From c9cf9ac495443d40a9196d9f402313a11a83fae9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 18 Mar 2018 15:42:39 +0000 Subject: [PATCH] DMARC: add results to generic authres string; remove $dmarc_ar_header --- doc/doc-txt/ChangeLog | 3 ++ doc/doc-txt/experimental-spec.txt | 5 +-- src/src/dmarc.c | 70 +++++++++---------------------- src/src/expand.c | 4 +- src/src/functions.h | 13 +++--- src/src/globals.c | 1 - src/src/globals.h | 1 - src/src/smtp_in.c | 2 +- 8 files changed, 36 insertions(+), 63 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index eb0e1a346..1dff01fb5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -160,6 +160,9 @@ JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such (propating to people being dropped from mailing lists). Discovered and pinpointed by David Carter. +JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being + replaced by the ${authresults } expansion. + Exim version 4.90 ----------------- diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 839200c6c..2cac9e90d 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -548,9 +548,8 @@ expansion variables are available: are "none", "reject" and "quarantine". It is blank when there is any error, including no DMARC record. - o $dmarc_ar_header - This is the entire Authentication-Results header which you can - add using an add_header modifier. +A now-redundant variable $dmarc_ar_header has now been withdrawn. +Use the ${authresults } expansion instead. 5. How to enable DMARC advanced operation: diff --git a/src/src/dmarc.c b/src/src/dmarc.c index 0032afe87..0b45e100a 100644 --- a/src/src/dmarc.c +++ b/src/src/dmarc.c @@ -93,7 +93,6 @@ dmarc_status = US"none"; dmarc_abort = FALSE; dmarc_pass_fail = US"skipped"; dmarc_used_domain = US""; -dmarc_ar_header = NULL; dmarc_has_been_checked = FALSE; header_from_sender = NULL; spf_sender_domain = NULL; @@ -140,13 +139,15 @@ return OK; /* dmarc_store_data stores the header data so that subsequent - * dmarc_process can access the data */ +dmarc_process can access the data */ -int dmarc_store_data(header_line *hdr) { - /* No debug output because would change every test debug output */ - if (dmarc_disable_verify != TRUE) - from_header = hdr; - return OK; +int +dmarc_store_data(header_line *hdr) +{ +/* No debug output because would change every test debug output */ +if (!dmarc_disable_verify) + from_header = hdr; +return OK; } @@ -208,8 +209,8 @@ if ( dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT } /* dmarc_process adds the envelope sender address to the existing - context (if any), retrieves the result, sets up expansion - strings and evaluates the condition outcome. */ +context (if any), retrieves the result, sets up expansion +strings and evaluates the condition outcome. */ int dmarc_process() @@ -223,10 +224,7 @@ u_char **ruf; /* forensic report addressees, if called for */ /* ACLs have "control=dmarc_disable_verify" */ if (dmarc_disable_verify) - { - dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); return OK; - } /* Store the header From: sender domain for this part of DMARC. * If there is no from_header struct, then it's likely this message @@ -464,7 +462,7 @@ if (!dmarc_abort && !sender_host_authenticated) log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s", opendmarc_policy_status_to_str(libdm_status)); - if (has_dmarc_record == TRUE) + if (has_dmarc_record) { log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s " "spf_align=%s dkim_align=%s enforcement='%s'", @@ -479,13 +477,10 @@ if (!dmarc_abort && !sender_host_authenticated) } } -/* set some global variables here */ -dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); - /* shut down libopendmarc */ -if ( dmarc_pctx != NULL ) +if (dmarc_pctx) (void) opendmarc_policy_connect_shutdown(dmarc_pctx); -if ( dmarc_disable_verify == FALSE ) +if (!dmarc_disable_verify) (void) opendmarc_policy_library_shutdown(&dmarc_ctx); return OK; @@ -595,41 +590,14 @@ if (what == DMARC_VERIFY_STATUS) return US""; } -uschar * -dmarc_auth_results_header(header_line *from_header, uschar *hostname) -{ -uschar *hdr_tmp = US""; - -/* Allow a server hostname to be passed to this function, but is - * currently