vtype_stringptr, &dnslist_matched },
@@ -4888,7 +4888,7 @@ while (*s)
if (mi)
{
typedef gstring * (*fn_t)(gstring *);
- fn_t fn = ((fn_t *) mi->functions)[2]; /* authres_spf */
+ fn_t fn = ((fn_t *) mi->functions)[1]; /* authres_spf */
yield = fn(yield);
}
}
@@ -4897,7 +4897,16 @@ while (*s)
yield = authres_dkim(yield);
#endif
#ifdef SUPPORT_DMARC
- yield = authres_dmarc(yield);
+ {
+ misc_module_info * mi = misc_mod_findonly(US"dmarc");
+ if (mi)
+ {
+ /*XXX is authres common enough to be generic? */
+ typedef gstring * (*fn_t)(gstring *);
+ fn_t fn = ((fn_t *) mi->functions)[2]; /* authres_dmarc*/
+ yield = fn(yield);
+ }
+ }
#endif
#ifdef EXPERIMENTAL_ARC
yield = authres_arc(yield);
diff --git a/src/src/functions.h b/src/src/functions.h
index aaec6461f..3a980318f 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -147,9 +147,6 @@ extern gstring *authres_arc(gstring *);
#ifndef DISABLE_DKIM
extern gstring *authres_dkim(gstring *);
#endif
-#ifdef SUPPORT_DMARC
-extern gstring *authres_dmarc(gstring *);
-#endif
extern gstring *authres_smtpauth(gstring *);
extern uschar *b64encode(const uschar *, int);
@@ -377,8 +374,13 @@ extern ssize_t mime_decode_base64(FILE *, FILE *, uschar *);
extern int mime_regex(const uschar **, BOOL);
extern void mime_set_anomaly(int);
#endif
+
+extern int misc_mod_conn_init(const uschar *, const uschar *);
extern misc_module_info * misc_mod_find(const uschar * modname, uschar **);
extern misc_module_info * misc_mod_findonly(const uschar * modname);
+extern int misc_mod_msg_init(void);
+extern void misc_mod_smtp_reset(void);
+
extern uschar *moan_check_errorcopy(const uschar *);
extern BOOL moan_skipped_syntax_errors(uschar *, error_block *, uschar *,
BOOL, uschar *);
diff --git a/src/src/globals.c b/src/src/globals.c
index f2287d41c..cfa75f1d7 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -882,15 +882,6 @@ uschar *dkim_verify_signers = US"$dkim_signers";
uschar *dkim_verify_status = NULL;
uschar *dkim_verify_reason = NULL;
#endif
-#ifdef SUPPORT_DMARC
-uschar *dmarc_domain_policy = NULL;
-uschar *dmarc_forensic_sender = NULL;
-uschar *dmarc_history_file = NULL;
-uschar *dmarc_status = NULL;
-uschar *dmarc_status_text = NULL;
-uschar *dmarc_tld_file = NULL;
-uschar *dmarc_used_domain = NULL;
-#endif
uschar *dns_again_means_nonexist = NULL;
int dns_csa_search_limit = 5;
diff --git a/src/src/globals.h b/src/src/globals.h
index 9b30e502c..8173d771e 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -563,15 +563,6 @@ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for ea
extern uschar *dkim_verify_status; /* result for this signature */
extern uschar *dkim_verify_reason; /* result for this signature */
#endif
-#ifdef SUPPORT_DMARC
-extern uschar *dmarc_domain_policy; /* Expansion for declared policy of used domain */
-extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */
-extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */
-extern uschar *dmarc_status; /* Expansion variable, one word value */
-extern uschar *dmarc_status_text; /* Expansion variable, human readable value */
-extern uschar *dmarc_tld_file; /* Mozilla TLDs text file */
-extern uschar *dmarc_used_domain; /* Expansion variable, domain libopendmarc chose for DMARC policy lookup */
-#endif
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
extern int dns_csa_search_limit; /* How deep to search for CSA SRV records */
diff --git a/src/src/lookups/spf.c b/src/src/lookups/spf.c
index 4e0824911..a06f9117d 100644
--- a/src/src/lookups/spf.c
+++ b/src/src/lookups/spf.c
@@ -39,7 +39,7 @@ misc_module_info * mi = misc_mod_find(US"spf", errmsg);
if (mi)
{
