-# $Cambridge: exim/src/OS/Makefile-Base,v 1.16.2.1 2009/02/24 13:13:46 tom Exp $
+# $Cambridge: exim/src/OS/Makefile-Base,v 1.16.2.2 2009/02/24 15:57:55 tom Exp $
# This file is the basis of the main makefile for Exim and friends. The
# makefile at the top level arranges to build the main makefile by calling
OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
OBJ_WITH_OLD_DEMIME = demime.o
-OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dk.o dcc.o
+OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o
# Targets for final binaries; the main one has a build number which is
# updated each time. We don't bother with that for the auxiliaries.
OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
- filtertest.o globals.o \
+ filtertest.o globals.o dkim.o \
header.o host.o ip.o log.o lss.o match.o moan.o \
os.o parse.o queue.o \
rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
transport.o: $(HDRS) transport.c
tree.o: $(HDRS) tree.c
verify.o: $(HDRS) verify.c
-
+dkim.o: $(HDRS) dkim.c
# Dependencies for WITH_CONTENT_SCAN modules
bmi_spam.o: $(HDRS) bmi_spam.c
spf.o: $(HDRS) spf.h spf.c
srs.o: $(HDRS) srs.h srs.c
-dk.o: $(HDRS) dk.h dk.c
dcc.o: $(HDRS) dcc.h dcc.c
# The module containing tables of available lookups, routers, auths, and
-/* $Cambridge: exim/src/OS/os.h-Linux,v 1.7 2007/10/04 13:28:06 tom Exp $ */
+/* $Cambridge: exim/src/OS/os.h-Linux,v 1.7.2.1 2009/02/24 15:57:55 tom Exp $ */
/* Exim: OS-specific C header file for Linux */
#define NO_IP_VAR_H
#define SIG_IGN_WORKS
-/* When using the experimental Domainkeys/DKIM extensions, setting
-HAVE_LINUX_SENDFILE can increase performance on outgoing mail a bit.
-Note: With older glibc versions this setting will conflict with the
-_FILE_OFFSET_BITS=64 setting defined as part of the Linux CFLAGS. */
+/* When using the DKIM, setting HAVE_LINUX_SENDFILE can increase
+performance on outgoing mail a bit. Note: With older glibc versions
+this setting will conflict with the _FILE_OFFSET_BITS=64 setting
+defined as part of the Linux CFLAGS. */
/* #define HAVE_LINUX_SENDFILE */
#!/bin/sh
-# $Cambridge: exim/src/scripts/MakeLinks,v 1.14.2.1 2009/02/24 13:13:47 tom Exp $
+# $Cambridge: exim/src/scripts/MakeLinks,v 1.14.2.2 2009/02/24 15:57:55 tom Exp $
# Script to build links for all the exim source files from the system-
# specific build directory. It should be run from within that directory.
ln -s ../src/tree.c tree.c
ln -s ../src/verify.c verify.c
ln -s ../src/version.c version.c
+ln -s ../src/dkim.c dkim.c
+ln -s ../src/dkim.h dkim.h
# WITH_CONTENT_SCAN
ln -s ../src/spam.c spam.c
ln -s ../src/spf.h spf.h
ln -s ../src/srs.c srs.c
ln -s ../src/srs.h srs.h
-ln -s ../src/dk.c dk.c
-ln -s ../src/dk.h dk.h
-ln -s ../src/dkim-exim.c dkim-exim.c
-ln -s ../src/dkim-exim.h dkim-exim.h
ln -s ../src/dcc.c dcc.c
ln -s ../src/dcc.h dcc.h
-/* $Cambridge: exim/src/src/acl.c,v 1.82 2008/02/12 12:52:51 nm4 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.82.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
ACLC_DELAY,
#ifdef WITH_OLD_DEMIME
ACLC_DEMIME,
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- ACLC_DK_DOMAIN_SOURCE,
- ACLC_DK_POLICY,
- ACLC_DK_SENDER_DOMAINS,
- ACLC_DK_SENDER_LOCAL_PARTS,
- ACLC_DK_SENDERS,
- ACLC_DK_STATUS,
#endif
ACLC_DNSLISTS,
ACLC_DOMAINS,
US"delay",
#ifdef WITH_OLD_DEMIME
US"demime",
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- US"dk_domain_source",
- US"dk_policy",
- US"dk_sender_domains",
- US"dk_sender_local_parts",
- US"dk_senders",
- US"dk_status",
#endif
US"dnslists",
US"domains",
#ifdef EXPERIMENTAL_BRIGHTMAIL
CONTROL_BMI_RUN,
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- CONTROL_DK_VERIFY,
- #endif
- #ifdef EXPERIMENTAL_DKIM
+ #ifndef DISABLE_DKIM
CONTROL_DKIM_VERIFY,
#endif
CONTROL_ERROR,
#ifdef EXPERIMENTAL_BRIGHTMAIL
US"bmi_run",
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- US"dk_verify",
- #endif
- #ifdef EXPERIMENTAL_DKIM
+ #ifndef DISABLE_DKIM
US"dkim_verify",
#endif
US"error",
TRUE, /* delay */
#ifdef WITH_OLD_DEMIME
TRUE, /* demime */
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- TRUE, /* dk_domain_source */
- TRUE, /* dk_policy */
- TRUE, /* dk_sender_domains */
- TRUE, /* dk_sender_local_parts */
- TRUE, /* dk_senders */
- TRUE, /* dk_status */
#endif
TRUE, /* dnslists */
FALSE, /* domains */
TRUE, /* delay */
#ifdef WITH_OLD_DEMIME
FALSE, /* demime */
-#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- FALSE, /* dk_domain_source */
- FALSE, /* dk_policy */
- FALSE, /* dk_sender_domains */
- FALSE, /* dk_sender_local_parts */
- FALSE, /* dk_senders */
- FALSE, /* dk_status */
#endif
FALSE, /* dnslists */
FALSE, /* domains */
~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* demime */
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- (1<<ACL_WHERE_AUTH)| /* dk_domain_source */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
-
- (1<<ACL_WHERE_AUTH)| /* dk_policy */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
-
- (1<<ACL_WHERE_AUTH)| /* dk_sender_domains */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
-
- (1<<ACL_WHERE_AUTH)| /* dk_sender_local_parts */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
-
- (1<<ACL_WHERE_AUTH)| /* dk_senders */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
-
- (1<<ACL_WHERE_AUTH)| /* dk_status */
- (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
- (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
- (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
- (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
- (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
- (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_NOTSMTP_START),
- #endif
-
(1<<ACL_WHERE_NOTSMTP)| /* dnslists */
(1<<ACL_WHERE_NOTSMTP_START),
0, /* bmi_run */
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dk_verify */
- (1<<ACL_WHERE_NOTSMTP_START),
- #endif
-
- #ifdef EXPERIMENTAL_DKIM
+ #ifndef DISABLE_DKIM
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dkim_verify */
(1<<ACL_WHERE_NOTSMTP_START),
#endif
#ifdef EXPERIMENTAL_BRIGHTMAIL
{ US"bmi_run", CONTROL_BMI_RUN, FALSE },
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- { US"dk_verify", CONTROL_DK_VERIFY, FALSE },
-#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
{ US"dkim_verify", CONTROL_DKIM_VERIFY, FALSE },
#endif
{ US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE },
break;
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- case CONTROL_DK_VERIFY:
- dk_do_verify = 1;
- break;
- #endif
-
- #ifdef EXPERIMENTAL_DKIM
+ #ifndef DISABLE_DKIM
case CONTROL_DKIM_VERIFY:
dkim_do_verify = 1;
break;
break;
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- case ACLC_DK_DOMAIN_SOURCE:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- /* check header source of domain against given string */
- switch (dk_verify_block->address_source) {
- case DK_EXIM_ADDRESS_FROM_FROM:
- rc = match_isinlist(US"from", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_ADDRESS_FROM_SENDER:
- rc = match_isinlist(US"sender", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_ADDRESS_NONE:
- rc = match_isinlist(US"none", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- }
- break;
-
- case ACLC_DK_POLICY:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- /* check policy against given string, default FAIL */
- rc = FAIL;
- if (dk_verify_block->signsall)
- rc = match_isinlist(US"signsall", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- if (dk_verify_block->testing)
- rc = match_isinlist(US"testing", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
-
- case ACLC_DK_SENDER_DOMAINS:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- if (dk_verify_block->domain != NULL)
- rc = match_isinlist(dk_verify_block->domain, &arg, 0, &domainlist_anchor,
- NULL, MCL_DOMAIN, TRUE, NULL);
- else rc = FAIL;
- break;
-
- case ACLC_DK_SENDER_LOCAL_PARTS:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- if (dk_verify_block->local_part != NULL)