unused */ -if (!hostname) - hostname = primary_hostname; -hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname); - -#if 0 -/* I don't think this belongs here, but left it here commented out - * because it was a lot of work to get working right. */ -if (spf_response != NULL) { - uschar *dmarc_ar_spf = US""; - int sr = 0; - sr = spf_response->result; - dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" : - (sr == SPF_RESULT_PASS) ? US"pass" : - (sr == SPF_RESULT_FAIL) ? US"fail" : - (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" : - US"none"; - hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;", - hdr_tmp, dmarc_ar_spf_result, - spf_response->header_comment, - expand_string(US"$sender_address") ); -} -#endif -hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail); +gstring * +authres_dmarc(gstring * g) +{ +g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail); if (header_from_sender) - hdr_tmp = string_sprintf("%s header.from=%s", - hdr_tmp, header_from_sender); -return hdr_tmp; + g = string_append(g, 2, US"header.from=", header_from_sender); +return g; } # endif /* SUPPORT_SPF */ diff --git a/src/src/expand.c b/src/src/expand.c index 6f67ab138..f1c8544c9 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -518,7 +518,6 @@ static var_entry var_table[] = { { "dkim_verify_status", vtype_stringptr, &dkim_verify_status }, #endif #ifdef EXPERIMENTAL_DMARC - { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header }, { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy }, { "dmarc_status", vtype_stringptr, &dmarc_status }, { "dmarc_status_text", vtype_stringptr, &dmarc_status_text }, @@ -4149,6 +4148,9 @@ while (*s != 0) #ifndef DISABLE_DKIM yield = authres_dkim(yield); #endif +#ifdef EXPERIMENTAL_DMARC + yield = authres_dmarc(yield); +#endif #ifdef EXPERIMENTAL_ARC yield = authres_arc(yield); #endif diff --git a/src/src/functions.h b/src/src/functions.h index 0b261177c..1b7aff083 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -112,15 +112,18 @@ extern void auth_show_supported(FILE *); extern uschar *auth_xtextencode(uschar *, int); extern int auth_xtextdecode(uschar *, uschar **); -extern gstring *authres_smtpauth(gstring *); -#ifdef SUPPORT_SPF -extern gstring *authres_spf(gstring *); +#ifdef EXPERIMENTAL_ARC +extern gstring *authres_arc(gstring *); #endif #ifndef DISABLE_DKIM extern gstring *authres_dkim(gstring *); #endif -#ifdef EXPERIMENTAL_ARC -extern gstring *authres_arc(gstring *); +#ifdef EXPERIMENTAL_DMARC +extern gstring *authres_dmarc(gstring *); +#endif +extern gstring *authres_smtpauth(gstring *); +#ifdef SUPPORT_SPF +extern gstring *authres_spf(gstring *); #endif extern uschar *b64encode(uschar *, int); diff --git a/src/src/globals.c b/src/src/globals.c index b2aeb861f..55154646c 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -682,7 +682,6 @@ uschar *dkim_verify_reason = NULL; #endif #ifdef EXPERIMENTAL_DMARC BOOL dmarc_has_been_checked = FALSE; -uschar *dmarc_ar_header = NULL; uschar *dmarc_domain_policy = NULL; uschar *dmarc_forensic_sender = NULL; uschar *dmarc_history_file = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 63e0e424c..7bd681fe9 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -405,7 +405,6 @@ extern uschar *dkim_verify_reason; /* result for this signature */ #endif #ifdef EXPERIMENTAL_DMARC extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */ -extern uschar *dmarc_ar_header; /* Expansion variable, suggested header for dmarc auth results */ extern uschar *dmarc_domain_policy; /* Expansion for declared policy of used domain */ extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */ extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index d4ffb3ce7..17801838d 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2009,7 +2009,7 @@ spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL; #endif #ifdef EXPERIMENTAL_DMARC dmarc_has_been_checked = dmarc_disable_verify = dmarc_enable_forensic = FALSE; -dmarc_ar_header = dmarc_domain_policy = dmarc_forensic_sender = +dmarc_domain_policy = dmarc_forensic_sender = dmarc_history_file = dmarc_status = dmarc_status_text = dmarc_tld_file = dmarc_used_domain = NULL; #endif -- 2.30.2