From: Tom Kistner Date: Tue, 24 Feb 2009 15:57:55 +0000 (+0000) Subject: wip X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/dbaed4f3c9b70605925898346965e610e335a797 wip --- diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 2b815c8a9..fb0c09d17 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -1,4 +1,4 @@ -# $Cambridge: exim/src/OS/Makefile-Base,v 1.16.2.1 2009/02/24 13:13:46 tom Exp $ +# $Cambridge: exim/src/OS/Makefile-Base,v 1.16.2.2 2009/02/24 15:57:55 tom Exp $ # This file is the basis of the main makefile for Exim and friends. The # makefile at the top level arranges to build the main makefile by calling @@ -300,14 +300,14 @@ convert4r4: Makefile ../src/convert4r4.src OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o OBJ_WITH_OLD_DEMIME = demime.o -OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dk.o dcc.o +OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o # Targets for final binaries; the main one has a build number which is # updated each time. We don't bother with that for the auxiliaries. OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \ directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \ - filtertest.o globals.o \ + filtertest.o globals.o dkim.o \ header.o host.o ip.o log.o lss.o match.o moan.o \ os.o parse.o queue.o \ rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \ @@ -578,7 +578,7 @@ tod.o: $(HDRS) tod.c transport.o: $(HDRS) transport.c tree.o: $(HDRS) tree.c verify.o: $(HDRS) verify.c - +dkim.o: $(HDRS) dkim.c # Dependencies for WITH_CONTENT_SCAN modules @@ -599,7 +599,6 @@ demime.o: $(HDRS) demime.c bmi_spam.o: $(HDRS) bmi_spam.c spf.o: $(HDRS) spf.h spf.c srs.o: $(HDRS) srs.h srs.c -dk.o: $(HDRS) dk.h dk.c dcc.o: $(HDRS) dcc.h dcc.c # The module containing tables of available lookups, routers, auths, and diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux index bde5dd710..0d6aa623d 100644 --- a/src/OS/os.h-Linux +++ b/src/OS/os.h-Linux @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/OS/os.h-Linux,v 1.7 2007/10/04 13:28:06 tom Exp $ */ +/* $Cambridge: exim/src/OS/os.h-Linux,v 1.7.2.1 2009/02/24 15:57:55 tom Exp $ */ /* Exim: OS-specific C header file for Linux */ @@ -10,10 +10,10 @@ #define NO_IP_VAR_H #define SIG_IGN_WORKS -/* When using the experimental Domainkeys/DKIM extensions, setting -HAVE_LINUX_SENDFILE can increase performance on outgoing mail a bit. -Note: With older glibc versions this setting will conflict with the -_FILE_OFFSET_BITS=64 setting defined as part of the Linux CFLAGS. */ +/* When using the DKIM, setting HAVE_LINUX_SENDFILE can increase +performance on outgoing mail a bit. Note: With older glibc versions +this setting will conflict with the _FILE_OFFSET_BITS=64 setting +defined as part of the Linux CFLAGS. */ /* #define HAVE_LINUX_SENDFILE */ diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks index 046fc5aa0..c99e97ef6 100755 --- a/src/scripts/MakeLinks +++ b/src/scripts/MakeLinks @@ -1,5 +1,5 @@ #!