typedef void * (*fn_t)(const uschar *, uschar **);
- return (((fn_t *) mi->functions)[5]) (filename, errmsg);
+ return (((fn_t *) mi->functions)[3]) (filename, errmsg);
}
return NULL;
}
@@ -52,7 +52,7 @@ misc_module_info * mi = misc_mod_find(US"spf", NULL);
if (mi)
{
typedef void (*fn_t)(void *);
- return (((fn_t *) mi->functions)[6]) (handle);
+ return (((fn_t *) mi->functions)[4]) (handle);
}
}
@@ -67,7 +67,7 @@ if (mi)
{
typedef int (*fn_t) (void *, const uschar *, const uschar *,
int, uschar **, uschar **, uint *, const uschar *);
- return (((fn_t *) mi->functions)[7]) (handle, filename, keystring, key_len,
+ return (((fn_t *) mi->functions)[5]) (handle, filename, keystring, key_len,
result, errmsg, do_cache, opts);
}
return FAIL;
diff --git a/src/src/miscmods/Makefile b/src/src/miscmods/Makefile
index 59bf29836..d20b7a9f1 100644
--- a/src/src/miscmods/Makefile
+++ b/src/src/miscmods/Makefile
@@ -26,6 +26,7 @@ miscmods.a: $(OBJ)
.c.so:; @echo "$(CC) -shared $*.c"
$(FE)$(CC) $(SUPPORT_$*_INCLUDE) $(SUPPORT_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
-spf.o spf.so: $(HDRS) spf.h spf.c
+spf.o spf.so: $(HDRS) spf.h spf.c
+dmarc.o dmarc.so: $(HDRS) ../pdkim/pdkim.h dmarc.h dmarc.c
# End
diff --git a/src/src/dmarc.c b/src/src/miscmods/dmarc.c
similarity index 87%
rename from src/src/dmarc.c
rename to src/src/miscmods/dmarc.c
index 664daa737..0a97bf6b7 100644
--- a/src/src/dmarc.c
+++ b/src/src/miscmods/dmarc.c
@@ -12,7 +12,7 @@
/* Code for calling dmarc checks via libopendmarc. Called from acl.c. */
-#include "exim.h"
+#include "../exim.h"
#ifdef SUPPORT_DMARC
# if !defined SUPPORT_SPF
# error SPF must also be enabled for DMARC
@@ -20,9 +20,9 @@
# error DKIM must also be enabled for DMARC
# else
-# include "functions.h"
+# include "../functions.h"
# include "dmarc.h"
-# include "pdkim/pdkim.h"
+# include "../pdkim/pdkim.h"
OPENDMARC_LIB_T dmarc_ctx;
DMARC_POLICY_T *dmarc_pctx = NULL;
@@ -55,8 +55,22 @@ static dmarc_exim_p dmarc_policy_description[] = {
};
-int
-dmarc_init(void)
+/* $variables */
+uschar * dmarc_domain_policy = NULL; /* Declared policy of used domain */
+uschar * dmarc_status = NULL; /* One word value */
+uschar * dmarc_status_text = NULL; /* Human readable value */
+uschar * dmarc_used_domain = NULL; /* Domain libopendmarc chose for DMARC policy lookup */
+
+/* options */
+uschar * dmarc_forensic_sender = NULL; /* Set sender address for forensic reports */
+uschar * dmarc_history_file = NULL; /* File to store dmarc results */
+uschar * dmarc_tld_file = NULL; /* Mozilla TLDs text file */
+
+
+/* One-time initialisation for dmarc. Ensure the spf module is available. */
+
+static BOOL
+dmarc_init(void *)
{
uschar * errstr;
if (!(spf_mod_info = misc_mod_find(US"spf", &errstr)))
@@ -65,12 +79,14 @@ if (!(spf_mod_info = misc_mod_find(US"spf", &errstr)))
return TRUE;
}
-gstring *
+static gstring *
dmarc_version_report(gstring * g)
{
return string_fmt_append(g, "Library version: dmarc: Compile: %d.%d.%d.%d\n",
- (OPENDMARC_LIB_VERSION & 0xff000000) >> 24, (OPENDMARC_LIB_VERSION & 0x00ff0000) >> 16,
- (OPENDMARC_LIB_VERSION & 0x0000ff00) >> 8, OPENDMARC_LIB_VERSION & 0x000000ff);
+ (OPENDMARC_LIB_VERSION & 0xff000000) >> 24,
+ (OPENDMARC_LIB_VERSION & 0x00ff0000) >> 16,
+ (OPENDMARC_LIB_VERSION & 0x0000ff00) >> 8,
+ (OPENDMARC_LIB_VERSION & 0x000000ff));
}
@@ -98,12 +114,14 @@ eb->next = NULL;
return eblock;
}
-/* dmarc_conn_init sets up a context that can be re-used for several
+/* dmarc_msg_init sets up a context that can be re-used for several
messages on the same SMTP connection (that come from the
-same host with the same HELO string) */
+same host with the same HELO string).
