X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f9ba5e2255cf18092750fffacb6a9603571a2be5..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/dkim_transport.c

diff --git a/src/src/dkim_transport.c b/src/src/dkim_transport.c
index 866df263f..142f4552a 100644
--- a/src/src/dkim_transport.c
+++ b/src/src/dkim_transport.c
@@ -2,8 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* Transport shim for dkim signing */
 
@@ -21,8 +23,8 @@ if (dkim->dkim_strict)
   uschar * dkim_strict_result = expand_string(dkim->dkim_strict);
 
   if (dkim_strict_result)
-    if ( (strcmpic(dkim->dkim_strict, US"1") == 0) ||
-	 (strcmpic(dkim->dkim_strict, US"true") == 0) )
+    if (  strcmpic(dkim_strict_result, US"1") == 0
+       || strcmpic(dkim_strict_result, US"true") == 0)
       {
       /* Set errno to something halfway meaningful */
       *errp = EACCES;
@@ -56,7 +58,7 @@ DEBUG(D_transport) debug_printf("send file fd=%d\n", out_fd);
    to the socket. However only if we don't use TLS,
    as then there's another layer of indirection
    before the data finally hits the socket. */
-if (tls_out.active != out_fd)
+if (tls_out.active.sock != out_fd)
   {
   ssize_t copied = 0;
 
@@ -83,9 +85,9 @@ else
 
     while (sread)
       {
-#ifdef SUPPORT_TLS
-      wwritten = tls_out.active == out_fd
-	? tls_write(FALSE, p, sread, FALSE)
+#ifndef DISABLE_TLS
+      wwritten = tls_out.active.sock == out_fd
+	? tls_write(tls_out.active.tls_ctx, p, sread, FALSE)
 	: write(out_fd, CS p, sread);
 #else
       wwritten = write(out_fd, CS p, sread);
@@ -124,7 +126,7 @@ dkt_direct(transport_ctx * tctx, struct ob_dkim * dkim,
 {
 int save_fd = tctx->u.fd;
 int save_options = tctx->options;
-BOOL save_wireformat = spool_file_wireformat;
+BOOL save_wireformat = f.spool_file_wireformat;
 uschar * hdrs;
 gstring * dkim_signature;
 int hsize;
@@ -150,8 +152,14 @@ if (!rc) return FALSE;
 
 /* Get signatures for headers plus spool data file */
 
-dkim->dot_stuffed = !!(save_options & topt_end_dot);
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* The dotstuffed status of the datafile depends on whether it was stored
+in wireformat. */
 
+dkim->dot_stuffed = f.spool_file_wireformat;
 if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
 				    hdrs, dkim, &errstr)))
   if (!(rc = dkt_sign_fail(dkim, &errno)))
@@ -160,6 +168,18 @@ if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
     return FALSE;
     }
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)			/* Prepend ARC headers */
+  {
+  uschar * e = NULL;
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))
+    {
+    *err = e;
+    return FALSE;
+    }
+  }
+#endif
+
 /* Write the signature and headers into the deliver-out-buffer.  This should
 mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
 (transport_write_message() sizes the BDAT for the buffered amount) - for short
@@ -168,7 +188,7 @@ having already been done - but we have to say we want CRLF output format, and
 temporarily set the marker for possible already-CRLF input. */
 
 tctx->options &= ~topt_escape_headers;
-spool_file_wireformat = TRUE;
+f.spool_file_wireformat = TRUE;
 transport_write_reset(0);
 if (  (  dkim_signature
       && dkim_signature->ptr > 0
@@ -178,7 +198,7 @@ if (  (  dkim_signature
    )
   return FALSE;
 
-spool_file_wireformat = save_wireformat;
+f.spool_file_wireformat = save_wireformat;
 tctx->options = save_options | topt_no_headers | topt_continuation;
 
 if (!(transport_write_message(tctx, 0)))
@@ -253,7 +273,13 @@ if (!rc)
   goto CLEANUP;
   }
 
-/* Feed the file to the goats^W DKIM lib */
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* Feed the file to the goats^W DKIM lib.  At this point the dotstuffed
+status of the file depends on the output of transport_write_message() just
+above, which should be the result of the end_dot flag in tctx->options. */
 
 dkim->dot_stuffed = !!(options & topt_end_dot);
 if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
@@ -268,6 +294,15 @@ if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
 else
   dlen = dkim_signature->ptr;
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)				/* Prepend ARC headers */
+  {
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
+    goto CLEANUP;
+  dlen = dkim_signature->ptr;
+  }
+#endif
+
 #ifndef OS_SENDFILE
 if (options & topt_use_bdat)
 #endif
@@ -351,7 +386,8 @@ dkim_transport_write_message(transport_ctx * tctx,
 {
 /* If we can't sign, just call the original function. */
 
-if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
+if (  !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
+   && !dkim->force_bodyhash)
   return transport_write_message(tctx, 0);
 
 /* If there is no filter command set up, construct the message and calculate