- rc = match_isinlist(dk_verify_block->local_part, &arg, 0, &localpartlist_anchor,
- NULL, MCL_LOCALPART, TRUE, NULL);
- else rc = FAIL;
- break;
-
- case ACLC_DK_SENDERS:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- if (dk_verify_block->address != NULL)
- rc = match_address_list(dk_verify_block->address, TRUE, TRUE, &arg, NULL, -1, 0, NULL);
- else rc = FAIL;
- break;
-
- case ACLC_DK_STATUS:
- if (dk_verify_block == NULL) { rc = FAIL; break; };
- if (dk_verify_block->result > 0) {
- switch(dk_verify_block->result) {
- case DK_EXIM_RESULT_BAD_FORMAT:
- rc = match_isinlist(US"bad format", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_NO_KEY:
- rc = match_isinlist(US"no key", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_NO_SIGNATURE:
- rc = match_isinlist(US"no signature", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_REVOKED:
- rc = match_isinlist(US"revoked", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_NON_PARTICIPANT:
- rc = match_isinlist(US"non-participant", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_GOOD:
- rc = match_isinlist(US"good", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- case DK_EXIM_RESULT_BAD:
- rc = match_isinlist(US"bad", &arg, 0, NULL,
- NULL, MCL_STRING, TRUE, NULL);
- break;
- }
- }
- break;
- #endif
-
case ACLC_DNSLISTS:
rc = verify_check_dnsbl(&arg);
break;
-/* $Cambridge: exim/src/src/config.h.defaults,v 1.16 2008/01/17 13:03:35 tom Exp $ */
+/* $Cambridge: exim/src/src/config.h.defaults,v 1.16.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/* EXPERIMENTAL features */
#define EXPERIMENTAL_SPF
#define EXPERIMENTAL_SRS
-#define EXPERIMENTAL_DOMAINKEYS
-#define EXPERIMENTAL_DKIM
#define EXPERIMENTAL_BRIGHTMAIL
#define EXPERIMENTAL_DCC
+++ /dev/null
-/* $Cambridge: exim/src/src/dk.c,v 1.12 2007/01/08 10:50:18 ph10 Exp $ */
-
-/*************************************************
-* Exim - an Internet mail transport agent *
-*************************************************/
-
-/* Copyright (c) University of Cambridge 1995 - 2007 */
-/* See the file NOTICE for conditions of use and distribution. */
-
-/* Code for DomainKeys support. Other DK relevant code is in
- receive.c, transport.c and transports/smtp.c */
-
-#include "exim.h"
-
-#ifdef EXPERIMENTAL_DOMAINKEYS
-
-/* Globals related to the DK reference library. */
-DK *dk_context = NULL;
-DK_LIB *dk_lib = NULL;
-DK_FLAGS dk_flags;
-DK_STAT dk_internal_status;
-
-/* Globals related to Exim DK implementation. */
-dk_exim_verify_block *dk_verify_block = NULL;
-
-/* Global char buffer for getc/ungetc functions. We need
- to accumulate some chars to be able to match EOD and
- doubled SMTP dots. Those must not be fed to the validation
- engine. */
-int dkbuff[6] = {256,256,256,256,256,256};
-
-/* receive_getc() wrapper that feeds DK while Exim reads
- the message. */
-int dk_receive_getc(void) {
- int i;
- int c = receive_getc();
-
- if (dk_context != NULL) {
- /* Send oldest byte */
- if ((dkbuff[0] < 256) && (dk_internal_status == DK_STAT_OK)) {
- dk_internal_status = dk_message(dk_context, CUS &dkbuff[0], 1);
- if (dk_internal_status != DK_STAT_OK)
- DEBUG(D_receive) debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- }
- /* rotate buffer */
- for (i=0;i<5;i++) dkbuff[i]=dkbuff[i+1];
- dkbuff[5]=c;
- /* look for our candidate patterns */
- if ( (dkbuff[1] == '\r') &&
- (dkbuff[2] == '\n') &&
- (dkbuff[3] == '.') &&
- (dkbuff[4] == '\r') &&
- (dkbuff[5] == '\n') ) {
- /* End of DATA */
- dkbuff[3] = 256;
- dkbuff[4] = 256;
- dkbuff[5] = 256;
- }
- if ( (dkbuff[2] == '\r') &&
- (dkbuff[3] == '\n') &&
- (dkbuff[4] == '.') &&
- (dkbuff[5] == '.') ) {
- /* doubled dot, skip this char */
- dkbuff[5] = 256;
- }
- }
-return c;
-}
-
-/* When exim puts a char back in the fd, we
- must rotate our buffer back. */
-int dk_receive_ungetc(int c) {
- int i;
- if (dk_context != NULL) {
- /* rotate buffer back */
- for (i=5;i>0;i--) dkbuff[i]=dkbuff[i-1];
- dkbuff[0]=256;
- }
- return receive_ungetc(c);
-}
-
-
-void dk_exim_verify_init(void) {
- int old_pool = store_pool;
- store_pool = POOL_PERM;
-
- /* Reset DK state in any case. */
- dk_context = NULL;
- dk_lib = NULL;
- dk_verify_block = NULL;
-
- /* Set up DK context if DK was requested and input is SMTP. */
- if (smtp_input && !smtp_batched_input && dk_do_verify) {
- /* initialize library */
- dk_lib = dk_init(&dk_internal_status);
- if (dk_internal_status != DK_STAT_OK)
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- else {
- /* initialize verification context */
- dk_context = dk_verify(dk_lib, &dk_internal_status);
- if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- dk_context = NULL;
- }
- else {
- /* Reserve some space for the verify block. */
- dk_verify_block = store_get(sizeof(dk_exim_verify_block));
- if (dk_verify_block == NULL) {
- debug_printf("DK: Can't allocate %d bytes.\n",sizeof(dk_exim_verify_block));
- dk_context = NULL;
- }
- else {
- memset(dk_verify_block, 0, sizeof(dk_exim_verify_block));
- }
- }
- }
- }
- store_pool = old_pool;
-}
-
-
-void dk_exim_verify_finish(void) {
- char *p,*q;
- int i;
- int old_pool = store_pool;
-
- /* Bail out if context could not be set up earlier. */
- if (dk_context == NULL)
- return;
-
- store_pool = POOL_PERM;
-
- /* Send remaining bytes from input which are still in the buffer. */
- for (i=0;i<6;i++)
- if (dkbuff[i] < 256)
- dk_internal_status = dk_message(dk_context, CUS &dkbuff[i], 1);
-
- /* Flag end-of-message. */
- dk_internal_status = dk_end(dk_context, &dk_flags);
-
- /* dk_flags now has the selector flags (if there was one).
- It seems that currently only the "t=" flag is supported
- in selectors. */
- if (dk_flags & DK_FLAG_SET)
- if (dk_flags & DK_FLAG_TESTING)
- dk_verify_block->testing = TRUE;
-
- /* Grab address/domain information. */
- p = dk_address(dk_context);
- if (p != NULL) {
- switch(p[0]) {
- case 'N':
- dk_verify_block->address_source = DK_EXIM_ADDRESS_NONE;
- break;
- case 'S':
- dk_verify_block->address_source = DK_EXIM_ADDRESS_FROM_SENDER;
- break;
- case 'F':
- dk_verify_block->address_source = DK_EXIM_ADDRESS_FROM_FROM;
- break;
- }
- p++;
- if (*p != '\0') {
- dk_verify_block->address = string_copy((uschar *)p);
- q = strrchr(p,'@');
- if ((q != NULL) && (*(q+1) != '\0')) {
- dk_verify_block->domain = string_copy((uschar *)(q+1));
- *q = '\0';
- dk_verify_block->local_part = string_copy((uschar *)p);
- *q = '@';
- }
- }
- }
-
- /* Now grab the domain-wide DK policy */
- dk_flags = dk_policy(dk_context);
-
- if (dk_flags & DK_FLAG_SET) {
- /* Selector "t=" flag has precedence, don't overwrite it if
- the selector has set it above. */
- if ((dk_flags & DK_FLAG_TESTING) && !dk_verify_block->testing)
- dk_verify_block->testing = TRUE;
- if (dk_flags & DK_FLAG_SIGNSALL)
- dk_verify_block->signsall = TRUE;
- }
-
- /* Set up main result. */
- switch(dk_internal_status)
- {
- case DK_STAT_NOSIG:
- dk_verify_block->is_signed = FALSE;
- dk_verify_block->result = DK_EXIM_RESULT_NO_SIGNATURE;
- break;
- case DK_STAT_OK:
- dk_verify_block->is_signed = TRUE;
- dk_verify_block->result = DK_EXIM_RESULT_GOOD;
- break;
- case DK_STAT_BADSIG:
- dk_verify_block->is_signed = TRUE;
- dk_verify_block->result = DK_EXIM_RESULT_BAD;
- break;
- case DK_STAT_REVOKED:
- dk_verify_block->is_signed = TRUE;
- dk_verify_block->result = DK_EXIM_RESULT_REVOKED;
- break;
- case DK_STAT_BADKEY:
- case DK_STAT_SYNTAX:
- dk_verify_block->is_signed = TRUE;
- /* Syntax -> Bad format? */
- dk_verify_block->result = DK_EXIM_RESULT_BAD_FORMAT;
- break;
- case DK_STAT_NOKEY:
- dk_verify_block->is_signed = TRUE;
- dk_verify_block->result = DK_EXIM_RESULT_NO_KEY;
- break;
- case DK_STAT_NORESOURCE:
- case DK_STAT_INTERNAL:
- case DK_STAT_ARGS:
- case DK_STAT_CANTVRFY:
- dk_verify_block->result = DK_EXIM_RESULT_ERR;
- break;
- /* This is missing DK_EXIM_RESULT_NON_PARTICIPANT. The lib does not
- report such a status. */
- }
-
- /* Set up human readable result string. */
