X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7c6ec81b9594697a5b916db1aabbb1c8b6c4e342..c5db348c5e29e93e51389fa0079f829967c5da82:/src/src/dkim.c diff --git a/src/src/dkim.c b/src/src/dkim.c index cd8a16ae6..d31cae9c7 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -12,7 +12,20 @@ #ifndef DISABLE_DKIM -#include "pdkim/pdkim.h" +# include "pdkim/pdkim.h" + +# ifdef MACRO_PREDEF +# include "macro_predef.h" + +void +params_dkim(void) +{ +builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS); +} +# else /*!MACRO_PREDEF*/ + + + int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; @@ -125,7 +138,8 @@ void dkim_exim_verify_finish(void) { pdkim_signature * sig = NULL; -int dkim_signers_size = 0, dkim_signers_ptr = 0, rc; +int rc; +gstring * g = NULL; const uschar * errstr; store_pool = POOL_PERM; @@ -158,113 +172,106 @@ if (rc != PDKIM_OK) for (sig = dkim_signatures; sig; sig = sig->next) { - int size = 0, ptr = 0; - uschar * logmsg = NULL, * s; + uschar * s; + gstring * logmsg; /* Log a line for each signature */ if (!(s = sig->domain)) s = US""; - logmsg = string_append(logmsg, &size, &ptr, 2, "d=", s); + logmsg = string_append(NULL, 2, "d=", s); if (!(s = sig->selector)) s = US""; - logmsg = string_append(logmsg, &size, &ptr, 2, " s=", s); - logmsg = string_append(logmsg, &size, &ptr, 7, + logmsg = string_append(logmsg, 2, " s=", s); + logmsg = string_append(logmsg, 7, " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", " a=", dkim_sig_to_a_tag(sig), - string_sprintf(" b=%d", + string_sprintf(" b=" SIZE_T_FMT, (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0)); - if ((s= sig->identity)) logmsg = string_append(logmsg, &size, &ptr, 2, " i=", s); - if (sig->created > 0) logmsg = string_append(logmsg, &size, &ptr, 1, + if ((s= sig->identity)) logmsg = string_append(logmsg, 2, " i=", s); + if (sig->created > 0) logmsg = string_cat(logmsg, string_sprintf(" t=%lu", sig->created)); - if (sig->expires > 0) logmsg = string_append(logmsg, &size, &ptr, 1, + if (sig->expires > 0) logmsg = string_cat(logmsg, string_sprintf(" x=%lu", sig->expires)); - if (sig->bodylength > -1) logmsg = string_append(logmsg, &size, &ptr, 1, + if (sig->bodylength > -1) logmsg = string_cat(logmsg, string_sprintf(" l=%lu", sig->bodylength)); switch (sig->verify_status) { case PDKIM_VERIFY_NONE: - logmsg = string_append(logmsg, &size, &ptr, 1, " [not verified]"); + logmsg = string_cat(logmsg, " [not verified]"); break; case PDKIM_VERIFY_INVALID: - logmsg = string_append(logmsg, &size, &ptr, 1, " [invalid - "); + logmsg = string_cat(logmsg, " [invalid - "); switch (sig->verify_ext_status) { case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: - logmsg = string_append(logmsg, &size, &ptr, 1, + logmsg = string_cat(logmsg, "public key record (currently?) unavailable]"); break; case PDKIM_VERIFY_INVALID_BUFFER_SIZE: - logmsg = string_append(logmsg, &size, &ptr, 1, - "overlong public key record]"); + logmsg = string_cat(logmsg, "overlong public key record]"); break; case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD: case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: - logmsg = string_append(logmsg, &size, &ptr, 1, - "syntax error in public key record]"); + logmsg = string_cat(logmsg, "syntax error in public key record]"); break; case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: - logmsg = string_append(logmsg, &size, &ptr, 1, - "signature tag missing or invalid]"); + logmsg = string_cat(logmsg, "signature tag missing or invalid]"); break; case PDKIM_VERIFY_INVALID_DKIM_VERSION: - logmsg = string_append(logmsg, &size, &ptr, 1, - "unsupported DKIM version]"); + logmsg = string_cat(logmsg, "unsupported DKIM version]"); break; default: - logmsg = string_append(logmsg, &size, &ptr, 1, - "unspecified problem]"); + logmsg = string_cat(logmsg, "unspecified problem]"); } break; case PDKIM_VERIFY_FAIL: logmsg = - string_append(logmsg, &size, &ptr, 1, " [verification failed - "); + string_cat(logmsg, " [verification failed - "); switch (sig->verify_ext_status) { case PDKIM_VERIFY_FAIL_BODY: - logmsg = string_append(logmsg, &size, &ptr, 1, + logmsg = string_cat(logmsg, "body hash mismatch (body probably modified in transit)]"); break; case PDKIM_VERIFY_FAIL_MESSAGE: - logmsg = string_append(logmsg, &size, &ptr, 1, + logmsg = string_cat(logmsg, "signature did not verify (headers probably modified in transit)]"); break; default: - logmsg = string_append(logmsg, &size, &ptr, 1, "unspecified reason]"); + logmsg = string_cat(logmsg, "unspecified reason]"); } break; case PDKIM_VERIFY_PASS: - logmsg = - string_append(logmsg, &size, &ptr, 1, " [verification succeeded]"); + logmsg = string_cat(logmsg, " [verification succeeded]"); break; } - logmsg[ptr] = '\0'; - log_write(0, LOG_MAIN, "DKIM: %s", logmsg); + log_write(0, LOG_MAIN, "DKIM: %s", string_from_gstring(logmsg)); /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ if (sig->domain) - dkim_signers = string_append_listele(dkim_signers, &dkim_signers_size, - &dkim_signers_ptr, ':', sig->domain); + g = string_append_listele(g, ':', sig->domain); if (sig->identity) - dkim_signers = string_append_listele(dkim_signers, &dkim_signers_size, - &dkim_signers_ptr, ':', sig->identity); + g = string_append_listele(g, ':', sig->identity); /* Process next signature */ } +if (g) dkim_signers = g->s; + out: store_pool = dkim_verify_oldpool; } @@ -346,7 +353,7 @@ switch (what) case DKIM_BODYLENGTH: return dkim_cur_sig->bodylength >= 0 - ? string_sprintf(OFF_T_FMT, (LONGLONG_T) dkim_cur_sig->bodylength) + ? string_sprintf("%ld", dkim_cur_sig->bodylength) : dkim_exim_expand_defaults(what); case DKIM_CANON_BODY: @@ -371,12 +378,12 @@ switch (what) case DKIM_CREATED: return dkim_cur_sig->created > 0 - ? string_sprintf("%llu", dkim_cur_sig->created) + ? string_sprintf("%lu", dkim_cur_sig->created) : dkim_exim_expand_defaults(what); case DKIM_EXPIRES: return dkim_cur_sig->expires > 0 - ? string_sprintf("%llu", dkim_cur_sig->expires) + ? string_sprintf("%lu", dkim_cur_sig->expires) : dkim_exim_expand_defaults(what); case DKIM_HEADERNAMES: @@ -453,19 +460,16 @@ switch (what) If a prefix is given, prepend it to the file for the calculations. */ -blob * +gstring * dkim_exim_sign(int fd, off_t off, uschar * prefix, struct ob_dkim * dkim, const uschar ** errstr) { const uschar * dkim_domain; int sep = 0; -uschar * seen_doms = NULL; -int seen_doms_size = 0; -int seen_doms_offset = 0; +gstring * seen_doms = NULL; pdkim_ctx ctx; pdkim_signature * sig; -blob * sigbuf = NULL; -int sigsize = 0; +gstring * sigbuf; int pdkim_rc; int sread; uschar buf[4096]; @@ -498,8 +502,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, NULL, 0))) 0, NULL, NULL, MCL_STRING, TRUE, NULL) == OK) continue; - seen_doms = string_append_listele(seen_doms, &seen_doms_size, - &seen_doms_offset, ':', dkim_signing_domain); + seen_doms = string_append_listele(seen_doms, ':', dkim_signing_domain); /* Set $dkim_selector expansion variable to each selector in list, for this domain. */ @@ -648,23 +651,10 @@ if (sread == -1) if ((pdkim_rc = pdkim_feed_finish(&ctx, &sig, errstr)) != PDKIM_OK) goto pk_bad; -sigbuf = store_get(sizeof(blob)); -sigbuf->data = NULL; -sigbuf->len = 0; +for (sigbuf = NULL; sig; sig = sig->next) + sigbuf = string_append(sigbuf, 2, US sig->signature_header, US"\r\n"); -while (sig) - { - int len = sigbuf->len; - sigbuf->data = string_append(sigbuf->data, &sigsize, &len, 2, - US sig->signature_header, US"\r\n"); - sigbuf->len = len; - sig = sig->next; - } - -if (sigbuf->data) - sigbuf->data[sigbuf->len] = '\0'; -else - sigbuf->data = US""; +(void) string_from_gstring(sigbuf); CLEANUP: store_pool = old_pool; @@ -684,4 +674,5 @@ expand_bad: goto bad; } -#endif +# endif /*!MACRO_PREDEF*/ +#endif /*!DISABLE_DKIM*/