X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/47c292c9f32228f49ec757aef80d0b406d063827..74f1a42304ce056cf979d22fb970faae161e3ab2:/src/src/dkim_transport.c

diff --git a/src/src/dkim_transport.c b/src/src/dkim_transport.c
index 704307e6f..db3db9180 100644
--- a/src/src/dkim_transport.c
+++ b/src/src/dkim_transport.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Transport shim for dkim signing */
@@ -56,7 +56,7 @@ DEBUG(D_transport) debug_printf("send file fd=%d\n", out_fd);
    to the socket. However only if we don't use TLS,
    as then there's another layer of indirection
    before the data finally hits the socket. */
-if (tls_out.active != out_fd)
+if (tls_out.active.sock != out_fd)
   {
   ssize_t copied = 0;
 
@@ -84,8 +84,8 @@ else
     while (sread)
       {
 #ifdef SUPPORT_TLS
-      wwritten = tls_out.active == out_fd
-	? tls_write(FALSE, p, sread, FALSE)
+      wwritten = tls_out.active.sock == out_fd
+	? tls_write(tls_out.active.tls_ctx, p, sread, FALSE)
 	: write(out_fd, CS p, sread);
 #else
       wwritten = write(out_fd, CS p, sread);
@@ -150,8 +150,14 @@ if (!rc) return FALSE;
 
 /* Get signatures for headers plus spool data file */
 
-dkim->dot_stuffed = !!(save_options & topt_end_dot);
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* The dotstuffed status of the datafile depends on whether it was stored
+in wireformat. */
 
+dkim->dot_stuffed = spool_file_wireformat;
 if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
 				    hdrs, dkim, &errstr)))
   if (!(rc = dkt_sign_fail(dkim, &errno)))
@@ -160,6 +166,18 @@ if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
     return FALSE;
     }
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)			/* Prepend ARC headers */
+  {
+  uschar * e;
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))
+    {
+    *err = e;
+    return FALSE;
+    }
+  }
+#endif
+
 /* Write the signature and headers into the deliver-out-buffer.  This should
 mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
 (transport_write_message() sizes the BDAT for the buffered amount) - for short
@@ -253,7 +271,13 @@ if (!rc)
   goto CLEANUP;
   }
 
-/* Feed the file to the goats^W DKIM lib */
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* Feed the file to the goats^W DKIM lib.  At this point the dotstuffed
+status of the file depends on the output of transport_write_message() just
+above, which should be the result of the end_dot flag in tctx->options. */
 
 dkim->dot_stuffed = !!(options & topt_end_dot);
 if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
@@ -268,6 +292,15 @@ if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
 else
   dlen = dkim_signature->ptr;
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)				/* Prepend ARC headers */
+  {
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
+    goto CLEANUP;
+  dlen = dkim_signature->ptr;
+  }
+#endif
+
 #ifndef OS_SENDFILE
 if (options & topt_use_bdat)
 #endif
@@ -351,7 +384,8 @@ dkim_transport_write_message(transport_ctx * tctx,
 {
 /* If we can't sign, just call the original function. */
 
-if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
+if (  !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
+   && !dkim->force_bodyhash)
   return transport_write_message(tctx, 0);
 
 /* If there is no filter command set up, construct the message and calculate