- dk_verify_block->result_string = string_copy((uschar *)DK_STAT_to_string(dk_internal_status));
-
- /* All done, reset dk_context. */
- dk_free(dk_context,1);
- dk_context = NULL;
-
- store_pool = old_pool;
-}
-
-uschar *dk_exim_sign(int dk_fd,
- uschar *dk_private_key,
- uschar *dk_domain,
- uschar *dk_selector,
- uschar *dk_canon) {
- uschar *rc = NULL;
- uschar *headers = NULL;
- int headers_len;
- int dk_canon_int = DK_CANON_SIMPLE;
- char buf[4096];
- int seen_lf = 0;
- int seen_lfdot = 0;
- uschar sig[1024];
- int save_errno = 0;
- int sread;
- int old_pool = store_pool;
- store_pool = POOL_PERM;
-
- dk_lib = dk_init(&dk_internal_status);
- if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- rc = NULL;
- goto CLEANUP;
- }
-
- /* Figure out what canonicalization to use. Unfortunately
- we must do this BEFORE knowing which domain we sign for. */
- if ((dk_canon != NULL) && (Ustrcmp(dk_canon, "nofws") == 0)) dk_canon_int = DK_CANON_NOFWS;
- else dk_canon = US "simple";
-
- /* Initialize signing context. */
- dk_context = dk_sign(dk_lib, &dk_internal_status, dk_canon_int);
- if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- dk_context = NULL;
- goto CLEANUP;
- }
-
- while((sread = read(dk_fd,&buf,4096)) > 0) {
- int pos = 0;
- char c;
-
- while (pos < sread) {
- c = buf[pos++];
-
- if ((c == '.') && seen_lfdot) {
- /* escaped dot, write "\n.", continue */
- dk_message(dk_context, CUS "\n.", 2);
- seen_lf = 0;
- seen_lfdot = 0;
- continue;
- }
-
- if (seen_lfdot) {
- /* EOM, write "\n" and break */
- dk_message(dk_context, CUS "\n", 1);
- break;
- }
-
- if ((c == '.') && seen_lf) {
- seen_lfdot = 1;
- continue;
- }
-
- if (seen_lf) {
- /* normal lf, just send it */
- dk_message(dk_context, CUS "\n", 1);
- seen_lf = 0;
- }
-
- if (c == '\n') {
- seen_lf = 1;
- continue;
- }
-
- /* write the char */
- dk_message(dk_context, CUS &c, 1);
- }
- }
-
- /* Handle failed read above. */
- if (sread == -1) {
- debug_printf("DK: Error reading -K file.\n");
- save_errno = errno;
- rc = NULL;
- goto CLEANUP;
- }
-
- /* Flag end-of-message. */
- dk_internal_status = dk_end(dk_context, NULL);
- /* TODO: check status */
-
-
- /* Get domain to use, unless overridden. */
- if (dk_domain == NULL) {
- dk_domain = US dk_address(dk_context);
- switch(dk_domain[0]) {
- case 'N': dk_domain = NULL; break;
- case 'F':
- case 'S':
- dk_domain++;
- dk_domain = Ustrrchr(dk_domain,'@');
- if (dk_domain != NULL) {
- uschar *p;
- dk_domain++;
- p = dk_domain;
- while (*p != 0) { *p = tolower(*p); p++; }
- }
- break;
- }
- if (dk_domain == NULL) {
- debug_printf("DK: Could not determine domain to use for signing from message headers.\n");
- /* In this case, we return "OK" by sending up an empty string as the
- DomainKey-Signature header. If there is no domain to sign for, we
- can send the message anyway since the recipient has no policy to
- apply ... */
- rc = US"";
- goto CLEANUP;
- }
- }
- else {
- dk_domain = expand_string(dk_domain);
- if (dk_domain == NULL) {
- /* expansion error, do not send message. */
- debug_printf("DK: Error while expanding dk_domain option.\n");
- rc = NULL;
- goto CLEANUP;
- }
- }
-
- /* Set up $dk_domain expansion variable. */
- dk_signing_domain = dk_domain;
-
- /* Get selector to use. */
- dk_selector = expand_string(dk_selector);
- if (dk_selector == NULL) {
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dk_selector: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
-
- /* Set up $dk_selector expansion variable. */
- dk_signing_selector = dk_selector;
-
- /* Get private key to use. */
- dk_private_key = expand_string(dk_private_key);
- if (dk_private_key == NULL) {
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dk_private_key: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
-
- if ( (Ustrlen(dk_private_key) == 0) ||
- (Ustrcmp(dk_private_key,"0") == 0) ||
- (Ustrcmp(dk_private_key,"false") == 0) ) {
- /* don't sign, but no error */
- rc = US"";
- goto CLEANUP;
- }
-
- if (dk_private_key[0] == '/') {
- int privkey_fd = 0;
- /* Looks like a filename, load the private key. */
- memset(big_buffer,0,big_buffer_size);
- privkey_fd = open(CS dk_private_key,O_RDONLY);
- (void)read(privkey_fd,big_buffer,16383);
- (void)close(privkey_fd);
- dk_private_key = big_buffer;
- }
-
- /* Get the signature. */
- dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 1024);
-
- /* Check for unuseable key */
- if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
- rc = NULL;
- goto CLEANUP;
- }
-
- headers_len = dk_headers(dk_context, NULL);
- rc = store_get(1024+256+headers_len);
- headers = store_malloc(headers_len);
- dk_headers(dk_context, CS headers);
- /* Build DomainKey-Signature header to return. */
- (void)string_format(rc, 1024+256+headers_len, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;\r\n"
- "\th=%s;\r\n"
- "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, headers, sig);
-
- log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; s=%s; d=%s; h=%s;", dk_canon, dk_selector, dk_domain, headers);
- store_free(headers);
-
- CLEANUP:
- if (dk_context != NULL) {
- dk_free(dk_context,1);
- dk_context = NULL;
- }
- store_pool = old_pool;
- errno = save_errno;
- return rc;
-}
-
-#endif
+++ /dev/null
-/* $Cambridge: exim/src/src/dk.h,v 1.3 2007/01/08 10:50:18 ph10 Exp $ */
-
-/*************************************************
-* Exim - an Internet mail transport agent *
-*************************************************/
-
-/* Copyright (c) University of Cambridge 1995 - 2007 */
-/* See the file NOTICE for conditions of use and distribution. */
-
-/* Code for DomainKeys support. Other DK relevant code is in
- receive.c, transport.c and transports/smtp.c */
-
-#ifdef EXPERIMENTAL_DOMAINKEYS
-
-#include <domainkeys.h>
-
-#define DK_EXIM_ADDRESS_NONE 0
-#define DK_EXIM_ADDRESS_FROM_FROM 1
-#define DK_EXIM_ADDRESS_FROM_SENDER 2
-
-#define DK_EXIM_RESULT_ERR 0
-#define DK_EXIM_RESULT_BAD_FORMAT 1
-#define DK_EXIM_RESULT_NO_KEY 2
-#define DK_EXIM_RESULT_NO_SIGNATURE 3
-#define DK_EXIM_RESULT_REVOKED 4
-#define DK_EXIM_RESULT_NON_PARTICIPANT 5
-#define DK_EXIM_RESULT_GOOD 6
-#define DK_EXIM_RESULT_BAD 7
-
-typedef struct dk_exim_verify_block {
- int result;
- int address_source;
- uschar *result_string;
- uschar *address;
- uschar *domain;
- uschar *local_part;
- BOOL is_signed;
- BOOL signsall;
- BOOL testing;
-} dk_exim_verify_block;
-
-int dk_receive_getc(void);
-int dk_receive_ungetc(int);
-void dk_exim_verify_init(void);
-void dk_exim_verify_finish(void);
-int dk_exim_verify_result(uschar **);
-uschar *dk_exim_sign(int, uschar *, uschar *, uschar *, uschar *);
-
-extern dk_exim_verify_block *dk_verify_block;
-
-#endif
+++ /dev/null
-/* $Cambridge: exim/src/src/dkim-exim.c,v 1.4 2008/09/30 10:03:55 tom Exp $ */
-
-/*************************************************
-* Exim - an Internet mail transport agent *
-*************************************************/
-
-/* Copyright (c) University of Cambridge 1995 - 2007 */
-/* See the file NOTICE for conditions of use and distribution. */
-
-/* Code for DKIM support. Other DKIM relevant code is in
- receive.c, transport.c and transports/smtp.c */
-
-#include "exim.h"
-
-#ifdef EXPERIMENTAL_DKIM
-
-/* Globals related to the DKIM reference library. */
-DKIMContext *dkim_context = NULL;
-DKIMSignOptions *dkim_sign_options = NULL;
-DKIMVerifyOptions *dkim_verify_options = NULL;
-int dkim_verify_result = DKIM_NEUTRAL;
-int dkim_internal_status = DKIM_SUCCESS;
-
-/* Global char buffer for getc/ungetc functions. We need
- to accumulate some chars to be able to match EOD and
- doubled SMTP dots. Those must not be fed to the validation
- engine. */
-int dkimbuff[6] = {256,256,256,256,256,256};
-
-/* receive_getc() wrapper that feeds DKIM while Exim reads
- the message. */
-int dkim_receive_getc(void) {
- int i;
-
-#ifdef EXPERIMENTAL_DOMAINKEYS
- int c = dk_receive_getc();
-#else
- int c = receive_getc();
-#endif
-
- if ((dkim_context != NULL) &&
- (dkim_internal_status == DKIM_SUCCESS)) {
