From: Tom Kistner Date: Thu, 15 Oct 2009 08:06:23 +0000 (+0000) Subject: Fix dkim_signers condition logic / Renamed dkim_signing_domains to dkim_signers X-Git-Tag: exim-4_70_RC3~50 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/9e5d6b5595f1b8a37fab6eaaa7b8f133e7ac3ff5 Fix dkim_signers condition logic / Renamed dkim_signing_domains to dkim_signers --- diff --git a/src/src/acl.c b/src/src/acl.c index 04b7fe5f5..7bcec314d 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.84 2009/10/14 14:48:41 nm4 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.85 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2789,20 +2789,11 @@ for (; cb != NULL; cb = cb->next) #ifndef DISABLE_DKIM case ACLC_DKIM_SIGNER: - if (dkim_signing_domain != NULL) - { - rc = match_isinlist(dkim_signing_domain, + if (dkim_cur_signer != NULL) + rc = match_isinlist(dkim_cur_signer, &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); - if (rc == FAIL) - { - rc = match_isinlist(dkim_exim_expand_query(DKIM_IDENTITY), - &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); - } - } else - { rc = FAIL; - } break; case ACLC_DKIM_STATUS: diff --git a/src/src/dkim.c b/src/src/dkim.c index 3109168a3..0ac1aeccf 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/dkim.c,v 1.4 2009/10/13 18:32:05 tom Exp $ */ +/* $Cambridge: exim/src/src/dkim.c,v 1.5 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -19,6 +19,7 @@ pdkim_ctx *dkim_verify_ctx = NULL; pdkim_signature *dkim_signatures = NULL; pdkim_signature *dkim_cur_sig = NULL; +uschar *dkim_cur_signer = NULL; int dkim_exim_query_dns_txt(char *name, char *answer) { dns_answer dnsa; @@ -81,9 +82,9 @@ void dkim_exim_verify_feed(uschar *data, int len) { void dkim_exim_verify_finish(void) { pdkim_signature *sig = NULL; - int dkim_signing_domains_size = 0; - int dkim_signing_domains_ptr = 0; - dkim_signing_domains = NULL; + int dkim_signers_size = 0; + int dkim_signers_ptr = 0; + dkim_signers = NULL; /* Delete eventual previous signature chain */ dkim_signatures = NULL; @@ -178,32 +179,42 @@ void dkim_exim_verify_finish(void) { logmsg[ptr] = '\0'; log_write(0, LOG_MAIN, (char *)logmsg); - /* Build a colon-separated list of signing domains in dkim_signing_domains */ - dkim_signing_domains = string_append(dkim_signing_domains, - &dkim_signing_domains_size, - &dkim_signing_domains_ptr, - 2, - sig->domain, - ":" - ); + /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ + dkim_signers = string_append(dkim_signers, + &dkim_signers_size, + &dkim_signers_ptr, + 2, + sig->domain, + ":" + ); + + if (sig->identity != NULL) { + dkim_signers = string_append(dkim_signers, + &dkim_signers_size, + &dkim_signers_ptr, + 2, + sig->identity, + ":" + ); + } /* Process next signature */ sig = sig->next; } /* Chop the last colon from the domain list */ - if ((dkim_signing_domains != NULL) && - (Ustrlen(dkim_signing_domains) > 0)) - dkim_signing_domains[Ustrlen(dkim_signing_domains)-1] = '\0'; + if ((dkim_signers != NULL) && + (Ustrlen(dkim_signers) > 0)) + dkim_signers[Ustrlen(dkim_signers)-1] = '\0'; } void dkim_exim_acl_setup(uschar *id) { pdkim_signature *sig = dkim_signatures; dkim_cur_sig = NULL; + dkim_cur_signer = id; if (dkim_disable_verify || - !id || !sig || - !dkim_verify_ctx) return; + !id || !dkim_verify_ctx) return; /* Find signature to run ACL on */ while (sig != NULL) { uschar *cmp_val = NULL; diff --git a/src/src/dkim.h b/src/src/dkim.h index 28459c58a..70258e3be 100644 --- a/src/src/dkim.h +++ b/src/src/dkim.