/bin/sh -# $Cambridge: exim/src/scripts/MakeLinks,v 1.14.2.1 2009/02/24 13:13:47 tom Exp $ +# $Cambridge: exim/src/scripts/MakeLinks,v 1.14.2.2 2009/02/24 15:57:55 tom Exp $ # Script to build links for all the exim source files from the system- # specific build directory. It should be run from within that directory. @@ -279,6 +279,8 @@ ln -s ../src/transport.c transport.c ln -s ../src/tree.c tree.c ln -s ../src/verify.c verify.c ln -s ../src/version.c version.c +ln -s ../src/dkim.c dkim.c +ln -s ../src/dkim.h dkim.h # WITH_CONTENT_SCAN ln -s ../src/spam.c spam.c @@ -300,10 +302,6 @@ ln -s ../src/spf.c spf.c ln -s ../src/spf.h spf.h ln -s ../src/srs.c srs.c ln -s ../src/srs.h srs.h -ln -s ../src/dk.c dk.c -ln -s ../src/dk.h dk.h -ln -s ../src/dkim-exim.c dkim-exim.c -ln -s ../src/dkim-exim.h dkim-exim.h ln -s ../src/dcc.c dcc.c ln -s ../src/dcc.h dcc.h diff --git a/src/src/acl.c b/src/src/acl.c index fcafc6b58..5eeabe8b8 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/acl.c,v 1.82 2008/02/12 12:52:51 nm4 Exp $ */ +/* $Cambridge: exim/src/src/acl.c,v 1.82.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -64,14 +64,6 @@ enum { ACLC_ACL, ACLC_DELAY, #ifdef WITH_OLD_DEMIME ACLC_DEMIME, -#endif -#ifdef EXPERIMENTAL_DOMAINKEYS - ACLC_DK_DOMAIN_SOURCE, - ACLC_DK_POLICY, - ACLC_DK_SENDER_DOMAINS, - ACLC_DK_SENDER_LOCAL_PARTS, - ACLC_DK_SENDERS, - ACLC_DK_STATUS, #endif ACLC_DNSLISTS, ACLC_DOMAINS, @@ -130,14 +122,6 @@ static uschar *conditions[] = { US"delay", #ifdef WITH_OLD_DEMIME US"demime", -#endif -#ifdef EXPERIMENTAL_DOMAINKEYS - US"dk_domain_source", - US"dk_policy", - US"dk_sender_domains", - US"dk_sender_local_parts", - US"dk_senders", - US"dk_status", #endif US"dnslists", US"domains", @@ -179,10 +163,7 @@ enum { #ifdef EXPERIMENTAL_BRIGHTMAIL CONTROL_BMI_RUN, #endif - #ifdef EXPERIMENTAL_DOMAINKEYS - CONTROL_DK_VERIFY, - #endif - #ifdef EXPERIMENTAL_DKIM + #ifndef DISABLE_DKIM CONTROL_DKIM_VERIFY, #endif CONTROL_ERROR, @@ -215,10 +196,7 @@ static uschar *controls[] = { #ifdef EXPERIMENTAL_BRIGHTMAIL US"bmi_run", #endif - #ifdef EXPERIMENTAL_DOMAINKEYS - US"dk_verify", - #endif - #ifdef EXPERIMENTAL_DKIM + #ifndef DISABLE_DKIM US"dkim_verify", #endif US"error", @@ -264,14 +242,6 @@ static uschar cond_expand_at_top[] = { TRUE, /* delay */ #ifdef WITH_OLD_DEMIME TRUE, /* demime */ -#endif -#ifdef EXPERIMENTAL_DOMAINKEYS - TRUE, /* dk_domain_source */ - TRUE, /* dk_policy */ - TRUE, /* dk_sender_domains */ - TRUE, /* dk_sender_local_parts */ - TRUE, /* dk_senders */ - TRUE, /* dk_status */ #endif TRUE, /* dnslists */ FALSE, /* domains */ @@ -328,14 +298,6 @@ static uschar cond_modifiers[] = { TRUE, /* delay */ #ifdef WITH_OLD_DEMIME FALSE, /* demime */ -#endif -#ifdef EXPERIMENTAL_DOMAINKEYS - FALSE, /* dk_domain_source */ - FALSE, /* dk_policy */ - FALSE, /* dk_sender_domains */ - FALSE, /* dk_sender_local_parts */ - FALSE, /* dk_senders */ - FALSE, /* dk_status */ #endif FALSE, /* dnslists */ FALSE, /* domains */ @@ -426,56 +388,6 @@ static unsigned int cond_forbids[] = { ~((1<next) break; #endif - #ifdef EXPERIMENTAL_DOMAINKEYS - case CONTROL_DK_VERIFY: - dk_do_verify = 1; - break; - #endif - - #ifdef EXPERIMENTAL_DKIM + #ifndef DISABLE_DKIM case CONTROL_DKIM_VERIFY: dkim_do_verify = 1; break; @@ -2862,98 +2760,6 @@ for (; cb != NULL; cb = cb->next) break; #endif - #ifdef EXPERIMENTAL_DOMAINKEYS - case ACLC_DK_DOMAIN_SOURCE: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - /* check header source of domain against given string */ - switch (dk_verify_block->address_source) { - case