- /* Send oldest byte */
- if (dkimbuff[0] < 256) {
- DKIMVerifyProcess(dkim_context,(char *)&dkimbuff[0],1);
- /* debug_printf("%c",(int)dkimbuff[0]); */
- }
- /* rotate buffer */
- for (i=0;i<5;i++) dkimbuff[i]=dkimbuff[i+1];
- dkimbuff[5]=c;
- /* look for our candidate patterns */
- if ( (dkimbuff[1] == '\r') &&
- (dkimbuff[2] == '\n') &&
- (dkimbuff[3] == '.') &&
- (dkimbuff[4] == '\r') &&
- (dkimbuff[5] == '\n') ) {
- /* End of DATA */
- dkimbuff[1] = 256;
- dkimbuff[2] = 256;
- dkimbuff[3] = 256;
- dkimbuff[4] = 256;
- dkimbuff[5] = 256;
- }
- if ( (dkimbuff[2] == '\r') &&
- (dkimbuff[3] == '\n') &&
- (dkimbuff[4] == '.') &&
- (dkimbuff[5] == '.') ) {
- /* doubled dot, skip this char */
- dkimbuff[5] = 256;
- }
- }
-
- return c;
-}
-
-/* When exim puts a char back in the fd, we
- must rotate our buffer back. */
-int dkim_receive_ungetc(int c) {
-
- if ((dkim_context != NULL) &&
- (dkim_internal_status == DKIM_SUCCESS)) {
- int i;
- /* rotate buffer back */
- for (i=5;i>0;i--) dkimbuff[i]=dkimbuff[i-1];
- dkimbuff[0]=256;
- }
-
-#ifdef EXPERIMENTAL_DOMAINKEYS
- return dk_receive_ungetc(c);
-#else
- return receive_ungetc(c);
-#endif
-}
-
-
-void dkim_exim_verify_init(void) {
- int old_pool = store_pool;
-
- /* Bail out unless we got perfect conditions */
- if (!(smtp_input &&
- !smtp_batched_input &&
- dkim_do_verify)) {
- return;
- }
-
- store_pool = POOL_PERM;
-
- dkim_context = NULL;
- dkim_verify_options = NULL;
-
- dkim_context = store_get(sizeof(DKIMContext));
- dkim_verify_options = store_get(sizeof(DKIMVerifyOptions));
-
- if (!dkim_context ||
- !dkim_verify_options) {
- debug_printf("DKIM: Can't allocate memory for verifying.\n");
- dkim_context = NULL;
- }
-
- memset(dkim_context,0,sizeof(DKIMContext));
- memset(dkim_verify_options,0,sizeof(DKIMVerifyOptions));
-
- dkim_verify_options->nHonorBodyLengthTag = 1; /* Honor the l= tag */
- dkim_verify_options->nCheckPolicy = 1; /* Fetch sender's policy */
- dkim_verify_options->nSubjectRequired = 1; /* Do not require Subject header inclusion */
-
- dkim_verify_options->pfnSelectorCallback = NULL;
- dkim_verify_options->pfnPolicyCallback = NULL;
-
- dkim_status_wrap( DKIMVerifyInit(dkim_context, dkim_verify_options),
- "error calling DKIMVerifyInit()" );
-
- if (dkim_internal_status != DKIM_SUCCESS) {
- /* Invalidate context */
- dkim_context = NULL;
- }
-
- store_pool = old_pool;
-}
-
-
-void dkim_exim_verify_finish(void) {
- int i;
- int old_pool = store_pool;
-
- if (!dkim_do_verify ||
- (!(smtp_input && !smtp_batched_input)) ||
- (dkim_context == NULL) ||
- (dkim_internal_status != DKIM_SUCCESS)) return;
-
- store_pool = POOL_PERM;
-
- /* Flush eventual remaining input chars */
- for (i=0;i<6;i++)
- if (dkimbuff[i] < 256)
- DKIMVerifyProcess(dkim_context,(char *)&dkimbuff[i],1);
-
- /* Fetch global result. Can be one of:
- DKIM_SUCCESS
- DKIM_PARTIAL_SUCCESS
- DKIM_NEUTRAL
- DKIM_FAIL
- */
- dkim_verify_result = DKIMVerifyResults(dkim_context);
-
- store_pool = old_pool;
-}
-
-
-/* Lookup result for a given domain (or identity) */
-int dkim_exim_verify_result(uschar *domain, uschar **result, uschar **error) {
- int sig_count = 0;
- int i,rc;
- char policy[512];
- DKIMVerifyDetails *dkim_verify_details = NULL;
-
- if (!dkim_do_verify ||
- (!(smtp_input && !smtp_batched_input)) ||
- (dkim_context == NULL) ||
- (dkim_internal_status != DKIM_SUCCESS)) {
- rc = DKIM_EXIM_UNVERIFIED;
- goto YIELD;
- }
-
- DKIMVerifyGetDetails(dkim_context,
- &sig_count,
- &dkim_verify_details,
- policy);
-
-
- rc = DKIM_EXIM_UNSIGNED;
-
- debug_printf("DKIM: We have %d signature(s)\n",sig_count);
- for (i=0;i<sig_count;i++) {
- debug_printf( "DKIM: [%d] ", i + 1 );
- if (!dkim_verify_details[i].Domain) {
- debug_printf("parse error (no domain)\n");
- continue;
- }
-
- if (dkim_verify_details[i].nResult >= 0) {
- debug_printf( "GOOD d=%s i=%s\n",
- dkim_verify_details[i].Domain,
- dkim_verify_details[i].IdentityDomain );
- }
- else {
- debug_printf( "FAIL d=%s i=%s c=%d\n",
- dkim_verify_details[i].Domain,
- dkim_verify_details[i].IdentityDomain,
- dkim_verify_details[i].nResult
- );
-
- }
-
- if ( (strcmpic(domain,dkim_verify_details[i].Domain) == 0) ||
- (strcmpic(domain,dkim_verify_details[i].IdentityDomain) == 0) ) {
- if (dkim_verify_details[i].nResult >= 0) {
- rc = DKIM_EXIM_GOOD;
- /* TODO: Add From: domain check */
- }
- else {
- /* Return DEFER for temp. error types */
- if (dkim_verify_details[i].nResult == DKIM_SELECTOR_DNS_TEMP_FAILURE) {
- rc = DKIM_EXIM_DEFER;
- }
- else {
- rc = DKIM_EXIM_FAIL;
- }
- }
- }
- }
-
- YIELD:
- switch (rc) {
- case DKIM_EXIM_FAIL:
- *result = "bad";
- break;
- case DKIM_EXIM_DEFER:
- *result = "defer";
- break;
- case DKIM_EXIM_UNVERIFIED:
- *result = "unverified";
- break;
- case DKIM_EXIM_UNSIGNED:
- *result = "unsigned";
- break;
- case DKIM_EXIM_GOOD:
- *result = "good";
- break;
- }
-
- return rc;
-}
-
-
-
-uschar *dkim_exim_sign_headers = NULL;
-int dkim_exim_header_callback(const char* header) {
- int sep = 0;
- uschar *hdr_ptr = dkim_exim_sign_headers;
- uschar *hdr_itr = NULL;
- uschar hdr_buf[512];
- uschar *hdr_name = string_copy(US header);
- char *colon_pos = strchr(hdr_name,':');
-
- if (colon_pos == NULL) return 0;
- *colon_pos = '\0';
-
- debug_printf("DKIM: header '%s' ",hdr_name);
- while ((hdr_itr = string_nextinlist(&hdr_ptr, &sep,
- hdr_buf,
- sizeof(hdr_buf))) != NULL) {
- if (strcmpic((uschar *)hdr_name,hdr_itr) == 0) {
- debug_printf("included in signature.\n");
- return 1;
- }
- }
- debug_printf("NOT included in signature.\n");
- return 0;
-}
-
-uschar *dkim_exim_sign(int dkim_fd,
- uschar *dkim_private_key,
- uschar *dkim_domain,
- uschar *dkim_selector,
- uschar *dkim_canon,
- uschar *dkim_sign_headers) {
-
- uschar *rc = NULL;
- char buf[4096];
- int seen_lf = 0;
- int seen_lfdot = 0;
- int save_errno = 0;
- int sread;
- char *signature;
- int old_pool = store_pool;
- store_pool = POOL_PERM;
-
- dkim_context = NULL;
- dkim_sign_options = NULL;
-
- dkim_context = store_get(sizeof(DKIMContext));
- dkim_sign_options = store_get(sizeof(DKIMSignOptions));
-
- memset(dkim_sign_options,0,sizeof(DKIMSignOptions));
- memset(dkim_context,0,sizeof(DKIMContext));
-
- dkim_sign_options->nIncludeBodyLengthTag = 0;
- dkim_sign_options->nIncludeCopiedHeaders = 0;
- dkim_sign_options->nHash = DKIM_HASH_SHA256;
- dkim_sign_options->nIncludeTimeStamp = 0;
- dkim_sign_options->nIncludeQueryMethod = 0;
- dkim_sign_options->pfnHeaderCallback = dkim_exim_header_callback;
- dkim_sign_options->nIncludeBodyHash = DKIM_BODYHASH_IETF_1;
-
-
- dkim_domain = expand_string(dkim_domain);
- if (dkim_domain == NULL) {
- /* expansion error, do not send message. */
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dkim_domain: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
- /* Set up $dkim_domain expansion variable. */
- dkim_signing_domain = dkim_domain;
- Ustrncpy((uschar *)dkim_sign_options->szDomain,dkim_domain,255);
-
-
- /* Get selector to use. */
- dkim_selector = expand_string(dkim_selector);
- if (dkim_selector == NULL) {
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dkim_selector: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
- /* Set up $dkim_selector expansion variable. */
- dkim_signing_selector = dkim_selector;
- Ustrncpy((uschar *)dkim_sign_options->szSelector,dkim_selector,79);
-
- /* Expand provided options */
- dkim_canon = expand_string(dkim_canon?dkim_canon:US"relaxed");
- if (dkim_canon == NULL) {
- /* expansion error, do not send message. */
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dkim_canon: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
- if (Ustrcmp(dkim_canon, "relaxed") == 0)
- dkim_sign_options->nCanon = DKIM_SIGN_RELAXED;
- else if (Ustrcmp(dkim_canon, "simple") == 0)
- dkim_sign_options->nCanon = DKIM_SIGN_SIMPLE;
- else {
- log_write(0, LOG_MAIN, "DKIM: unknown canonicalization method '%s', defaulting to 'relaxed'.\n",dkim_canon);
- dkim_sign_options->nCanon = DKIM_SIGN_RELAXED;
