X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/00916a93c8f988c8b84d8c16c41dddc1755d6b7d..d7d7b7b91dd75cec636fc144da7e27eed860f971:/src/src/dk.c

diff --git a/src/src/dk.c b/src/src/dk.c
index 30dfc78be..5fa57fd3d 100644
--- a/src/src/dk.c
+++ b/src/src/dk.c
@@ -1,10 +1,10 @@
-/* $Cambridge: exim/src/src/dk.c,v 1.4 2005/06/24 08:23:21 tom Exp $ */
+/* $Cambridge: exim/src/src/dk.c,v 1.9 2006/02/07 11:19:00 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2006 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for DomainKeys support. Other DK relevant code is in
@@ -138,6 +138,13 @@ void dk_exim_verify_finish(void) {
   /* Flag end-of-message. */
   dk_internal_status = dk_end(dk_context, &dk_flags);
 
+  /* dk_flags now has the selector flags (if there was one).
+     It seems that currently only the "t=" flag is supported
+     in selectors. */
+  if (dk_flags & DK_FLAG_SET)
+    if (dk_flags & DK_FLAG_TESTING)
+      dk_verify_block->testing = TRUE;
+
   /* Grab address/domain information. */
   p = dk_address(dk_context);
   if (p != NULL) {
@@ -165,12 +172,13 @@ void dk_exim_verify_finish(void) {
     }
   }
 
-  /* TODO: This call should be removed with lib version >= 0.67 */
+  /* Now grab the domain-wide DK policy */
   dk_flags = dk_policy(dk_context);
 
-  /* Grab domain policy */
   if (dk_flags & DK_FLAG_SET) {
-    if (dk_flags & DK_FLAG_TESTING)
+    /* Selector "t=" flag has precedence, don't overwrite it if
+       the selector has set it above. */
+    if ((dk_flags & DK_FLAG_TESTING) && !dk_verify_block->testing)
       dk_verify_block->testing = TRUE;
     if (dk_flags & DK_FLAG_SIGNSALL)
       dk_verify_block->signsall = TRUE;
@@ -219,7 +227,7 @@ void dk_exim_verify_finish(void) {
   dk_verify_block->result_string = string_copy((uschar *)DK_STAT_to_string(dk_internal_status));
 
   /* All done, reset dk_context. */
-  dk_free(dk_context);
+  dk_free(dk_context,1);
   dk_context = NULL;
 
   store_pool = old_pool;
@@ -384,8 +392,8 @@ uschar *dk_exim_sign(int dk_fd,
     /* Looks like a filename, load the private key. */
     memset(big_buffer,0,big_buffer_size);
     privkey_fd = open(CS dk_private_key,O_RDONLY);
-    read(privkey_fd,big_buffer,16383);
-    close(privkey_fd);
+    (void)read(privkey_fd,big_buffer,16383);
+    (void)close(privkey_fd);
     dk_private_key = big_buffer;
   }
 
@@ -401,7 +409,7 @@ uschar *dk_exim_sign(int dk_fd,
 
   rc = store_get(1024);
   /* Build DomainKey-Signature header to return. */
-  snprintf(CS rc, 1024, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s;\r\n"
+  (void)string_format(rc, 1024, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s;\r\n"
                      "\ts=%s; d=%s;\r\n"
                      "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, sig);
 
@@ -409,7 +417,7 @@ uschar *dk_exim_sign(int dk_fd,
 
   CLEANUP:
   if (dk_context != NULL) {
-    dk_free(dk_context);
+    dk_free(dk_context,1);
     dk_context = NULL;
   }
   store_pool = old_pool;