-/* $Cambridge: exim/src/src/acl.c,v 1.20 2005/03/08 15:32:02 tom Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.21 2005/03/08 16:57:28 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
(1<<ACL_WHERE_VRFY),
-
+
(1<<ACL_WHERE_AUTH)|
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
(1<<ACL_WHERE_VRFY),
-
+
(1<<ACL_WHERE_AUTH)|
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
(1<<ACL_WHERE_VRFY),
-
+
(1<<ACL_WHERE_AUTH)|
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
(1<<ACL_WHERE_VRFY),
-
+
(1<<ACL_WHERE_AUTH)|
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
(1<<ACL_WHERE_VRFY),
-
+
(1<<ACL_WHERE_AUTH)|
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
-/* $Cambridge: exim/src/src/dk.c,v 1.1 2005/03/08 15:32:02 tom Exp $ */
+/* $Cambridge: exim/src/src/dk.c,v 1.2 2005/03/08 16:57:28 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
int dk_receive_getc(void) {
int i;
int c = receive_getc();
-
+
if (dk_context != NULL) {
/* Send oldest byte */
if ((dkbuff[0] < 256) && (dk_internal_status == DK_STAT_OK)) {
dkbuff[3] = 256;
dkbuff[4] = 256;
dkbuff[5] = 256;
- }
+ }
if ( (dkbuff[2] == '\r') &&
(dkbuff[3] == '\n') &&
(dkbuff[4] == '.') &&
}
-void dk_exim_verify_init(void) {
+void dk_exim_verify_init(void) {
int old_pool = store_pool;
store_pool = POOL_PERM;
-
+
/* Reset DK state in any case. */
dk_context = NULL;
dk_lib = NULL;
dk_verify_block = NULL;
-
+
/* Set up DK context if DK was requested and input is SMTP. */
if (smtp_input && !smtp_batched_input && dk_do_verify) {
/* initialize library */
/* Bail out if context could not be set up earlier. */
if (dk_context == NULL)
return;
-
+
store_pool = POOL_PERM;
-
+
/* Send remaining bytes from input which are still in the buffer. */
for (i=0;i<6;i++)
if (dkbuff[i] < 256)
/* Flag end-of-message. */
dk_internal_status = dk_end(dk_context, NULL);
-
+
/* Grab address/domain information. */
p = dk_address(dk_context);
if (p != NULL) {
if (dk_flags & DK_FLAG_SET) {
if (dk_flags & DK_FLAG_TESTING)
dk_verify_block->testing = TRUE;
- if (dk_flags & DK_FLAG_SIGNSALL)
+ if (dk_flags & DK_FLAG_SIGNSALL)
dk_verify_block->signsall = TRUE;
}
/* This is missing DK_EXIM_RESULT_NON_PARTICIPANT. The lib does not
report such a status. */
}
-
+
/* Set up human readable result string. */
dk_verify_block->result_string = string_copy((uschar *)DK_STAT_to_string(dk_internal_status));
-
+
/* All done, reset dk_context. */
dk_free(dk_context);
dk_context = NULL;
-
+
store_pool = old_pool;
}
int sread;
int old_pool = store_pool;
store_pool = POOL_PERM;
-
+
dk_lib = dk_init(&dk_internal_status);
if (dk_internal_status != DK_STAT_OK) {
debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
we must do this BEFORE knowing which domain we sign for. */
if ((dk_canon != NULL) && (Ustrcmp(dk_canon, "nofws") == 0)) dk_canon_int = DK_CANON_NOFWS;
else dk_canon = "simple";
-
+
/* Initialize signing context. */
dk_context = dk_sign(dk_lib, &dk_internal_status, dk_canon_int);
if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
+ debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
dk_context = NULL;
goto CLEANUP;
}
-
+
while((sread = read(dk_fd,&c,1)) > 0) {
-
+
if ((c == '.') && seen_lfdot) {
/* escaped dot, write "\n.", continue */
dk_message(dk_context, "\n.", 2);
seen_lfdot = 0;
continue;
}
-
+
if (seen_lfdot) {
/* EOM, write "\n" and break */
dk_message(dk_context, "\n", 1);
seen_lfdot = 1;
continue;
}
-
+
if (seen_lf) {
/* normal lf, just send it */
dk_message(dk_context, "\n", 1);
seen_lf = 0;
}
-
+
if (c == '\n') {
seen_lf = 1;
continue;
}
-
+
/* write the char */
dk_message(dk_context, &c, 1);
}
-
+
/* Handle failed read above. */
if (sread == -1) {
debug_printf("DK: Error reading -K file.\n");
rc = NULL;
goto CLEANUP;
}
-
+
/* Flag end-of-message. */
dk_internal_status = dk_end(dk_context, NULL);
/* TODO: check status */
-
-
+
+
/* Get domain to use, unless overridden. */
if (dk_domain == NULL) {
dk_domain = dk_address(dk_context);
uschar *p;
dk_domain++;
p = dk_domain;
- while (*p != 0) { *p = tolower(*p); p++; }
+ while (*p != 0) { *p = tolower(*p); p++; }
}
break;
}
if (dk_domain == NULL) {
- debug_printf("DK: Could not determine domain to use for signing from message headers.\n");
+ debug_printf("DK: Could not determine domain to use for signing from message headers.\n");