- }
-
- /* Expand signing headers once */
- if (dkim_sign_headers != NULL) {
- dkim_sign_headers = expand_string(dkim_sign_headers);
- if (dkim_sign_headers == NULL) {
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dkim_sign_headers: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
- }
-
- if (dkim_sign_headers == NULL) {
- /* Use RFC defaults */
- dkim_sign_headers = US"from:sender:reply-to:subject:date:"
- "message-id:to:cc:mime-version:content-type:"
- "content-transfer-encoding:content-id:"
- "content-description:resent-date:resent-from:"
- "resent-sender:resent-to:resent-cc:resent-message-id:"
- "in-reply-to:references:"
- "list-id:list-help:list-unsubscribe:"
- "list-subscribe:list-post:list-owner:list-archive";
- }
- dkim_exim_sign_headers = dkim_sign_headers;
-
- /* Get private key to use. */
- dkim_private_key = expand_string(dkim_private_key);
- if (dkim_private_key == NULL) {
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "dkim_private_key: %s", expand_string_message);
- rc = NULL;
- goto CLEANUP;
- }
-
- if ( (Ustrlen(dkim_private_key) == 0) ||
- (Ustrcmp(dkim_private_key,"0") == 0) ||
- (Ustrcmp(dkim_private_key,"false") == 0) ) {
- /* don't sign, but no error */
- rc = US"";
- goto CLEANUP;
- }
-
- if (dkim_private_key[0] == '/') {
- int privkey_fd = 0;
- /* Looks like a filename, load the private key. */
- memset(big_buffer,0,big_buffer_size);
- privkey_fd = open(CS dkim_private_key,O_RDONLY);
- (void)read(privkey_fd,big_buffer,16383);
- (void)close(privkey_fd);
- dkim_private_key = big_buffer;
- }
-
- /* Initialize signing context. */
- dkim_status_wrap( DKIMSignInit(dkim_context, dkim_sign_options),
- "error calling DKIMSignInit()" );
-
- if (dkim_internal_status != DKIM_SUCCESS) {
- /* Invalidate context */
- dkim_context = NULL;
- goto CLEANUP;
- }
-
- while((sread = read(dkim_fd,&buf,4096)) > 0) {
- int pos = 0;
- char c;
-
- while (pos < sread) {
- c = buf[pos++];
-
- if ((c == '.') && seen_lfdot) {
- /* escaped dot, write "\n.", continue */
- dkim_internal_status = DKIMSignProcess(dkim_context,"\n.",2);
- seen_lf = 0;
- seen_lfdot = 0;
- continue;
- }
-
- if (seen_lfdot) {
- /* EOM, write "\n" and break */
- dkim_internal_status = DKIMSignProcess(dkim_context,"\n",1);
- break;
- }
-
- if ((c == '.') && seen_lf) {
- seen_lfdot = 1;
- continue;
- }
-
- if (seen_lf) {
- /* normal lf, just send it */
- dkim_internal_status = DKIMSignProcess(dkim_context,"\n",1);
- seen_lf = 0;
- }
-
- if (c == '\n') {
- seen_lf = 1;
- continue;
- }
-
- /* write the char */
- dkim_internal_status = DKIMSignProcess(dkim_context,&c,1);
- }
- }
-
- /* Handle failed read above. */
- if (sread == -1) {
- debug_printf("DKIM: Error reading -K file.\n");
- save_errno = errno;
- rc = NULL;
- goto CLEANUP;
- }
-
- if (!dkim_status_wrap(dkim_internal_status,
- "error while processing message data")) {
- rc = NULL;
- goto CLEANUP;
- }
-
- if (!dkim_status_wrap( DKIMSignGetSig2( dkim_context, dkim_private_key, &signature ),
- "error while signing message" ) ) {
- rc = NULL;
- goto CLEANUP;
- }
-
- log_write(0, LOG_MAIN, "Message signed with DKIM: %s\n",signature);
-
- rc = store_get(strlen(signature)+3);
- Ustrcpy(rc,US signature);
- Ustrcat(rc,US"\r\n");
-
- CLEANUP:
- if (dkim_context != NULL) {
- dkim_context = NULL;
- }
- store_pool = old_pool;
- errno = save_errno;
- return rc;
-}
-
-unsigned int dkim_status_wrap(int stat, uschar *text) {
- char *p = DKIMGetErrorString(stat);
-
- if (stat != DKIM_SUCCESS) {
- debug_printf("DKIM: %s",text?text:US"");
- if (p) debug_printf(" (%s)",p);
- debug_printf("\n");
- }
- dkim_internal_status = stat;
- return (dkim_internal_status==DKIM_SUCCESS)?1:0;
-}
-
-#endif
+++ /dev/null
-/* $Cambridge: exim/src/src/dkim-exim.h,v 1.1 2007/09/28 12:21:57 tom Exp $ */
-
-/*************************************************
-* Exim - an Internet mail transport agent *
-*************************************************/
-
-/* Copyright (c) University of Cambridge 1995 - 2007 */
-/* See the file NOTICE for conditions of use and distribution. */
-
-/* Code for DKIM support. Other DKIM relevant code is in
- receive.c, transport.c and transports/smtp.c */
-
-/* Exim interface to DKIM results */
-
-#define DKIM_EXIM_FAIL -2 /* Message has a bad signature from that domain or identity. */
-#define DKIM_EXIM_DEFER -1 /* Message has an unverified signature from that domain */
-#define DKIM_EXIM_UNVERIFIED 0 /* Message was not validated with the DK engine */
-#define DKIM_EXIM_UNSIGNED 1 /* Message has no signature from that domain or identity */
-#define DKIM_EXIM_GOOD 2 /* Message has good signature from that domain or identity */
-
-
-#ifdef EXPERIMENTAL_DKIM
-#include <dkim.h>
-
-int dkim_exim_verify_result(uschar *,uschar **,uschar **);
-
-/* Internal prototypes */
-int dkim_receive_getc(void);
-int dkim_receive_ungetc(int);
-void dkim_exim_verify_init(void);
-void dkim_exim_verify_finish(void);
-uschar *dkim_exim_sign(int, uschar *, uschar *, uschar *, uschar *, uschar *);
-unsigned int dkim_status_wrap(int, uschar *);
-
-#endif
--- /dev/null
+/* $Cambridge: exim/src/src/dkim.c,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */
+
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2009 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Code for DKIM support. Other DKIM relevant code is in
+ receive.c, transport.c and transports/smtp.c */
+
+#include "exim.h"
+
+#ifndef DISABLE_DKIM
+
+#include "pdkim/pdkim.h"
+
+uschar *dkim_exim_sign(int dkim_fd,
+ uschar *dkim_private_key,
+ uschar *dkim_domain,
+ uschar *dkim_selector,
+ uschar *dkim_canon,
+ uschar *dkim_sign_headers) {
+ pdkim_ctx *ctx = NULL;
+ uschar *rc = NULL;
+ char *signature;
+ int pdkim_canon;
+ int sread;
+ char buf[4096];
+ int save_errno = 0;
+
+ dkim_domain = expand_string(dkim_domain);
+ if (dkim_domain == NULL) {
+ /* expansion error, do not send message. */
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "dkim_domain: %s", expand_string_message);
+ rc = NULL;
+ goto CLEANUP;
+ }
+ /* Set up $dkim_domain expansion variable. */
+ dkim_signing_domain = dkim_domain;
+
+ /* Get selector to use. */
+ dkim_selector = expand_string(dkim_selector);
+ if (dkim_selector == NULL) {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "dkim_selector: %s", expand_string_message);
+ rc = NULL;
+ goto CLEANUP;
+ }
+ /* Set up $dkim_selector expansion variable. */
+ dkim_signing_selector = dkim_selector;
+
+ /* Get canonicalization to use */
+ dkim_canon = expand_string(dkim_canon?dkim_canon:US"relaxed");
+ if (dkim_canon == NULL) {
+ /* expansion error, do not send message. */
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "dkim_canon: %s", expand_string_message);
+ rc = NULL;
+ goto CLEANUP;
+ }
+ if (Ustrcmp(dkim_canon, "relaxed") == 0)
+ pdkim_canon = PDKIM_CANON_RELAXED;
+ else if (Ustrcmp(dkim_canon, "simple") == 0)
+ pdkim_canon = PDKIM_CANON_RELAXED;
+ else {
+ log_write(0, LOG_MAIN, "DKIM: unknown canonicalization method '%s', defaulting to 'relaxed'.\n",dkim_canon);
+ pdkim_canon = PDKIM_CANON_RELAXED;
+ }
+
+ /* Expand signing headers once */
+ if (dkim_sign_headers != NULL) {
+ dkim_sign_headers = expand_string(dkim_sign_headers);
+ if (dkim_sign_headers == NULL) {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "dkim_sign_headers: %s", expand_string_message);
+ rc = NULL;
+ goto CLEANUP;
+ }
+ }
+ dkim_exim_sign_headers = dkim_sign_headers;
+
+ /* Get private key to use. */
+ dkim_private_key = expand_string(dkim_private_key);
+ if (dkim_private_key == NULL) {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "dkim_private_key: %s", expand_string_message);
+ rc = NULL;
+ goto CLEANUP;
+ }
+ if ( (Ustrlen(dkim_private_key) == 0) ||
+ (Ustrcmp(dkim_private_key,"0") == 0) ||
+ (Ustrcmp(dkim_private_key,"false") == 0) ) {
+ /* don't sign, but no error */
+ rc = US"";
+ goto CLEANUP;
+ }
+
+ if (dkim_private_key[0] == '/') {
+ int privkey_fd = 0;
+ /* Looks like a filename, load the private key. */