DK_EXIM_ADDRESS_FROM_FROM: - rc = match_isinlist(US"from", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_ADDRESS_FROM_SENDER: - rc = match_isinlist(US"sender", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_ADDRESS_NONE: - rc = match_isinlist(US"none", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - } - break; - - case ACLC_DK_POLICY: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - /* check policy against given string, default FAIL */ - rc = FAIL; - if (dk_verify_block->signsall) - rc = match_isinlist(US"signsall", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - if (dk_verify_block->testing) - rc = match_isinlist(US"testing", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - - case ACLC_DK_SENDER_DOMAINS: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - if (dk_verify_block->domain != NULL) - rc = match_isinlist(dk_verify_block->domain, &arg, 0, &domainlist_anchor, - NULL, MCL_DOMAIN, TRUE, NULL); - else rc = FAIL; - break; - - case ACLC_DK_SENDER_LOCAL_PARTS: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - if (dk_verify_block->local_part != NULL) - rc = match_isinlist(dk_verify_block->local_part, &arg, 0, &localpartlist_anchor, - NULL, MCL_LOCALPART, TRUE, NULL); - else rc = FAIL; - break; - - case ACLC_DK_SENDERS: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - if (dk_verify_block->address != NULL) - rc = match_address_list(dk_verify_block->address, TRUE, TRUE, &arg, NULL, -1, 0, NULL); - else rc = FAIL; - break; - - case ACLC_DK_STATUS: - if (dk_verify_block == NULL) { rc = FAIL; break; }; - if (dk_verify_block->result > 0) { - switch(dk_verify_block->result) { - case DK_EXIM_RESULT_BAD_FORMAT: - rc = match_isinlist(US"bad format", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_NO_KEY: - rc = match_isinlist(US"no key", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_NO_SIGNATURE: - rc = match_isinlist(US"no signature", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_REVOKED: - rc = match_isinlist(US"revoked", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_NON_PARTICIPANT: - rc = match_isinlist(US"non-participant", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_GOOD: - rc = match_isinlist(US"good", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - case DK_EXIM_RESULT_BAD: - rc = match_isinlist(US"bad", &arg, 0, NULL, - NULL, MCL_STRING, TRUE, NULL); - break; - } - } - break; - #endif - case ACLC_DNSLISTS: rc = verify_check_dnsbl(&arg); break; diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 9df56e08c..6c2b96876 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/config.h.defaults,v 1.16 2008/01/17 13:03:35 tom Exp $ */ +/* $Cambridge: exim/src/src/config.h.defaults,v 1.16.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -150,8 +150,6 @@ it's a default value. */ /* EXPERIMENTAL features */ #define EXPERIMENTAL_SPF #define EXPERIMENTAL_SRS -#define EXPERIMENTAL_DOMAINKEYS -#define EXPERIMENTAL_DKIM #define EXPERIMENTAL_BRIGHTMAIL #define EXPERIMENTAL_DCC diff --git a/src/src/dk.c b/src/src/dk.c deleted file mode 100644 index 713684b2a..000000000 --- a/src/src/dk.c +++ /dev/null @@ -1,440 +0,0 @@ -/* $Cambridge: exim/src/src/dk.c,v 1.12 2007/01/08 10:50:18 ph10 Exp $ */ - -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) University of Cambridge 1995 - 2007 */ -/* See the file NOTICE for conditions of use and distribution. */ - -/* Code for DomainKeys support. Other DK relevant code is in - receive.c, transport.c and transports/smtp.c */ - -#include "exim.h" - -#ifdef EXPERIMENTAL_DOMAINKEYS - -/* Globals related to the DK reference library. */ -DK *dk_context = NULL; -DK_LIB *dk_lib = NULL; -DK_FLAGS dk_flags; -DK_STAT dk_internal_status; - -/* Globals related to Exim DK implementation. */ -dk_exim_verify_block *dk_verify_block = NULL; - -/* Global char buffer for getc/ungetc functions. We need - to accumulate some chars to be able to match EOD and - doubled SMTP dots. Those must not be fed to the validation - engine. */ -int dkbuff[6] = {256,256,256,256,256,256}; - -/* receive_getc() wrapper that feeds DK while Exim reads - the message. */ -int dk_receive_getc(void) { - int i; - int c = receive_getc(); - - if (dk_context != NULL) { - /* Send oldest byte */ - if ((dkbuff[0] < 256) && (dk_internal_status == DK_STAT_OK)) { - dk_internal_status = dk_message(dk_context, CUS &dkbuff[0], 1); - if (dk_internal_status != DK_STAT_OK) - DEBUG(D_receive) debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - } - /* rotate buffer */ - for (i=0;i<5;i++) dkbuff[i]=dkbuff[i+1]; - dkbuff[5]=c; - /* look for our candidate patterns */ - if ( (dkbuff[1] == '\r') && - (dkbuff[2] == '\n') && - (dkbuff[3] == '.') && - (dkbuff[4] == '\r') && - (dkbuff[5] == '\n') ) { - /* End of DATA */ - dkbuff[3] = 256; - dkbuff[4] = 256; - dkbuff[5] = 256; - } - if ( (dkbuff[2] == '\r') && - (dkbuff[3] == '\n') && - (dkbuff[4] == '.') && - (dkbuff[5] == '.') ) { - /* doubled dot, skip this char */ - dkbuff[5] = 256; - } - } -return c; -} - -/* When exim puts a char back in the fd, we - must rotate our buffer back. */ -int dk_receive_ungetc(int c) { - int i; - if (dk_context != NULL) { - /* rotate buffer back */ - for (i=5;i>0;i--) dkbuff[i]=dkbuff[i-1]; - dkbuff[0]=256; - } - return receive_ungetc(c); -} - - -void dk_exim_verify_init(void) { - int old_pool = store_pool; - store_pool = POOL_PERM; - - /* Reset DK state in any case. */ - dk_context = NULL; - dk_lib = NULL; - dk_verify_block = NULL; - - /* Set up DK context if DK was requested and input is SMTP. */ - if (smtp_input && !smtp_batched_input && dk_do_verify) { - /* initialize library */ - dk_lib = dk_init(&dk_internal_status); - if (dk_internal_status != DK_STAT_OK) - debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - else { - /* initialize verification context */ - dk_context = dk_verify(dk_lib, &dk_internal_status); - if (dk_internal_status != DK_STAT_OK) { - debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - dk_context = NULL; - } - else { - /* Reserve some space for the verify block. */ - dk_verify_block = store_get(sizeof(dk_exim_verify_block)); - if (dk_verify_block == NULL) { - debug_printf("DK: Can't allocate %d bytes.