+However, we seem to only use it for one; we destroy some sort of context
+at the tail end of dmarc_process(). */
-int
-dmarc_conn_init(void)
+static int
+dmarc_msg_init()
{
int *netmask = NULL; /* Ignored */
int is_ipv6 = 0;
@@ -167,11 +185,19 @@ return OK;
}
+static void
+dmarc_smtp_reset(void)
+{
+dmarc_domain_policy = dmarc_status = dmarc_status_text =
+dmarc_used_domain = NULL;
+}
+
+
/* dmarc_store_data stores the header data so that subsequent dmarc_process can
access the data.
Called after the entire message has been received, with the From: header. */
-int
+static int
dmarc_store_data(header_line * hdr)
{
/* No debug output because would change every test debug output */
@@ -362,7 +388,7 @@ context (if any), retrieves the result, sets up expansion
strings and evaluates the condition outcome.
Called for the first ACL dmarc= condition. */
-int
+static int
dmarc_process(void)
{
int sr, origin; /* used in SPF section */
@@ -433,10 +459,9 @@ if (!dmarc_abort && !sender_host_authenticated)
spf_sender_domain = expand_string(US"$sender_address_domain");
{
- misc_module_info * mi = misc_mod_findonly(US"spf");
typedef SPF_response_t * (*fn_t)(void);
- if (mi)
- spf_response_p = ((fn_t *) mi->functions)[3](); /* spf_get_response */
+ if (spf_mod_info)
+ spf_response_p = ((fn_t *) spf_mod_info->functions)[2](); /* spf_get_response */
}
if (!spf_response_p)
@@ -673,27 +698,27 @@ if (!f.dmarc_disable_verify)
return OK;
}
-uschar *
-dmarc_exim_expand_query(int what)
+static uschar *
+dmarc_exim_expand_defaults(int what)
{
-if (f.dmarc_disable_verify || !dmarc_pctx)
- return dmarc_exim_expand_defaults(what);
-
if (what == DMARC_VERIFY_STATUS)
- return dmarc_status;
+ return f.dmarc_disable_verify ? US"off" : US"none";
return US"";
}
-uschar *
-dmarc_exim_expand_defaults(int what)
+static uschar *
+dmarc_exim_expand_query(int what)
{
+if (f.dmarc_disable_verify || !dmarc_pctx)
+ return dmarc_exim_expand_defaults(what);
+
if (what == DMARC_VERIFY_STATUS)
- return f.dmarc_disable_verify ? US"off" : US"none";
+ return dmarc_status;
return US"";
}
-gstring *
+static gstring *
authres_dmarc(gstring * g)
{
if (f.dmarc_has_been_checked)
@@ -711,6 +736,55 @@ else
return g;
}
+/******************************************************************************/
+/* Module API */
+
+static optionlist dmarc_options[] = {
+ { "dmarc_forensic_sender", opt_stringptr, {&dmarc_forensic_sender} },
+ { "dmarc_history_file", opt_stringptr, {&dmarc_history_file} },
+ { "dmarc_tld_file", opt_stringptr, {&dmarc_tld_file} },
+};
+
+static void * dmarc_functions[] = {
+ dmarc_process,
+ dmarc_exim_expand_query,
+ authres_dmarc,
+ dmarc_store_data,
+};
+
+/* dmarc_forensic_sender is provided for visibility of the the option setting
+by moan_send_message. We do not document it as a config-visible $variable.