+ memset(big_buffer,0,big_buffer_size);
+ privkey_fd = open(CS dkim_private_key,O_RDONLY);
+ (void)read(privkey_fd,big_buffer,16383);
+ (void)close(privkey_fd);
+ dkim_private_key = big_buffer;
+ }
+
+ ctx = pdkim_init_sign((char *)dkim_signing_domain,
+ (char *)dkim_signing_selector,
+ dkim_private_key
+ );
+
+ pdkim_set_debug_stream(ctx,debug_file);
+
+ pdkim_set_optional(ctx,
+ PDKIM_INPUT_SMTP,
+ (char *)dkim_exim_sign_headers,
+ NULL,
+ pdkim_canon,
+ pdkim_canon,
+ 0,
+ PDKIM_ALGO_RSA_SHA1,
+ 0,
+ 0);
+
+ while((sread = read(dkim_fd,&buf,4096)) > 0) {
+ if (pdkim_feed(ctx,buf,sread) != PDKIM_OK) {
+ rc = NULL;
+ goto CLEANUP;
+ }
+ }
+ /* Handle failed read above. */
+ if (sread == -1) {
+ debug_printf("DKIM: Error reading -K file.\n");
+ save_errno = errno;
+ rc = NULL;
+ goto CLEANUP;
+ }
+
+ if (pdkim_feed_finish(ctx,&signature) != PDKIM_OK)
+ goto CLEANUP;
+
+ rc = store_get(strlen(signature)+3);
+ Ustrcpy(rc,US signature);
+ Ustrcat(rc,US"\r\n");
+
+ CLEANUP:
+ if (ctx != NULL) {
+ pdkim_free_ctx(ctx);
+ }
+ store_pool = old_pool;
+ errno = save_errno;
+ return rc;
+};
+
+#endif
--- /dev/null
+/* $Cambridge: exim/src/src/dkim.h,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */
+
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2009 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+uschar *dkim_exim_sign(int ,
+ uschar *,
+ uschar *,
+ uschar *,
+ uschar *,
+ uschar *);
+
-/* $Cambridge: exim/src/src/drtables.c,v 1.9 2007/09/28 12:21:57 tom Exp $ */
+/* $Cambridge: exim/src/src/drtables.c,v 1.9.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#include "lookups/whoson.h"
#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
#include "lookups/dkim.h"
#endif
{
US"dkim", /* lookup name */
lookup_querystyle, /* query style */
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
dkim_open, /* open function */
NULL, /* check function */
dkim_find, /* find function */
-/* $Cambridge: exim/src/src/exim.c,v 1.61 2008/10/12 09:58:13 nm4 Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.61.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#ifdef WITH_CONTENT_SCAN
fprintf(f, " Content_Scanning");
#endif
+#ifndef DISABLE_DKIM
+ fprintf(f, " DKIM");
+#endif
#ifdef WITH_OLD_DEMIME
fprintf(f, " Old_Demime");
#endif
#ifdef EXPERIMENTAL_BRIGHTMAIL
fprintf(f, " Experimental_Brightmail");
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- fprintf(f, " Experimental_DomainKeys");
-#endif
-#ifdef EXPERIMENTAL_DKIM
- fprintf(f, " Experimental_DKIM");
-#endif
#ifdef EXPERIMENTAL_DCC
fprintf(f, " Experimental_DCC");
#endif
-/* $Cambridge: exim/src/src/exim.h,v 1.24 2008/01/16 13:44:45 nm4 Exp $ */
+/* $Cambridge: exim/src/src/exim.h,v 1.24.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#ifdef EXPERIMENTAL_SRS
#include "srs.h"
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
-#include "dk.h"
-#endif
-#ifdef EXPERIMENTAL_DKIM
-#include "dkim-exim.h"
+#ifndef DISABLE_DKIM
+#include "dkim.h"
#endif
/* The following stuff must follow the inclusion of config.h because it
-/* $Cambridge: exim/src/src/expand.c,v 1.97 2008/12/12 14:51:47 nm4 Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.97.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
vtype_load_avg, /* value not used; result is int from os_getloadavg */
vtype_pspace, /* partition space; value is T/F for spool/log */
vtype_pinodes /* partition inodes; value is T/F for spool/log */
-#ifdef EXPERIMENTAL_DOMAINKEYS
- ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
-#endif
};
/* This table must be kept in alphabetical order. */
{ "demime_errorlevel", vtype_int, &demime_errorlevel },
{ "demime_reason", vtype_stringptr, &demime_reason },
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
- { "dk_domain", vtype_stringptr, &dk_signing_domain },
- { "dk_is_signed", vtype_dk_verify, NULL },
- { "dk_result", vtype_dk_verify, NULL },
- { "dk_selector", vtype_stringptr, &dk_signing_selector },
- { "dk_sender", vtype_dk_verify, NULL },
- { "dk_sender_domain", vtype_dk_verify, NULL },
- { "dk_sender_local_part",vtype_dk_verify, NULL },
- { "dk_sender_source", vtype_dk_verify, NULL },
- { "dk_signsall", vtype_dk_verify, NULL },
- { "dk_status", vtype_dk_verify, NULL },
- { "dk_testing", vtype_dk_verify, NULL },
-#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
{ "dkim_domain", vtype_stringptr, &dkim_signing_domain },
{ "dkim_selector", vtype_stringptr, &dkim_signing_selector },
#endif
switch (var_table[middle].type)
{
-#ifdef EXPERIMENTAL_DOMAINKEYS
-
- case vtype_dk_verify:
- if (dk_verify_block == NULL) return US"";
- s = NULL;
- if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
- s = dk_verify_block->result_string;
- if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
- s = dk_verify_block->address;
- if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
- s = dk_verify_block->domain;
- if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
- s = dk_verify_block->local_part;
-
- if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
- switch(dk_verify_block->address_source) {
- case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
- case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
- case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
- }
-
- if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
- switch(dk_verify_block->result) {
- case DK_EXIM_RESULT_ERR: s = US"error"; break;
- case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
- case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
- case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
- case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
- case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
- case DK_EXIM_RESULT_GOOD: s = US"good"; break;
- case DK_EXIM_RESULT_BAD: s = US"bad"; break;
- }
-
- if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
- s = (dk_verify_block->signsall)? US"1" : US"0";
-
- if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
- s = (dk_verify_block->testing)? US"1" : US"0";
-
- if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
- s = (dk_verify_block->is_signed)? US"1" : US"0";
-
- return (s == NULL)? US"" : s;
-#endif
-
case vtype_filter_int:
if (!filter_running) return NULL;
/* Fall through */
-/* $Cambridge: exim/src/src/functions.h,v 1.43 2008/12/18 13:13:54 michael Exp $ */
+/* $Cambridge: exim/src/src/functions.h,v 1.43.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern int demime(uschar **);
#endif
extern BOOL directory_make(uschar *, uschar *, int, BOOL);
-#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
+#ifndef DISABLE_DKIM
extern BOOL dkim_transport_write_message(address_item *, int, int,
int, uschar *, uschar *, uschar *, uschar *, rewrite_rule *,
int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *,
-/* $Cambridge: exim/src/src/globals.c,v 1.81 2008/02/12 12:52:51 nm4 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.81.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
BOOL disable_ipv6 = FALSE;
BOOL disable_logging = FALSE;
-#ifdef EXPERIMENTAL_DOMAINKEYS
-uschar *dk_signing_domain = NULL;
-uschar *dk_signing_selector = NULL;
-int dk_do_verify = 0;
-#endif
-
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
int dkim_do_verify = 0;
-/* $Cambridge: exim/src/src/globals.h,v 1.62 2008/02/12 12:52:51 nm4 Exp $ */
+/* $Cambridge: exim/src/src/globals.h,v 1.62.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern BOOL disable_ipv6; /* Don't do any IPv6 things */
extern BOOL disable_logging; /* Disables log writing when TRUE */
-#ifdef EXPERIMENTAL_DOMAINKEYS
-extern uschar *dk_signing_domain; /* Domain used for signing a message. */
-extern uschar *dk_signing_selector; /* Selector used for signing a message. */
-extern int dk_do_verify; /* DK verification switch. Set with ACL control statement. */
-#endif
-
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
extern uschar *dkim_signing_domain; /* Domain used for signing a message. */
