X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/a8d97c8a1191f0f38bb7be23ae8a59d25baff5a7..184e88237dea64ce48076cdd0184612d057cbafd:/src/src/dk.c diff --git a/src/src/dk.c b/src/src/dk.c index aa3c4d993..713684b2a 100644 --- a/src/src/dk.c +++ b/src/src/dk.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/dk.c,v 1.3 2005/06/20 11:20:41 ph10 Exp $ */ +/* $Cambridge: exim/src/src/dk.c,v 1.12 2007/01/08 10:50:18 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2005 */ +/* Copyright (c) University of Cambridge 1995 - 2007 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for DomainKeys support. Other DK relevant code is in @@ -136,7 +136,14 @@ void dk_exim_verify_finish(void) { dk_internal_status = dk_message(dk_context, CUS &dkbuff[i], 1); /* Flag end-of-message. */ - dk_internal_status = dk_end(dk_context, NULL); + dk_internal_status = dk_end(dk_context, &dk_flags); + + /* dk_flags now has the selector flags (if there was one). + It seems that currently only the "t=" flag is supported + in selectors. */ + if (dk_flags & DK_FLAG_SET) + if (dk_flags & DK_FLAG_TESTING) + dk_verify_block->testing = TRUE; /* Grab address/domain information. */ p = dk_address(dk_context); @@ -160,15 +167,18 @@ void dk_exim_verify_finish(void) { dk_verify_block->domain = string_copy((uschar *)(q+1)); *q = '\0'; dk_verify_block->local_part = string_copy((uschar *)p); + *q = '@'; } } } + /* Now grab the domain-wide DK policy */ dk_flags = dk_policy(dk_context); - /* Grab domain policy */ if (dk_flags & DK_FLAG_SET) { - if (dk_flags & DK_FLAG_TESTING) + /* Selector "t=" flag has precedence, don't overwrite it if + the selector has set it above. */ + if ((dk_flags & DK_FLAG_TESTING) && !dk_verify_block->testing) dk_verify_block->testing = TRUE; if (dk_flags & DK_FLAG_SIGNSALL) dk_verify_block->signsall = TRUE; @@ -217,7 +227,7 @@ void dk_exim_verify_finish(void) { dk_verify_block->result_string = string_copy((uschar *)DK_STAT_to_string(dk_internal_status)); /* All done, reset dk_context. */ - dk_free(dk_context); + dk_free(dk_context,1); dk_context = NULL; store_pool = old_pool; @@ -229,8 +239,10 @@ uschar *dk_exim_sign(int dk_fd, uschar *dk_selector, uschar *dk_canon) { uschar *rc = NULL; + uschar *headers = NULL; + int headers_len; int dk_canon_int = DK_CANON_SIMPLE; - char c; + char buf[4096]; int seen_lf = 0; int seen_lfdot = 0; uschar sig[1024]; @@ -259,40 +271,46 @@ uschar *dk_exim_sign(int dk_fd, goto CLEANUP; } - while((sread = read(dk_fd,&c,1)) > 0) { + while((sread = read(dk_fd,&buf,4096)) > 0) { + int pos = 0; + char c; - if ((c == '.') && seen_lfdot) { - /* escaped dot, write "\n.", continue */ - dk_message(dk_context, CUS "\n.", 2); - seen_lf = 0; - seen_lfdot = 0; - continue; - } + while (pos < sread) { + c = buf[pos++]; - if (seen_lfdot) { - /* EOM, write "\n" and break */ - dk_message(dk_context, CUS "\n", 1); - break; - } + if ((c == '.') && seen_lfdot) { + /* escaped dot, write "\n.", continue */ + dk_message(dk_context, CUS "\n.", 2); + seen_lf = 0; + seen_lfdot = 0; + continue; + } - if ((c == '.') && seen_lf) { - seen_lfdot = 1; - continue; - } + if (seen_lfdot) { + /* EOM, write "\n" and break */ + dk_message(dk_context, CUS "\n", 1); + break; + } - if (seen_lf) { - /* normal lf, just send it */ - dk_message(dk_context, CUS "\n", 1); - seen_lf = 0; - } + if ((c == '.') && seen_lf) { + seen_lfdot = 1; + continue; + } - if (c == '\n') { - seen_lf = 1; - continue; - } + if (seen_lf) { + /* normal lf, just send it */ + dk_message(dk_context, CUS "\n", 1); + seen_lf = 0; + } + + if (c == '\n') { + seen_lf = 1; + continue; + } - /* write the char */ - dk_message(dk_context, CUS &c, 1); + /* write the char */ + dk_message(dk_context, CUS &c, 1); + } } /* Handle failed read above. */ @@ -382,13 +400,13 @@ uschar *dk_exim_sign(int dk_fd, /* Looks like a filename, load the private key. */ memset(big_buffer,0,big_buffer_size); privkey_fd = open(CS dk_private_key,O_RDONLY); - read(privkey_fd,big_buffer,16383); - close(privkey_fd); + (void)read(privkey_fd,big_buffer,16383); + (void)close(privkey_fd); dk_private_key = big_buffer; } /* Get the signature. */ - dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 8192); + dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 1024); /* Check for unuseable key */ if (dk_internal_status != DK_STAT_OK) { @@ -397,17 +415,21 @@ uschar *dk_exim_sign(int dk_fd, goto CLEANUP; } - rc = store_get(1024); + headers_len = dk_headers(dk_context, NULL); + rc = store_get(1024+256+headers_len); + headers = store_malloc(headers_len); + dk_headers(dk_context, CS headers); /* Build DomainKey-Signature header to return. */ - snprintf(CS rc, 1024, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s;\r\n" - "\ts=%s; d=%s;\r\n" - "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, sig); + (void)string_format(rc, 1024+256+headers_len, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;\r\n" + "\th=%s;\r\n" + "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, headers, sig); - log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;", dk_canon, dk_selector, dk_domain); + log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; s=%s; d=%s; h=%s;", dk_canon, dk_selector, dk_domain, headers); + store_free(headers); CLEANUP: if (dk_context != NULL) { - dk_free(dk_context); + dk_free(dk_context,1); dk_context = NULL; } store_pool = old_pool;