-/* $Cambridge: exim/src/src/acl.c,v 1.84 2009/10/14 14:48:41 nm4 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.85 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#ifndef DISABLE_DKIM
case ACLC_DKIM_SIGNER:
- if (dkim_signing_domain != NULL)
- {
- rc = match_isinlist(dkim_signing_domain,
+ if (dkim_cur_signer != NULL)
+ rc = match_isinlist(dkim_cur_signer,
&arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
- if (rc == FAIL)
- {
- rc = match_isinlist(dkim_exim_expand_query(DKIM_IDENTITY),
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
- }
- }
else
- {
rc = FAIL;
- }
break;
case ACLC_DKIM_STATUS:
-/* $Cambridge: exim/src/src/dkim.c,v 1.4 2009/10/13 18:32:05 tom Exp $ */
+/* $Cambridge: exim/src/src/dkim.c,v 1.5 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
pdkim_ctx *dkim_verify_ctx = NULL;
pdkim_signature *dkim_signatures = NULL;
pdkim_signature *dkim_cur_sig = NULL;
+uschar *dkim_cur_signer = NULL;
int dkim_exim_query_dns_txt(char *name, char *answer) {
dns_answer dnsa;
void dkim_exim_verify_finish(void) {
pdkim_signature *sig = NULL;
- int dkim_signing_domains_size = 0;
- int dkim_signing_domains_ptr = 0;
- dkim_signing_domains = NULL;
+ int dkim_signers_size = 0;
+ int dkim_signers_ptr = 0;
+ dkim_signers = NULL;
/* Delete eventual previous signature chain */
dkim_signatures = NULL;
logmsg[ptr] = '\0';
log_write(0, LOG_MAIN, (char *)logmsg);
- /* Build a colon-separated list of signing domains in dkim_signing_domains */
- dkim_signing_domains = string_append(dkim_signing_domains,
- &dkim_signing_domains_size,
- &dkim_signing_domains_ptr,
- 2,
- sig->domain,
- ":"
- );
+ /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
+ dkim_signers = string_append(dkim_signers,
+ &dkim_signers_size,
+ &dkim_signers_ptr,
+ 2,
+ sig->domain,
+ ":"
+ );
+
+ if (sig->identity != NULL) {
+ dkim_signers = string_append(dkim_signers,
+ &dkim_signers_size,
+ &dkim_signers_ptr,
+ 2,
+ sig->identity,
+ ":"
+ );
+ }
/* Process next signature */
sig = sig->next;
}
/* Chop the last colon from the domain list */
- if ((dkim_signing_domains != NULL) &&
- (Ustrlen(dkim_signing_domains) > 0))
- dkim_signing_domains[Ustrlen(dkim_signing_domains)-1] = '\0';
+ if ((dkim_signers != NULL) &&
+ (Ustrlen(dkim_signers) > 0))
+ dkim_signers[Ustrlen(dkim_signers)-1] = '\0';
}
void dkim_exim_acl_setup(uschar *id) {
pdkim_signature *sig = dkim_signatures;
dkim_cur_sig = NULL;
+ dkim_cur_signer = id;
if (dkim_disable_verify ||
- !id || !sig ||
- !dkim_verify_ctx) return;
+ !id || !dkim_verify_ctx) return;
/* Find signature to run ACL on */
while (sig != NULL) {
uschar *cmp_val = NULL;
-/* $Cambridge: exim/src/src/dkim.h,v 1.2 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/dkim.h,v 1.3 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
uschar *dkim_exim_expand_query(int);
uschar *dkim_exim_expand_defaults(int);
+extern uschar *dkim_cur_signer;
+
#define DKIM_ALGO 1
#define DKIM_BODYLENGTH 2
#define DKIM_CANON_BODY 3
-/* $Cambridge: exim/src/src/expand.c,v 1.101 2009/10/14 14:48:41 nm4 Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.102 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
{ "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
{ "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
{ "dkim_selector", vtype_stringptr, &dkim_signing_selector },
- { "dkim_signing_domains",vtype_stringptr, &dkim_signing_domains },
+ { "dkim_signers", vtype_stringptr, &dkim_signers },
{ "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
{ "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
#endif
-/* $Cambridge: exim/src/src/globals.c,v 1.82 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.83 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
BOOL disable_logging = FALSE;
#ifndef DISABLE_DKIM
-uschar *dkim_signing_domains = NULL;
+uschar *dkim_signers = NULL;
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
-uschar *dkim_verify_signers = US"$dkim_signing_domains";
+uschar *dkim_verify_signers = US"$dkim_signers";
BOOL dkim_collect_input = FALSE;
BOOL dkim_disable_verify = FALSE;
#endif
-/* $Cambridge: exim/src/src/globals.h,v 1.63 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/globals.h,v 1.64 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern BOOL disable_logging; /* Disables log writing when TRUE */
#ifndef DISABLE_DKIM
-extern uschar *dkim_signing_domains; /* Expansion variable, holds colon-separated list of domains that have signed a message */
+extern uschar *dkim_signers; /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */
extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */
extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */
extern uschar *dkim_verify_signers; /* Colon-separated list of domains for each of which we call the DKIM ACL */
-/* $Cambridge: exim/src/src/receive.c,v 1.46 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/receive.c,v 1.47 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
int sep = 0;
uschar *ptr = dkim_verify_signers_expanded;
uschar *item = NULL;
+ uschar *seen_items = NULL;
+ int seen_items_size = 0;
+ int seen_items_offset = 0;
uschar itembuf[256];
while ((item = string_nextinlist(&ptr, &sep,
itembuf,
sizeof(itembuf))) != NULL)
{
+ /* Only run ACL once for each domain or identity, no matter how often it
+ appears in the expanded list. */
+ if (seen_items != NULL) {
+ if (match_isinlist(item,
+ &seen_items,0,NULL,NULL,MCL_STRING,TRUE,NULL) == OK) continue;
+ string_cat(seen_items,&seen_items_size,&seen_items_offset,":",1);
+ }
+ string_cat(seen_items,&seen_items_size,&seen_items_offset,item,Ustrlen(item));
dkim_exim_acl_setup(item);
rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, &user_msg, &log_msg);
if (rc != OK) break;
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.64 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.65 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
bmi_verdicts = NULL;
#endif
#ifndef DISABLE_DKIM
-dkim_signing_domains = NULL;
+dkim_signers = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif
-/* $Cambridge: exim/src/src/spool_in.c,v 1.24 2009/06/10 07:34:04 tom Exp $ */
+/* $Cambridge: exim/src/src/spool_in.c,v 1.25 2009/10/15 08:06:23 tom Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
#endif
#ifndef DISABLE_DKIM
-dkim_signing_domains = NULL;
+dkim_signers = NULL;
dkim_disable_verify = FALSE;
dkim_collect_input = FALSE;
#endif