extern uschar *dkim_signing_selector; /* Selector used for signing a message. */
extern int dkim_do_verify; /* DKIM verification switch. Set with ACL control statement. */
-/* $Cambridge: exim/src/src/lookups/dkim.c,v 1.1 2007/09/28 12:21:57 tom Exp $ */
+/* $Cambridge: exim/src/src/lookups/dkim.c,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
dkim_find(void *handle, uschar *filename, uschar *keystring, int length,
uschar **result, uschar **errmsg, BOOL *do_cache)
{
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
dkim_exim_verify_result(keystring,result,errmsg);
return OK;
#else
-/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.2 2009/02/24 15:57:55 tom Exp $ */
/* pdkim.c */
#include <stdlib.h>
/* -------------------------------------------------------------------------- */
-int pdkim_feed_finish(pdkim_ctx *ctx) {
+int pdkim_feed_finish(pdkim_ctx *ctx, char **signature) {
/* Check if we must still flush a (partial) header. If that is the
case, the message has no body, and we must compute a body hash
if (ctx->debug_stream) {
fprintf(ctx->debug_stream,
"PDKIM >> Final DKIM-Signature header >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- fprintf(ctx->debug_stream,"%s\n",hdr->str);
- //pdkim_quoteprint(ctx->debug_stream, hdr->str, hdr->len, 1);
+ pdkim_quoteprint(ctx->debug_stream, hdr->str, hdr->len, 1);
fprintf(ctx->debug_stream,
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
#endif
+
+ if (signature != NULL) {
+ *signature = hdr->str;
+ }
+
}
+
return PDKIM_OK;
}
/* -------------------------------------------------------------------------- */
int pdkim_set_optional(pdkim_ctx *ctx,
+ int input_mode,
char *sign_headers,
char *identity,
int canon_headers,
strcpy(ctx->sig->sign_headers, sign_headers);
}
+ ctx->input_mode = input_mode;
ctx->sig->canon_headers = canon_headers;
ctx->sig->canon_body = canon_body;
ctx->sig->bodylength = bodylength;
-/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.2 2009/02/24 15:57:55 tom Exp $ */
/* pdkim.h */
#include "sha1.h"
int pdkim_bodyline_complete (pdkim_ctx *);
int pdkim_header_complete (pdkim_ctx *);
-int pdkim_feed (pdkim_ctx *, char *data, int len);
-int pdkim_feed_finish (pdkim_ctx *);
+int pdkim_feed (pdkim_ctx *, char *, int);
+int pdkim_feed_finish (pdkim_ctx *, char **);
pdkim_str
*pdkim_create_header (pdkim_ctx *, int);
pdkim_ctx
*pdkim_init_sign (char *, char *, char *);
-int pdkim_set_optional (pdkim_ctx *, char *, char *,
+int pdkim_set_optional (pdkim_ctx *,
+ int,
+ char *, char *,
int, int,
unsigned long, int,
unsigned long,
-/* $Cambridge: exim/src/src/receive.c,v 1.45 2009/01/02 17:12:03 nm4 Exp $ */
+/* $Cambridge: exim/src/src/receive.c,v 1.45.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#include "exim.h"
-#if (defined EXPERIMENTAL_DOMAINKEYS) && (defined EXPERIMENTAL_DKIM)
-
-#warning Chaining Domainkeys via DKIM receive functions
-#define RECEIVE_GETC dkim_receive_getc
-#define RECEIVE_UNGETC dkim_receive_ungetc
-
-#else
-
-#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
-
-#ifdef EXPERIMENTAL_DOMAINKEYS
-#warning Using Domainkeys receive functions
-#define RECEIVE_GETC dk_receive_getc
-#define RECEIVE_UNGETC dk_receive_ungetc
-#endif
-#ifdef EXPERIMENTAL_DKIM
-#warning Using DKIM receive functions
-#define RECEIVE_GETC dkim_receive_getc
-#define RECEIVE_UNGETC dkim_receive_ungetc
-#endif
-
-#else
-
-/* Normal operation */
-#define RECEIVE_GETC receive_getc
-#define RECEIVE_UNGETC receive_ungetc
-
-#endif
-
-#endif
-
-
#ifdef EXPERIMENTAL_DCC
extern int dcc_ok;
#endif
{
register int last_ch = '\n';
- for (; (ch = (RECEIVE_GETC)()) != EOF; last_ch = ch)
+ for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
{
if (ch == 0) body_zerocount++;
if (last_ch == '\r' && ch != '\n')
ch_state = 1;
-while ((ch = (RECEIVE_GETC)()) != EOF)
+while ((ch = (receive_getc)()) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
register int ch;
register int linelength = 0;
-while ((ch = (RECEIVE_GETC)()) != EOF)
+while ((ch = (receive_getc)()) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
message_linecount = body_linecount = body_zerocount =
max_received_linelength = 0;
-#ifdef EXPERIMENTAL_DOMAINKEYS
-/* Call into DK to set up the context. Check if DK is to be run are carried out
- inside dk_exim_verify_init(). */
-dk_exim_verify_init();
-#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
/* Call into DKIM to set up the context. Check if DKIM is to be run are carried out
- inside dk_exim_verify_init(). */
+ inside dkim_exim_verify_init(). */
dkim_exim_verify_init();
#endif
for (;;)
{
- int ch = (RECEIVE_GETC)();
+ int ch = (receive_getc)();
/* If we hit EOF on a SMTP connection, it's an error, since incoming
SMTP must have a correct "." terminator. */
if (ch == '\n')
{
if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
- else if (first_line_ended_crlf) RECEIVE_UNGETC(' ');
+ else if (first_line_ended_crlf) receive_ungetc(' ');
goto EOL;
}
if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
{
- ch = (RECEIVE_GETC)();
+ ch = (receive_getc)();
if (ch == '\r')
{
- ch = (RECEIVE_GETC)();
+ ch = (receive_getc)();
if (ch != '\n')
{
- RECEIVE_UNGETC(ch);
+ receive_ungetc(ch);
ch = '\r'; /* Revert to CR */
}
}
if (ch == '\r')
{
- ch = (RECEIVE_GETC)();
+ ch = (receive_getc)();
if (ch == '\n')
{
if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
/* Otherwise, put back the character after CR, and turn the bare CR
into LF SP. */
- ch = (RECEIVE_UNGETC)(ch);
+ ch = (receive_ungetc)(ch);
next->text[ptr++] = '\n';
message_size++;
ch = ' ';
if (ch != EOF)
{
- int nextch = (RECEIVE_GETC)();
+ int nextch = (receive_getc)();
if (nextch == ' ' || nextch == '\t')
{
next->text[ptr++] = nextch;
message_size++;
continue; /* Iterate the loop */
}
- else if (nextch != EOF) (RECEIVE_UNGETC)(nextch); /* For next time */
+ else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */
else ch = EOF; /* Cause main loop to exit at end */
}
if (smtp_input && !smtp_batched_input)
{
-#ifdef EXPERIMENTAL_DOMAINKEYS
- dk_exim_verify_finish();
-#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
dkim_exim_verify_finish();
#endif
if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
{
- int c = (RECEIVE_GETC)();
- if (c != EOF) (RECEIVE_UNGETC)(c); else
+ int c = (receive_getc)();
+ if (c != EOF) (receive_ungetc)(c); else
{
uschar *msg = US"SMTP connection lost after final dot";
smtp_reply = US""; /* No attempt to send a response */
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.63 2008/09/29 11:41:07 nm4 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.63.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
bmi_run = 0;
bmi_verdicts = NULL;
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
-dk_do_verify = 0;
-#endif
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
dkim_do_verify = 0;
#endif
#ifdef EXPERIMENTAL_SPF
-/* $Cambridge: exim/src/src/spool_in.c,v 1.23 2009/01/20 16:09:20 fanf2 Exp $ */
+/* $Cambridge: exim/src/src/spool_in.c,v 1.23.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
bmi_verdicts = NULL;
#endif
-#ifdef EXPERIMENTAL_DOMAINKEYS
-dk_do_verify = 0;
-#endif
-
-#ifdef EXPERIMENTAL_DKIM
+#ifndef DISABLE_DKIM
dkim_do_verify = 0;
#endif
-/* $Cambridge: exim/src/src/transport.c,v 1.23 2008/09/30 10:03:55 tom Exp $ */
+/* $Cambridge: exim/src/src/transport.c,v 1.23.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
}
-#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
+#ifndef DISABLE_DKIM
/***************************************************************************************************
* External interface to write the message, while signing it with DKIM and/or Domainkeys *
0/false => send anyway
uschar *dkim_sign_headers DKIM: List of headers that should be included in signature
generation
- uschar *dk_private_key Domainkeys: The private key to use (filename or plain data)
- uschar *dk_domain Domainkeys: Override domain (normally NULL)
- uschar *dk_selector Domainkeys: The selector to use.
