From 20913a313f33fd8ae2dea9f379552975867c6394 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 7 Jan 2018 15:03:25 +0000 Subject: [PATCH] DKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220 --- doc/doc-docbook/spec.xfpt | 7 ++++--- src/src/dkim.c | 19 ++++++++++++++----- test/confs/4520 | 3 +++ test/log/4520 | 8 ++++++++ test/scripts/4500-DKIM/4520 | 7 +++++++ 5 files changed, 36 insertions(+), 8 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f2709418e..e36e32190 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -38593,7 +38593,8 @@ After expansion, this can be a list. Each element in turn is put into the &%$dkim_domain%& expansion variable while expanding the remaining signing options. .wen -If it is empty after expansion, DKIM signing is not done. +If it is empty after expansion, DKIM signing is not done, +and no error will result even if &%dkim_strict%& is set. .option dkim_selector smtp string list&!! unset This sets the key selector string. @@ -38602,8 +38603,9 @@ After expansion, which can use &$dkim_domain$&, this can be a list. Each element in turn is put in the expansion variable &%$dkim_selector%& which may be used in the &%dkim_private_key%& option along with &%$dkim_domain%&. -If the option is empty after expansion, DKIM signing is not done for this domain. .wen +If the option is empty after expansion, DKIM signing is not done for this domain, +and no error will result even if &%dkim_strict%& is set. .option dkim_private_key smtp string&!! unset This sets the private key to use. @@ -38620,7 +38622,6 @@ be "0", "false" or the empty string, in which case the message will not be signed. This case will not result in an error, even if &%dkim_strict%& is set. .endlist -If the option is empty after expansion, DKIM signing is not done. .new .option dkim_hash smtp string&!! sha256 diff --git a/src/src/dkim.c b/src/src/dkim.c index 9731a63d9..18427fe9b 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -531,8 +531,12 @@ switch (what) } -/* Generate signatures for the given file, returning a string. +/* Generate signatures for the given file. If a prefix is given, prepend it to the file for the calculations. + +Return: + NULL: error; error string written + string: signature header(s), or a zero-length string (not an error) */ gstring * @@ -702,9 +706,15 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, NULL, 0))) } } } +if (!ctx.sig) + { + DEBUG(D_transport) debug_printf("DKIM: no viable signatures to use\n"); + sigbuf = string_get(1); /* return a zero-len string */ + goto CLEANUP; + } -if (prefix) - pdkim_feed(&ctx, prefix, Ustrlen(prefix)); +if (prefix && (pdkim_feed(&ctx, prefix, Ustrlen(prefix))) != PDKIM_OK) + goto pk_bad; if (lseek(fd, off, SEEK_SET) < 0) sread = -1; @@ -729,9 +739,8 @@ if ((pdkim_rc = pdkim_feed_finish(&ctx, &sig, errstr)) != PDKIM_OK) for (sigbuf = NULL; sig; sig = sig->next) sigbuf = string_append(sigbuf, 2, US sig->signature_header, US"\r\n"); -(void) string_from_gstring(sigbuf); - CLEANUP: + (void) string_from_gstring(sigbuf); store_pool = old_pool; errno = save_errno; return sigbuf; diff --git a/test/confs/4520 b/test/confs/4520 index 3127d13b3..d444e2832 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -61,5 +61,8 @@ send_to_server: .ifdef VALUE dkim_hash = VALUE .endif +.ifdef STRICT + dkim_strict = STRICT +.endif # End diff --git a/test/log/4520 b/test/log/4520 index 4a6502bb6..593cd6692 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -22,6 +22,9 @@ 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbL-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00" 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed +1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbN-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbO-0005vi-00" +1999-03-02 09:44:33 10HmbN-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 @@ -83,3 +86,8 @@ 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbL-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbO-0005vi-00 data acl: dkim status +1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbN-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmbO-0005vi-00 Completed diff --git a/test/scripts/4500-DKIM/4520 b/test/scripts/4500-DKIM/4520 index 1bc4c6030..406db39a5 100644 --- a/test/scripts/4500-DKIM/4520 +++ b/test/scripts/4500-DKIM/4520 @@ -62,6 +62,13 @@ content exim -d-all+acl -DOPT=From -DSELECTOR=sel_bad -odf d@test.ex From: nobody@example.com +content +**** +# +# check that an empty dkim_privatekey overrides dkim_strict +exim -DOPT=From -DSTRICT=true -DSELECTOR=none -odf a@test.ex +From: nobody@example.com + content **** # -- 2.30.2