/* In this case, we return "OK" by sending up an empty string as the
DomainKey-Signature header. If there is no domain to sign for, we
can send the message anyway since the recipient has no policy to
debug_printf("DK: Error while expanding dk_domain option.\n");
rc = NULL;
goto CLEANUP;
- }
+ }
}
-
- /* Set up $dk_domain expansion variable. */
+
+ /* Set up $dk_domain expansion variable. */
dk_signing_domain = dk_domain;
/* Get selector to use. */
rc = NULL;
goto CLEANUP;
}
-
+
/* Set up $dk_selector expansion variable. */
dk_signing_selector = dk_selector;
-
+
/* Get private key to use. */
dk_private_key = expand_string(dk_private_key);
if (dk_private_key == NULL) {
rc = NULL;
goto CLEANUP;
}
-
+
if ( (Ustrlen(dk_private_key) == 0) ||
(Ustrcmp(dk_private_key,"0") == 0) ||
(Ustrcmp(dk_private_key,"false") == 0) ) {
rc = "";
goto CLEANUP;
}
-
+
if (dk_private_key[0] == '/') {
int privkey_fd = 0;
/* Looks like a filename, load the private key. */
close(privkey_fd);
dk_private_key = big_buffer;
}
-
+
/* Get the signature. */
dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 8192);
/* Check for unuseable key */
if (dk_internal_status != DK_STAT_OK) {
- debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
+ debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status));
rc = NULL;
goto CLEANUP;
}
-
+
rc = store_get(1024);
/* Build DomainKey-Signature header to return. */
snprintf(rc, 1024, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s;\r\n"
- "\ts=%s; d=%s;\r\n"
+ "\ts=%s; d=%s;\r\n"
"\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, sig);
-
+
log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;", dk_canon, dk_selector, dk_domain);
CLEANUP:
-/* $Cambridge: exim/src/src/expand.c,v 1.14 2005/03/08 15:32:02 tom Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.15 2005/03/08 16:57:28 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
vtype_pinodes /* partition inodes; value is T/F for spool/log */
#ifdef EXPERIMENTAL_DOMAINKEYS
,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
-#endif
+#endif
};
/* This table must be kept in alphabetical order. */
s = dk_verify_block->domain;
if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
s = dk_verify_block->local_part;
-
+
if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
switch(dk_verify_block->address_source) {
case DK_EXIM_ADDRESS_NONE: s = "0"; break;
case DK_EXIM_RESULT_GOOD: s = "good"; break;
case DK_EXIM_RESULT_BAD: s = "bad"; break;
}
-
+
if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
s = (dk_verify_block->signsall)? "1" : "0";
-
+
if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
s = (dk_verify_block->testing)? "1" : "0";
-
+
if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
s = (dk_verify_block->is_signed)? "1" : "0";
-
+
return (s == NULL)? US"" : s;
#endif
-/* $Cambridge: exim/src/src/transport.c,v 1.5 2005/03/08 15:32:02 tom Exp $ */
+/* $Cambridge: exim/src/src/transport.c,v 1.6 2005/03/08 16:57:28 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
signed message down the original fd (or TLS fd).
Arguments: as for internal_transport_write_message() above, with additional
- arguments:
+ arguments:
uschar *dk_private_key The private key to use (filename or plain data)
uschar *dk_domain Override domain (normally NULL)
uschar *dk_selector The selector to use.
int sread = 0;
int wwritten = 0;
uschar *dk_signature = NULL;
-
+
snprintf(CS dk_spool_name, 256, "%s/input/%s/%s-K",
spool_directory, message_subdir, message_id);
dk_fd = Uopen(dk_spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
save_errno = errno;
goto CLEANUP;
}
-
+
/* Call original function */
rc = transport_write_message(addr, dk_fd, options,
size_limit, add_headers, remove_headers,
check_string, escape_string, rewrite_rules,
rewrite_existflags);
-
+
/* Save error state. We must clean up before returning. */
if (!rc)
{
dk_domain,
dk_selector,
dk_canon);
-
+
if (dk_signature != NULL)
{
/* Send the signature first */
}
}
- /* Rewind file and send it down the original fd. */
+ /* Rewind file and send it down the original fd. */
lseek(dk_fd, 0, SEEK_SET);
-
+
while((sread = read(dk_fd,sbuf,2048)) > 0)
{
char *p = sbuf;
goto DK_WRITE;
}
}
-
+
if (sread == -1)
{
save_errno = errno;