+We could provide it via a function but there's little advantage. */
+
+static var_entry dmarc_variables[] = {
+ { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
+ { "dmarc_forensic_sender", vtype_stringptr, &dmarc_forensic_sender },
+ { "dmarc_status", vtype_stringptr, &dmarc_status },
+ { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
+ { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
+};
+
+misc_module_info dmarc_module_info =
+{
+ .name = US"dmarc",
+# if SUPPORT_SPF==2
+ .dyn_magic = MISC_MODULE_MAGIC,
+# endif
+ .init = dmarc_init,
+ .lib_vers_report = dmarc_version_report,
+ .smtp_reset = dmarc_smtp_reset,
+ .msg_init = dmarc_msg_init,
+
+ .options = dmarc_options,
+ .options_count = nelem(dmarc_options),
+
+ .functions = dmarc_functions,
+ .functions_count = nelem(dmarc_functions),
+
+ .variables = dmarc_variables,
+ .variables_count = nelem(dmarc_variables),
+};
+
# endif /* SUPPORT_SPF */
#endif /* SUPPORT_DMARC */
/* vi: aw ai sw=2
diff --git a/src/src/dmarc.h b/src/src/miscmods/dmarc.h
similarity index 84%
rename from src/src/dmarc.h
rename to src/src/miscmods/dmarc.h
index dcf289f2d..c1cafd0d1 100644
--- a/src/src/dmarc.h
+++ b/src/src/miscmods/dmarc.h
@@ -13,20 +13,11 @@
#ifdef SUPPORT_DMARC
-# include "opendmarc/dmarc.h"
+# include <opendmarc/dmarc.h>
# ifdef SUPPORT_SPF
-# include "spf2/spf.h"
+# include <spf2/spf.h>
# endif /* SUPPORT_SPF */
-/* prototypes */
-gstring * dmarc_version_report(gstring *);
-int dmarc_init(void);
-int dmarc_conn_init(void);
-int dmarc_store_data(header_line *);
-int dmarc_process(void);
-uschar *dmarc_exim_expand_query(int);
-uschar *dmarc_exim_expand_defaults(int);
-
#define DMARC_VERIFY_STATUS 1
#define DMARC_HIST_OK 1
diff --git a/src/src/miscmods/spf.c b/src/src/miscmods/spf.c
index a7b6c6a8d..f28fd0cbf 100644
--- a/src/src/miscmods/spf.c
+++ b/src/src/miscmods/spf.c
@@ -287,29 +287,30 @@ return TRUE;
messages on the same SMTP connection (that come from the
same host with the same HELO string).
-Return: Boolean success
+Return: OK/FAIL
*/
-static BOOL
-spf_conn_init(uschar * spf_helo_domain, uschar * spf_remote_addr)
+static int
+spf_conn_init(const uschar * spf_helo_domain, const uschar * spf_remote_addr)
{
DEBUG(D_receive)
debug_printf("spf_conn_init: %s %s\n", spf_helo_domain, spf_remote_addr);
-if (!spf_server && !spf_init(NULL)) return FALSE;
+if (!spf_server && !spf_init(NULL))
+ return FAIL;
if (SPF_server_set_rec_dom(spf_server, CS primary_hostname))
{
DEBUG(D_receive) debug_printf("spf: SPF_server_set_rec_dom(\"%s\") failed.\n",
primary_hostname);
spf_server = NULL;
- return FALSE;
+ return FAIL;
}
spf_request = SPF_request_new(spf_server);
-if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
- && SPF_request_set_ipv6_str(spf_request, CS spf_remote_addr)
+if ( SPF_request_set_ipv4_str(spf_request, CCS spf_remote_addr)
+ && SPF_request_set_ipv6_str(spf_request, CCS spf_remote_addr)
)
{
DEBUG(D_receive)
@@ -317,19 +318,19 @@ if ( SPF_request_set_ipv4_str(spf_request, CS spf_remote_addr)
"SPF_request_set_ipv6_str() failed [%s]\n", spf_remote_addr);
spf_server = NULL;
spf_request = NULL;
- return FALSE;
+ return FAIL;
}
-if (SPF_request_set_helo_dom(spf_request, CS spf_helo_domain))
+if (SPF_request_set_helo_dom(spf_request, CCS spf_helo_domain))
{
DEBUG(D_receive) debug_printf("spf: SPF_set_helo_dom(\"%s\") failed.\n",
spf_helo_domain);
spf_server = NULL;
spf_request = NULL;
- return FALSE;
+ return FAIL;
}
-return TRUE;
+return OK;
}
static void
@@ -564,11 +565,9 @@ static optionlist spf_options[] = {
};
static void * spf_functions[] = {
- spf_conn_init,
spf_process,
authres_spf,
spf_get_response, /* ugly; for dmarc */
- spf_smtp_reset,
spf_lookup_open,
spf_lookup_close,
@@ -592,6 +591,8 @@ misc_module_info spf_module_info =
