X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/08bd2689bdeceb41f161a7d54fc1af4abcbbb8c1..0768462dc5830cde5ae7a3659577fb557926db28:/src/src/arc.c diff --git a/src/src/arc.c b/src/src/arc.c index 9d8f7d5db..80bb30e03 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -770,22 +770,25 @@ arc_set * as; int inst; BOOL ams_fail_found = FALSE; -if (!(as = ctx->arcset_chain)) +if (!(as = ctx->arcset_chain_last)) return US"none"; -for(inst = 0; as; as = as->next) +for(inst = as->instance; as; as = as->prev, inst--) { - if ( as->instance != ++inst - || !as->hdr_aar || !as->hdr_ams || !as->hdr_as - || arc_cv_match(as->hdr_as, US"fail") - ) - { - arc_state_reason = string_sprintf("i=%d" - " (cv, sequence or missing header)", as->instance); - DEBUG(D_acl) debug_printf("ARC chain fail at %s\n", arc_state_reason); - return US"fail"; - } + if (as->instance != inst) + arc_state_reason = string_sprintf("i=%d (sequence; expected %d)", + as->instance, inst); + else if (!as->hdr_aar || !as->hdr_ams || !as->hdr_as) + arc_state_reason = string_sprintf("i=%d (missing header)", as->instance); + else if (arc_cv_match(as->hdr_as, US"fail")) + arc_state_reason = string_sprintf("i=%d (cv)", as->instance); + else + goto good; + DEBUG(D_acl) debug_printf("ARC chain fail at %s\n", arc_state_reason); + return US"fail"; + + good: /* Evaluate the oldest-pass AMS validation while we're here. It does not affect the AS chain validation but is reported as auxilary info. */ @@ -797,9 +800,15 @@ for(inst = 0; as; as = as->next) arc_oldest_pass = inst; arc_state_reason = NULL; } +if (inst != 0) + { + arc_state_reason = string_sprintf("(sequence; expected i=%d)", inst); + DEBUG(D_acl) debug_printf("ARC chain fail %s\n", arc_state_reason); + return US"fail"; + } arc_received = ctx->arcset_chain_last; -arc_received_instance = inst; +arc_received_instance = arc_received->instance; /* We can skip the latest-AMS validation, if we already did it. */ @@ -975,16 +984,13 @@ return NULL; static const uschar * arc_verify_seals(arc_ctx * ctx) { -arc_set * as = ctx->arcset_chain; +arc_set * as = ctx->arcset_chain_last; if (!as) return US"none"; -while (as) - { - if (arc_seal_verify(ctx, as)) return US"fail"; - as = as->next; - } +for ( ; as; as = as->prev) if (arc_seal_verify(ctx, as)) return US"fail"; + DEBUG(D_acl) debug_printf("ARC: AS vfy overall pass\n"); return NULL; } @@ -1249,6 +1255,9 @@ if ( (errstr = exim_dkim_signing_init(privkey, &sctx)) || (errstr = exim_dkim_sign(&sctx, hm, &hhash, sig))) { log_write(0, LOG_MAIN, "ARC: %s signing: %s\n", why, errstr); + DEBUG(D_transport) + debug_printf("private key, or private-key file content, was: '%s'\n", + privkey); return FALSE; } return TRUE; @@ -1687,12 +1696,13 @@ g = arc_sign_append_ams(g, &arc_sign_ctx, instance, identity, selector, including self (but with an empty b= in self) */ -g = arc_sign_prepend_as(g, &arc_sign_ctx, instance, identity, selector, &ar, +if (g) + g = arc_sign_prepend_as(g, &arc_sign_ctx, instance, identity, selector, &ar, privkey, options); /* Finally, append the dkim headers and return the lot. */ -g = string_catn(g, sigheaders->s, sigheaders->ptr); +if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr); (void) string_from_gstring(g); gstring_reset_unused(g); return g; @@ -1791,20 +1801,20 @@ for (as = arc_verify_ctx.arcset_chain, inst = 1; as; as = as->next, inst++) blob * d = &hdr_as->d; for (; inst < as->instance; inst++) - g = string_catn(g, ":", 1); + g = string_catn(g, US":", 1); g = d->data && d->len ? string_append_listele_n(g, ':', d->data, d->len) - : string_catn(g, ":", 1); + : string_catn(g, US":", 1); } else - g = string_catn(g, ":", 1); + g = string_catn(g, US":", 1); } return g ? g->s : US""; } -/* Construct an Authenticate-Results header portion, for the ARC module */ +/* Construct an Authentication-Results header portion, for the ARC module */ gstring * authres_arc(gstring * g) @@ -1830,7 +1840,7 @@ if (arc_state) US" arc.oldest-pass=", string_sprintf("%d", arc_oldest_pass)); if (sender_host_address) - g = string_append(g, 2, US" smtp.client-ip=", sender_host_address); + g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address); } else if (arc_state_reason) g = string_append(g, 3, US" (", arc_state_reason, US")");