[exim-cvs] DMARC: expand main-config options. Bug 3102

Gitweb: https://git.exim.org/exim.git/commitdiff/a1ebfb2e46e13ee87afc91856a4af38175735d74

Commit:     a1ebfb2e46e13ee87afc91856a4af38175735d74
Parent:     62f96dce1ec64a4bd6ef2a8f2ef7197aeb10a40f
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Dec 11 14:05:04 2024 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Dec 11 15:54:11 2024 +0000

    DMARC: expand main-config options.  Bug 3102
---
 doc/doc-docbook/spec.xfpt | 17 ++++++++++++-----
 doc/doc-txt/ChangeLog     |  3 +++
 src/src/miscmods/dmarc.c  | 21 +++++++++++----------
 test/runtest              |  1 +
 4 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index dd12bc537..1fec82923 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -15995,8 +15995,8 @@ See section &<<SECDKIMVFY>>&.

 .options dmarc_forensic_sender main string&!! unset &&&
-         dmarc_history_file main string unset &&&
-         dmarc_tld_file main string unset
+         dmarc_history_file&!! main string unset &&&
+         dmarc_tld_file main&!! string unset
 .cindex DMARC "main section options"
 These options control DMARC processing.
 See section &<<SECDMARC>>& for details.
@@ -43139,10 +43139,13 @@ the most current version can be downloaded
 from a link at &url(https://publicsuffix.org/list/public_suffix_list.dat).
 See also the util/renew-opendmarc-tlds.sh script.
 The default for the option is unset.
-If not set, DMARC processing is disabled.
+.new
+It is expanded before use.
+If not set (or empty after expansion), DMARC processing is disabled.
+.wen

-The &%dmarc_history_file%& option, if set
+The &%dmarc_history_file%& option
.oindex &%dmarc_history_file%&
defines the location of a file to log results
of dmarc verification on inbound emails. The
@@ -43151,7 +43154,11 @@ which will manage the data, send out DMARC
reports, and expire the data. Make sure the
directory of this file is writable by the user
exim runs as.
-The default is unset.
+The default for the option is unset.
+.new
+It is expanded before use.
+If not set (or empty after expansion), no history is written.
+.wen

 The &%dmarc_forensic_sender%& option
 .oindex &%dmarc_forensic_sender%&
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c5a47662b..395ed4ada 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -90,6 +90,9 @@ JH/16 Bug 3124: Fix theoretical crash in received connection, triggerable by a
 JH/17 Bug 3126: Fix build error in the ibase lookup.  Find & fix by
       Andrew Aitchison.

+JH/18 Bug 3102: The dmarc_tld_file and dmarc_history_file options are now
+      expanded before use.
+
 Exim version 4.98
 -----------------

diff --git a/src/src/miscmods/dmarc.c b/src/src/miscmods/dmarc.c
index c16a7108c..3688879f1 100644
--- a/src/src/miscmods/dmarc.c
+++ b/src/src/miscmods/dmarc.c
@@ -137,6 +137,7 @@ dmarc_msg_init()
 {
 int *netmask   = NULL;   /* Ignored */
 int is_ipv6    = 0;
+uschar * s;

 /* Set some sane defaults.  Also clears previous results when
 multiple messages in one connection. */
@@ -165,7 +166,8 @@ if (libdm_status != DMARC_PARSE_OKAY)
                opendmarc_policy_status_to_str(libdm_status));
   dmarc_abort = TRUE;
   }
-if (!dmarc_tld_file || !*dmarc_tld_file)
+GET_OPTION("dmarc_tld_file");
+if (!(s = dmarc_tld_file) || !(s = expand_string(s)) || !*s)
   {
   DEBUG(D_receive) debug_printf_indent("DMARC: no dmarc_tld_file\n");
   dmarc_abort = TRUE;
@@ -297,28 +299,27 @@ return NULL;
 static int
 dmarc_write_history_file(const gstring * dkim_history_buffer)
 {
-int history_file_fd = 0;
-ssize_t written_len;
-int tmp_ans;
+int history_file_fd = 0, tmp_ans;
 u_char ** rua; /* aggregate report addressees */
+uschar * s;
 gstring * g;

-if (!dmarc_history_file)
+GET_OPTION("dmarc_history_file");
+if (!(s = dmarc_history_file) || !(s = expand_string(s)) || !*s)
   {
   DEBUG(D_receive) debug_printf_indent("DMARC history file not set\n");
   return DMARC_HIST_DISABLED;
   }
 if (!host_checking)
-  {
-  uschar * s = string_copy(dmarc_history_file);        /* need a writeable copy */
-  if ((history_file_fd = log_open_as_exim(s)) < 0)
+  /* Ensure we use a modifiiable copy for the filename */
+  if ((history_file_fd =
+    log_open_as_exim(s == dmarc_history_file ? string_copy(s) : s)) < 0)
     {
     log_write(0, LOG_MAIN|LOG_PANIC,
           "failure to create DMARC history file: %s: %s",
           s, strerror(errno));
     return DMARC_HIST_FILE_ERR;
     }
-  }

/* Generate the contents of the history file entry */

@@ -407,7 +408,7 @@ DEBUG(D_receive)

 if (!host_checking)
   {
-  written_len = write_to_fd_buf(history_file_fd,
+  ssize_t written_len = write_to_fd_buf(history_file_fd,
                 g->s,
                 gstring_length(g));
   if (written_len == 0)
diff --git a/test/runtest b/test/runtest
index a178659f9..846ce2cf7 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1629,6 +1629,7 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/ \[\d+\] (?=(LOG:  redirecting log|HINT:  Future log output))/ [pppp] /;

     # Not all builds include DMARC
+    next if /try option dmarc_tld_file$/;
     next if /^DMARC: no (dmarc_tld_file|sender_host_address)$/ ;

     # Platform differences in errno strings

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/