\n",sizeof(dk_exim_verify_block)); - dk_context = NULL; - } - else { - memset(dk_verify_block, 0, sizeof(dk_exim_verify_block)); - } - } - } - } - store_pool = old_pool; -} - - -void dk_exim_verify_finish(void) { - char *p,*q; - int i; - int old_pool = store_pool; - - /* Bail out if context could not be set up earlier. */ - if (dk_context == NULL) - return; - - store_pool = POOL_PERM; - - /* Send remaining bytes from input which are still in the buffer. */ - for (i=0;i<6;i++) - if (dkbuff[i] < 256) - dk_internal_status = dk_message(dk_context, CUS &dkbuff[i], 1); - - /* Flag end-of-message. */ - dk_internal_status = dk_end(dk_context, &dk_flags); - - /* dk_flags now has the selector flags (if there was one). - It seems that currently only the "t=" flag is supported - in selectors. */ - if (dk_flags & DK_FLAG_SET) - if (dk_flags & DK_FLAG_TESTING) - dk_verify_block->testing = TRUE; - - /* Grab address/domain information. */ - p = dk_address(dk_context); - if (p != NULL) { - switch(p[0]) { - case 'N': - dk_verify_block->address_source = DK_EXIM_ADDRESS_NONE; - break; - case 'S': - dk_verify_block->address_source = DK_EXIM_ADDRESS_FROM_SENDER; - break; - case 'F': - dk_verify_block->address_source = DK_EXIM_ADDRESS_FROM_FROM; - break; - } - p++; - if (*p != '\0') { - dk_verify_block->address = string_copy((uschar *)p); - q = strrchr(p,'@'); - if ((q != NULL) && (*(q+1) != '\0')) { - dk_verify_block->domain = string_copy((uschar *)(q+1)); - *q = '\0'; - dk_verify_block->local_part = string_copy((uschar *)p); - *q = '@'; - } - } - } - - /* Now grab the domain-wide DK policy */ - dk_flags = dk_policy(dk_context); - - if (dk_flags & DK_FLAG_SET) { - /* Selector "t=" flag has precedence, don't overwrite it if - the selector has set it above. */ - if ((dk_flags & DK_FLAG_TESTING) && !dk_verify_block->testing) - dk_verify_block->testing = TRUE; - if (dk_flags & DK_FLAG_SIGNSALL) - dk_verify_block->signsall = TRUE; - } - - /* Set up main result. */ - switch(dk_internal_status) - { - case DK_STAT_NOSIG: - dk_verify_block->is_signed = FALSE; - dk_verify_block->result = DK_EXIM_RESULT_NO_SIGNATURE; - break; - case DK_STAT_OK: - dk_verify_block->is_signed = TRUE; - dk_verify_block->result = DK_EXIM_RESULT_GOOD; - break; - case DK_STAT_BADSIG: - dk_verify_block->is_signed = TRUE; - dk_verify_block->result = DK_EXIM_RESULT_BAD; - break; - case DK_STAT_REVOKED: - dk_verify_block->is_signed = TRUE; - dk_verify_block->result = DK_EXIM_RESULT_REVOKED; - break; - case DK_STAT_BADKEY: - case DK_STAT_SYNTAX: - dk_verify_block->is_signed = TRUE; - /* Syntax -> Bad format? */ - dk_verify_block->result = DK_EXIM_RESULT_BAD_FORMAT; - break; - case DK_STAT_NOKEY: - dk_verify_block->is_signed = TRUE; - dk_verify_block->result = DK_EXIM_RESULT_NO_KEY; - break; - case DK_STAT_NORESOURCE: - case DK_STAT_INTERNAL: - case DK_STAT_ARGS: - case DK_STAT_CANTVRFY: - dk_verify_block->result = DK_EXIM_RESULT_ERR; - break; - /* This is missing DK_EXIM_RESULT_NON_PARTICIPANT. The lib does not - report such a status. */ - } - - /* Set up human readable result string. */ - dk_verify_block->result_string = string_copy((uschar *)DK_STAT_to_string(dk_internal_status)); - - /* All done, reset dk_context. */ - dk_free(dk_context,1); - dk_context = NULL; - - store_pool = old_pool; -} - -uschar *dk_exim_sign(int dk_fd, - uschar *dk_private_key, - uschar *dk_domain, - uschar *dk_selector, - uschar *dk_canon) { - uschar *rc = NULL; - uschar *headers = NULL; - int headers_len; - int dk_canon_int = DK_CANON_SIMPLE; - char buf[4096]; - int seen_lf = 0; - int seen_lfdot = 