# endif
.init = spf_init,
.lib_vers_report = spf_lib_version_report,
+ .conn_init = spf_conn_init,
+ .smtp_reset = spf_smtp_reset,
.options = spf_options,
.options_count = nelem(spf_options),
diff --git a/src/src/moan.c b/src/src/moan.c
index 19d29190b..08258f5d1 100644
--- a/src/src/moan.c
+++ b/src/src/moan.c
@@ -178,8 +178,7 @@ header From: and grab the address from that for the envelope FROM. */
GET_OPTION("dmarc_forensic_sender");
if ( ident == ERRMESS_DMARC_FORENSIC
- && dmarc_forensic_sender
- && (s = expand_string(dmarc_forensic_sender))
+ && (s = expand_string(US"$dmarc_forensic_sender")) /* a hack... */
&& *s
&& (s2 = expand_string(string_sprintf("${address:%s}", s)))
&& *s2
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 1fe6b7341..ae7073229 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -129,9 +129,9 @@ static optionlist optionlist_config[] = {
{ "dkim_verify_signers", opt_stringptr, {&dkim_verify_signers} },
#endif
#ifdef SUPPORT_DMARC
- { "dmarc_forensic_sender", opt_stringptr, {&dmarc_forensic_sender} },
- { "dmarc_history_file", opt_stringptr, {&dmarc_history_file} },
- { "dmarc_tld_file", opt_stringptr, {&dmarc_tld_file} },
+ { "dmarc_forensic_sender", opt_module, {US"dmarc"} },
+ { "dmarc_history_file", opt_module, {US"dmarc"} },
+ { "dmarc_tld_file", opt_module, {US"dmarc"} },
#endif
{ "dns_again_means_nonexist", opt_stringptr, {&dns_again_means_nonexist} },
{ "dns_check_names_pattern", opt_stringptr, {&check_dns_names_pattern} },
@@ -1707,7 +1707,7 @@ static BOOL
readconf_handle_option(uschar *buffer, optionlist *oltop, int last,
void *data_block, uschar *unknown_txt)
{
-int ptr = 0;
+int ptr;
int offset = 0;
int count, type, value;
int issecure = 0;
@@ -1721,11 +1721,16 @@ rmark reset_point;
int intbase = 0;
uschar *inttype = US"";
uschar *sptr;
-const uschar * s = buffer;
+const uschar * s;
uschar **str_target;
uschar name[EXIM_DRIVERNAME_MAX];
uschar name2[EXIM_DRIVERNAME_MAX];
+sublist:
+
+s = buffer;
+ptr = 0;
+
/* There may be leading spaces; thereafter, we expect an option name starting
with a letter. */
@@ -1764,8 +1769,6 @@ if (Ustrncmp(name, "not_", 4) == 0)
offset = 4;
}
-sublist:
-
/* Search the list for the given name. A non-existent name, or an option that
is set twice, is a disaster. */
@@ -2454,7 +2457,6 @@ switch (type)
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
"failed to find %s module for %s: %s", US ol->v.value, name, errstr);
-debug_printf("hunting for option %s in module %s\n", name, mi->name);
oltop = mi->options;
last = mi->options_count;
goto sublist;
@@ -3516,6 +3518,9 @@ if (!*spool_directory)
/* Expand the spool directory name; it may, for example, contain the primary
host name. Same comment about failure. */
+DEBUG(D_any) if (Ustrchr(spool_directory, '$'))
+ debug_printf("Expanding spool_directory option\n");
+
if (!(s = expand_string(spool_directory)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand spool_directory "
"\"%s\": %s", spool_directory, expand_string_message);
diff --git a/src/src/receive.c b/src/src/receive.c
index 336b37410..37b152f48 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -17,7 +17,7 @@ extern int dcc_ok;
#endif
#ifdef SUPPORT_DMARC
-# include "dmarc.h"
+# include "miscmods/dmarc.h"
#endif
/*************************************************
@@ -1835,9 +1835,8 @@ if (smtp_input && !smtp_batched_input && !f.dkim_disable_verify)
dkim_exim_verify_init(chunking_state <= CHUNKING_OFFERED);
#endif
-#ifdef SUPPORT_DMARC
-if (sender_host_address) dmarc_conn_init(); /* initialize libopendmarc */
-#endif
+if (misc_mod_msg_init() != OK)
+ goto TIDYUP;
/* In SMTP sessions we may receive several messages in one connection. Before
each subsequent one, we wait for the clock to tick at the level of message-id