- uschar *dk_canon Domainkeys: The canonalization scheme to use, "simple" or "nofws"
- uschar *dk_headers Domainkeys: Colon-separated header list to include in the signing
- process.
- uschar *dk_strict Domainkeys: What to do if signing fails: 1/true => throw error
- 0/false => send anyway
Returns: TRUE on success; FALSE (with errno) for any failure
*/
int size_limit, uschar *add_headers, uschar *remove_headers,
uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules,
int rewrite_existflags, uschar *dkim_private_key, uschar *dkim_domain,
- uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers,
- uschar *dk_private_key, uschar *dk_domain, uschar *dk_selector, uschar *dk_canon,
- uschar *dk_headers, uschar *dk_strict
+ uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers
)
{
int dkim_fd;
int sread = 0;
int wwritten = 0;
uschar *dkim_signature = NULL;
- uschar *dk_signature = NULL;
off_t size = 0;
- if ( !( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) ||
- ((dk_private_key != NULL) && (dk_selector != NULL)) ) ) {
- /* If we can sign with neither method, just call the original function. */
+ if (!( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) )) {
+ /* If we can't sign, just call the original function. */
return transport_write_message(addr, fd, options,
size_limit, add_headers, remove_headers,
check_string, escape_string, rewrite_rules,
goto CLEANUP;
}
-
- #ifdef EXPERIMENTAL_DKIM
if ( (dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL) ) {
/* Rewind file and feed it to the goats^W DKIM lib */
lseek(dkim_fd, 0, SEEK_SET);
}
#endif
- #ifdef EXPERIMENTAL_DOMAINKEYS
- if ( (dk_private_key != NULL) && (dk_selector != NULL) ) {
- /* Rewind file and feed it to the goats^W DK lib */
- lseek(dkim_fd, 0, SEEK_SET);
- dk_signature = dk_exim_sign(dkim_fd,
- dk_private_key,
- dk_domain,
- dk_selector,
- dk_canon);
- if (dk_signature == NULL) {
- if (dk_strict != NULL) {
- uschar *dk_strict_result = expand_string(dk_strict);
- if (dk_strict_result != NULL) {
- if ( (strcmpic(dk_strict,US"1") == 0) ||
- (strcmpic(dk_strict,US"true") == 0) ) {
- save_errno = errno;
- rc = FALSE;
- goto CLEANUP;
- }
- }
- }
- }
- else {
- int siglen = Ustrlen(dk_signature);
- while(siglen > 0) {
- #ifdef SUPPORT_TLS
- if (tls_active == fd) wwritten = tls_write(dk_signature, siglen); else
- #endif
- wwritten = write(fd,dk_signature,siglen);
- if (wwritten == -1) {
- /* error, bail out */
- save_errno = errno;
- rc = FALSE;
- goto CLEANUP;
- }
- siglen -= wwritten;
- dk_signature += wwritten;
- }
- }
- }
- #endif
-
/* Fetch file positition (the size) */
size = lseek(dkim_fd,0,SEEK_CUR);
-/* $Cambridge: exim/src/src/transports/smtp.c,v 1.41 2009/01/02 17:22:12 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/smtp.c,v 1.41.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
(void *)offsetof(smtp_transport_options_block, data_timeout) },
{ "delay_after_cutoff", opt_bool,
(void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
- #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
- { "dk_canon", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_canon) },
- { "dk_domain", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_domain) },
- { "dk_headers", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_headers) },
- { "dk_private_key", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_private_key) },
- { "dk_selector", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_selector) },
- { "dk_strict", opt_stringptr,
- (void *)offsetof(smtp_transport_options_block, dk_strict) },
+#ifndef DISABLE_DKIM
{ "dkim_canon", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dkim_canon) },
{ "dkim_domain", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
{ "dkim_strict", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, dkim_strict) },
- #endif
+#endif
{ "dns_qualify_single", opt_bool,
(void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
{ "dns_search_parents", opt_bool,
(void *)offsetof(smtp_transport_options_block, final_timeout) },
{ "gethostbyname", opt_bool,
(void *)offsetof(smtp_transport_options_block, gethostbyname) },
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
{ "gnutls_require_kx", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
{ "gnutls_require_mac", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
{ "gnutls_require_protocols", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
- #endif
+#endif
{ "helo_data", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, helo_data) },
{ "hosts", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
{ "hosts_avoid_pipelining", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
{ "hosts_avoid_tls", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
- #endif
+#endif
{ "hosts_max_try", opt_int,
(void *)offsetof(smtp_transport_options_block, hosts_max_try) },
{ "hosts_max_try_hardlimit", opt_int,
(void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
{ "hosts_nopass_tls", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
- #endif
+#endif
{ "hosts_override", opt_bool,
(void *)offsetof(smtp_transport_options_block, hosts_override) },
{ "hosts_randomize", opt_bool,
(void *)offsetof(smtp_transport_options_block, hosts_randomize) },
{ "hosts_require_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
{ "hosts_require_tls", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
- #endif
+#endif
{ "hosts_try_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
{ "interface", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, serialize_hosts) },
{ "size_addition", opt_int,
(void *)offsetof(smtp_transport_options_block, size_addition) }
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
,{ "tls_certificate", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_certificate) },
{ "tls_crl", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
{ "tls_verify_certificates", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
- #endif
+#endif
};
/* Size of the options list. An extern variable has to be used so that its
TRUE, /* keepalive */
FALSE, /* lmtp_ignore_quota */
TRUE /* retry_include_ip_address */
- #ifdef SUPPORT_TLS
+#ifdef SUPPORT_TLS
,NULL, /* tls_certificate */
NULL, /* tls_crl */
NULL, /* tls_privatekey */
NULL, /* gnutls_require_proto */
NULL, /* tls_verify_certificates */
TRUE /* tls_tempfail_tryclear */
- #endif
- #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
- ,NULL, /* dk_canon */
- NULL, /* dk_domain */
- NULL, /* dk_headers */
- NULL, /* dk_private_key */
- NULL, /* dk_selector */
- NULL /* dk_strict */
+#endif
+#ifndef DISABLE_DKIM
,NULL, /* dkim_canon */
NULL, /* dkim_domain */
NULL, /* dkim_private_key */
NULL, /* dkim_selector */
NULL, /* dkim_sign_headers */
NULL /* dkim_strict */
- #endif
+#endif
};
DEBUG(D_transport|D_v)
debug_printf(" SMTP>> writing message and terminating \".\"\n");
transport_count = 0;
-#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
+#ifndef DISABLE_DKIM
ok = dkim_transport_write_message(addrlist, inblock.sock,
topt_use_crlf | topt_end_dot | topt_escape_headers |
(tblock->body_only? topt_no_headers : 0) |
US".", US"..", /* Escaping strings */
tblock->rewrite_rules, tblock->rewrite_existflags,
ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
- ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers,
- ob->dk_private_key, ob->dk_domain, ob->dk_selector,
- ob->dk_canon, ob->dk_headers, ob->dk_strict
+ ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
);
#else
ok = transport_write_message(addrlist, inblock.sock,
-/* $Cambridge: exim/src/src/transports/smtp.h,v 1.14 2008/03/05 21:13:23 tom Exp $ */
+/* $Cambridge: exim/src/src/transports/smtp.h,v 1.14.2.1 2009/02/24 15:57:55 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
uschar *tls_verify_certificates;
BOOL tls_tempfail_tryclear;
#endif
- #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM)
- uschar *dk_domain;
- uschar *dk_private_key;
- uschar *dk_selector;
- uschar *dk_canon;
- uschar *dk_headers;
- uschar *dk_strict;
+ #ifndef DISABLE_DKIM
uschar *dkim_domain;
uschar *dkim_private_key;
uschar *dkim_selector;
git://git.exim.org / users / jgh / exim.git / commitdiff