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/dkim.h,v 1.2 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/dkim.h,v 1.3 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -15,6 +15,8 @@ void dkim_exim_acl_setup(uschar *); uschar *dkim_exim_expand_query(int); uschar *dkim_exim_expand_defaults(int); +extern uschar *dkim_cur_signer; + #define DKIM_ALGO 1 #define DKIM_BODYLENGTH 2 #define DKIM_CANON_BODY 3 diff --git a/src/src/expand.c b/src/src/expand.c index b52901c32..a8fccac4c 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/expand.c,v 1.101 2009/10/14 14:48:41 nm4 Exp $ */ +/* $Cambridge: exim/src/src/expand.c,v 1.102 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -423,7 +423,7 @@ static var_entry var_table[] = { { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE }, { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING }, { "dkim_selector", vtype_stringptr, &dkim_signing_selector }, - { "dkim_signing_domains",vtype_stringptr, &dkim_signing_domains }, + { "dkim_signers", vtype_stringptr, &dkim_signers }, { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON }, { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS}, #endif diff --git a/src/src/globals.c b/src/src/globals.c index dcb6bece0..7546ed478 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.82 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.83 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -532,10 +532,10 @@ BOOL disable_ipv6 = FALSE; BOOL disable_logging = FALSE; #ifndef DISABLE_DKIM -uschar *dkim_signing_domains = NULL; +uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; -uschar *dkim_verify_signers = US"$dkim_signing_domains"; +uschar *dkim_verify_signers = US"$dkim_signers"; BOOL dkim_collect_input = FALSE; BOOL dkim_disable_verify = FALSE; #endif diff --git a/src/src/globals.h b/src/src/globals.h index ff087dfbc..87fc4457a 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.63 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.64 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -299,7 +299,7 @@ extern BOOL disable_ipv6; /* Don't do any IPv6 things */ extern BOOL disable_logging; /* Disables log writing when TRUE */ #ifndef DISABLE_DKIM -extern uschar *dkim_signing_domains; /* Expansion variable, holds colon-separated list of domains that have signed a message */ +extern uschar *dkim_signers; /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */ extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */ extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for each of which we call the DKIM ACL */ diff --git a/src/src/receive.c b/src/src/receive.c index 734ca7737..3741818db 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/receive.c,v 1.46 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/receive.c,v 1.47 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2993,11 +2993,22 @@ else int sep = 0; uschar *ptr = dkim_verify_signers_expanded; uschar *item = NULL; + uschar *seen_items = NULL; + int seen_items_size = 0; + int seen_items_offset = 0; uschar itembuf[256]; while ((item = string_nextinlist(&ptr, &sep, itembuf, sizeof(itembuf))) != NULL) { + /* Only run ACL once for each domain or identity, no matter how often it + appears in the expanded list. */ + if (seen_items != NULL) { + if (match_isinlist(item, + &seen_items,0,NULL,NULL,MCL_STRING,TRUE,NULL) == OK) continue; + string_cat(seen_items,&seen_items_size,&seen_items_offset,":",1); + } + string_cat(seen_items,&seen_items_size,&seen_items_offset,item,Ustrlen(item)); dkim_exim_acl_setup(item); rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg); if (rc != OK) break; diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index b9d92d631..03374c3ad 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.64 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.65 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1041,7 +1041,7 @@ bmi_run = 0; bmi_verdicts = NULL; #endif #ifndef DISABLE_DKIM -dkim_signing_domains = NULL; +dkim_signers = NULL; dkim_disable_verify = FALSE; dkim_collect_input = FALSE; #endif diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 1674e78f0..86ba6a286 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/spool_in.c,v 1.24 2009/06/10 07:34:04 tom Exp $ */ +/* $Cambridge: exim/src/src/spool_in.c,v 1.25 2009/10/15 08:06:23 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -279,7 +279,7 @@ bmi_verdicts = NULL; #endif #ifndef DISABLE_DKIM -dkim_signing_domains = NULL; +dkim_signers = NULL; dkim_disable_verify = FALSE; dkim_collect_input = FALSE; #endif