@@ -3627,7 +3626,14 @@ else
#endif /* WITH_CONTENT_SCAN */
#ifdef SUPPORT_DMARC
- dmarc_store_data(dmarc_from_header);
+ {
+ misc_module_info * mi = misc_mod_findonly(US"dmarc");
+ if (mi)
+ {
+ typedef int (*fn_t)(header_line *);
+ (((fn_t *) mi->functions)[3]) (dmarc_from_header);
+ }
+ }
#endif
#ifndef DISABLE_PRDR
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index f9bd3ece8..adf6c59cb 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1681,16 +1681,6 @@ bmi_run = 0;
bmi_verdicts = NULL;
#endif
dnslist_domain = dnslist_matched = NULL;
-#ifdef SUPPORT_SPF
- {
- misc_module_info * mi = misc_mod_findonly(US"spf");
- if (mi)
- {
- typedef void (*fn_t)(void);
- (((fn_t *) mi->functions)[4])(); /* spf_smtp_reset*/
- }
- }
-#endif
#ifndef DISABLE_DKIM
dkim_cur_signer = dkim_signers =
dkim_signing_domain = dkim_signing_selector = dkim_signatures = NULL;
@@ -1701,8 +1691,6 @@ dkim_key_length = 0;
#endif
#ifdef SUPPORT_DMARC
f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE;
-dmarc_domain_policy = dmarc_status = dmarc_status_text =
-dmarc_used_domain = NULL;
#endif
#ifdef EXPERIMENTAL_ARC
arc_state = arc_state_reason = NULL;
@@ -1742,6 +1730,7 @@ while (acl_warn_logged)
store_free(this);
}
+misc_mod_smtp_reset();
message_tidyup();
store_reset(reset_point);
@@ -4025,24 +4014,14 @@ while (done <= 0)
}
}
-#ifdef SUPPORT_SPF
- /* If we have an spf module, set up SPF context */
- {
- misc_module_info * mi = misc_mod_findonly(US"spf");
- if (mi)
+ /* For any misc-module having a connection-init routine, call it. */
+
+ if (misc_mod_conn_init(sender_helo_name, sender_host_address) != OK)
{
- /* We have hardwired function-call numbers, and also prototypes for the
- functions. We could do a function name table search for the number
- but I can't see how to deal with prototypes. Is a K&R non-prototyped
- function still usable with today's compilers? */
-
- typedef BOOL (*fn_t)(uschar *, uschar *);
- fn_t fn = ((fn_t *) mi->functions)[0]; /* spf_conn_init */
-
- (void) fn(sender_helo_name, sender_host_address);
+ DEBUG(D_receive) debug_printf("A module conn-init routine failed\n");
+ done = 1;
+ break;
}
- }
-#endif
/* Apply an ACL check if one is defined; afterwards, recheck
synchronization in case the client started sending in a delay. */
diff --git a/src/src/structs.h b/src/src/structs.h
index 2c8c77c43..46abac728 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -1023,6 +1023,9 @@ typedef struct misc_module_info {
unsigned dyn_magic;
BOOL (*init)(void *); /* arg is the misc_module_info ptr */
gstring * (*lib_vers_report)(gstring *); /* underlying library */
+ int (*conn_init)(const uschar *, const uschar *);
+ void (*smtp_reset)(void);
+ int (*msg_init)(void);
void * options;
unsigned options_count;
diff --git a/test/runtest b/test/runtest
index dcf6d76b2..ae227810c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1561,8 +1561,8 @@ RESET_AFTER_EXTRA_LINE_READ:
# Not all platforms build with SPF enabled
next if /(^$time_pid?spf_conn_init|spf_compile\.c)/;
next if /try option spf_smtp_comment_template$/;
- next if /loading module 'spf'$/;
- next if /^Loaded "spf"$/;
+ next if /loading module '(?:dmarc|spf)'$/;
+ next if /^$time_pid?Loaded "(?:dmarc|spf)"$/;
# Not all platforms have sendfile support
next if /^cannot use sendfile for body: no support$/;
diff --git a/test/stderr/0437 b/test/stderr/0437
index 29241cfd3..514a770f8 100644
--- a/test/stderr/0437
+++ b/test/stderr/0437
@@ -1,5 +1,6 @@
Exim version x.yz ....
Hints DB:
+Expanding spool_directory option
search_open: lsearch "TESTSUITE/aux-fixed/0437.ls"
search_find: file="TESTSUITE/aux-fixed/0437.ls"
key="spool" partial=-1 affix=NULL starflags=0 opts=NULL
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