0; - uschar sig[1024]; - int save_errno = 0; - int sread; - int old_pool = store_pool; - store_pool = POOL_PERM; - - dk_lib = dk_init(&dk_internal_status); - if (dk_internal_status != DK_STAT_OK) { - debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - rc = NULL; - goto CLEANUP; - } - - /* Figure out what canonicalization to use. Unfortunately - we must do this BEFORE knowing which domain we sign for. */ - if ((dk_canon != NULL) && (Ustrcmp(dk_canon, "nofws") == 0)) dk_canon_int = DK_CANON_NOFWS; - else dk_canon = US "simple"; - - /* Initialize signing context. */ - dk_context = dk_sign(dk_lib, &dk_internal_status, dk_canon_int); - if (dk_internal_status != DK_STAT_OK) { - debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - dk_context = NULL; - goto CLEANUP; - } - - while((sread = read(dk_fd,&buf,4096)) > 0) { - int pos = 0; - char c; - - while (pos < sread) { - c = buf[pos++]; - - if ((c == '.') && seen_lfdot) { - /* escaped dot, write "\n.", continue */ - dk_message(dk_context, CUS "\n.", 2); - seen_lf = 0; - seen_lfdot = 0; - continue; - } - - if (seen_lfdot) { - /* EOM, write "\n" and break */ - dk_message(dk_context, CUS "\n", 1); - break; - } - - if ((c == '.') && seen_lf) { - seen_lfdot = 1; - continue; - } - - if (seen_lf) { - /* normal lf, just send it */ - dk_message(dk_context, CUS "\n", 1); - seen_lf = 0; - } - - if (c == '\n') { - seen_lf = 1; - continue; - } - - /* write the char */ - dk_message(dk_context, CUS &c, 1); - } - } - - /* Handle failed read above. */ - if (sread == -1) { - debug_printf("DK: Error reading -K file.\n"); - save_errno = errno; - rc = NULL; - goto CLEANUP; - } - - /* Flag end-of-message. */ - dk_internal_status = dk_end(dk_context, NULL); - /* TODO: check status */ - - - /* Get domain to use, unless overridden. */ - if (dk_domain == NULL) { - dk_domain = US dk_address(dk_context); - switch(dk_domain[0]) { - case 'N': dk_domain = NULL; break; - case 'F': - case 'S': - dk_domain++; - dk_domain = Ustrrchr(dk_domain,'@'); - if (dk_domain != NULL) { - uschar *p; - dk_domain++; - p = dk_domain; - while (*p != 0) { *p = tolower(*p); p++; } - } - break; - } - if (dk_domain == NULL) { - debug_printf("DK: Could not determine domain to use for signing from message headers.\n"); - /* In this case, we return "OK" by sending up an empty string as the - DomainKey-Signature header. If there is no domain to sign for, we - can send the message anyway since the recipient has no policy to - apply ... */ - rc = US""; - goto CLEANUP; - } - } - else { - dk_domain = expand_string(dk_domain); - if (dk_domain == NULL) { - /* expansion error, do not send message. */ - debug_printf("DK: Error while expanding dk_domain option.\n"); - rc = NULL; - goto CLEANUP; - } - } - - /* Set up $dk_domain expansion variable. */ - dk_signing_domain = dk_domain; - - /* Get selector to use. */ - dk_selector = expand_string(dk_selector); - if (dk_selector == NULL) { - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dk_selector: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - - /* Set up $dk_selector expansion variable. */ - dk_signing_selector = dk_selector; - - /* Get private key to use. */ - dk_private_key = expand_string(dk_private_key); - if (dk_private_key == NULL) { - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dk_private_key: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - - if ( (Ustrlen(dk_private_key) == 0) || - (Ustrcmp(dk_private_key,"0") == 0) || - (Ustrcmp(dk_private_key,"false") == 0) ) { - /* don't sign, but no error */ - rc = US""; - goto CLEANUP; - } - - if (dk_private_key[0] == '/') { - int privkey_fd = 0; - /* Looks like a filename, load the private key. */ - memset(big_buffer,0,big_buffer_size); - privkey_fd = open(CS dk_private_key,O_RDONLY); - (void)read(privkey_fd,big_buffer,16383); - (void)close(privkey_fd); - dk_private_key = big_buffer; - } - - /* Get the signature. */ - dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 1024); - - /* Check for unuseable key */ - if (dk_internal_status != DK_STAT_OK) { - debug_printf("DK: %s\n", DK_STAT_to_string(dk_internal_status)); - rc = NULL; - goto CLEANUP; - } - - headers_len = dk_headers(dk_context, NULL); - rc = store_get(1024+256+headers_len); - headers = store_malloc(headers_len); - dk_headers(dk_context, CS headers); - /* Build DomainKey-Signature header to return. */ - (void)string_format(rc, 1024+256+headers_len, "DomainKey-Signature: a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;\r\n" - "\th=%s;\r\n" - "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, headers, sig); - - log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; s=%s; d=%s; h=%s;", dk_canon, dk_selector, dk_domain, headers); - store_free(headers); - - CLEANUP: - if (dk_context != NULL) { - dk_free(dk_context,1); - dk_context = NULL; - } - store_pool = old_pool; - errno = save_errno; - return rc; -} - -#endif diff --git a/src/src/dk.h b/src/src/dk.h deleted file mode 100644 index 85e1dd7cd..000000000 --- a/src/src/dk.h +++ /dev/null @@ -1,51 +0,0 @@ -/* $Cambridge: exim/src/src/dk.h,v 1.3 2007/01/08 10:50:18 ph10 Exp $ */ - -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) University of Cambridge 1995 - 2007 */ -/* See the file NOTICE for conditions of use and distribution. */ - -/* Code for DomainKeys support. Other DK relevant code is in - receive.c, transport.c and transports/smtp.c */ - -#ifdef EXPERIMENTAL_DOMAINKEYS - -#include - -#define DK_EXIM_ADDRESS_NONE 0 -#define DK_EXIM_ADDRESS_FROM_FROM 1 -#define DK_EXIM_ADDRESS_FROM_SENDER 2 - -#define DK_EXIM_RESULT_ERR 0 -#define DK_EXIM_RESULT_BAD_FORMAT 1 -#define DK_EXIM_RESULT_NO_KEY 2 -#define DK_EXIM_RESULT_NO_SIGNATURE 3 -#define DK_EXIM_RESULT_REVOKED 4 -#define DK_EXIM_RESULT_NON_PARTICIPANT 5 -#define DK_EXIM_RESULT_GOOD 6 -#define DK_EXIM_RESULT_BAD 7 - -typedef struct dk_exim_verify_block { - int result; - int address_source; - uschar *result_string; - uschar *address; - uschar *domain; - uschar *local_part; - BOOL is_signed; - BOOL signsall; - BOOL testing; -} dk_exim_verify_block; - -int dk_receive_getc(void); -int dk_receive_ungetc(int); -void dk_exim_verify_init(void); -void dk_exim_verify_finish(void); -int dk_exim_verify_result(uschar **); -uschar *dk_exim_sign(int, uschar *, uschar *, uschar *, uschar *); - -extern dk_exim_verify_block *dk_verify_block; - -#endif diff --git a/src/src/dkim-exim.c b/src/src/dkim-exim.c deleted file mode 100755 index 35c6fcfd9..000000000 --- a/src/src/dkim-exim.c +++ /dev/null @@ -1,510 +0,0 @@ -/* $Cambridge: exim/src/src/dkim-exim.c,v 1.4 2008/09/30 10:03:55 tom Exp $ */ - -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) University of Cambridge 1995 - 2007 */ -/* See the file NOTICE for conditions of use and distribution. */ - -/* Code for DKIM support. Other DKIM relevant code is in - receive.c, transport.c and transports/smtp.c */ - -#include "exim.h" - -#ifdef EXPERIMENTAL_DKIM - -/* Globals related to the DKIM reference library. */ -DKIMContext *dkim_context = NULL; -DKIMSignOptions *dkim_sign_options = NULL; -DKIMVerifyOptions *dkim_verify_options = NULL; -int dkim_verify_result = DKIM_NEUTRAL; -int dkim_internal_status = DKIM_SUCCESS; - -/* Global char buffer for getc/ungetc functions. We need - to accumulate some chars to be able to match EOD and - doubled SMTP dots. Those must not be fed to the validation - engine. */ -int dkimbuff[6] = {256,256,256,256,256,256}; - -/* receive_getc() wrapper that feeds DKIM while Exim reads - the message. */ -int dkim_receive_getc(void) { - int i; - -#ifdef EXPERIMENTAL_DOMAINKEYS - int c = dk_receive_getc(); -#else - int c = receive_getc(); -#endif - - if ((dkim_context != NULL) && - (dkim_internal_status == DKIM_SUCCESS)) { - /* Send oldest byte */ - if (dkimbuff[0] < 256) { - DKIMVerifyProcess(dkim_context,(char *)&dkimbuff[0],1); - /* debug_printf("%c",(int)dkimbuff[0]); */ - } - /* rotate buffer */ - for (i=0;i<5;i++) dkimbuff[i]=dkimbuff[i+1]; - dkimbuff[5]=c; - /* look for our candidate patterns */ - if ( (dkimbuff[1] == '\r') && - (dkimbuff[2] == '\n') && - (dkimbuff[3] == '.') && - (dkimbuff[4] == '\r') && - (dkimbuff[5] == '\n') ) { - /* End of DATA */ - dkimbuff[1] = 256; - dkimbuff[2] = 256; - dkimbuff[3] = 256; - dkimbuff[4] = 256; - dkimbuff[5] = 256; - } - if ( (dkimbuff[2] == '\r') && - (dkimbuff[3] == '\n') && - (dkimbuff[4] == '.') && - (dkimbuff[5] == '.') ) { - /* doubled dot, skip this char */ - dkimbuff[5] = 256; - } - } - - return c; -} - -/* When exim puts a char back in the fd, we - must rotate our buffer back. */ -int dkim_receive_ungetc(int c) { - - if ((dkim_context != NULL) && - (dkim_internal_status == DKIM_SUCCESS)) { - int i; - /* rotate buffer back */ - for (i=5;i>0;i--) dkimbuff[i]=dkimbuff[i-1]; - dkimbuff[0]=256; - } - -#ifdef EXPERIMENTAL_DOMAINKEYS - return dk_receive_ungetc(c); -#else - return receive_ungetc(c); -#endif -} - - -void dkim_exim_verify_init(void) { - int old_pool = store_pool; - - /* Bail out unless we got perfect conditions */ - if (!(smtp_input && - !smtp_batched_input && - dkim_do_verify)) { - return; - } - - store_pool = POOL_PERM; - - dkim_context = NULL; - dkim_verify_options = NULL; - - dkim_context = store_get(sizeof(DKIMContext)); - dkim_verify_options = store_get(sizeof(DKIMVerifyOptions)); - - if (!dkim_context || - !dkim_verify_options) { - debug_printf("DKIM: Can't allocate memory for verifying.\n"); - dkim_context = NULL; - } - - memset(dkim_context,0,sizeof(DKIMContext)); - memset(dkim_verify_options,0,sizeof(DKIMVerifyOptions)); - - dkim_verify_options->nHonorBodyLengthTag = 1; /* Honor the l= tag */ - dkim_verify_options->nCheckPolicy = 1; /* Fetch sender's policy */ - dkim_verify_options->nSubjectRequired = 1; /* Do not require Subject header inclusion */ - - dkim_verify_options->pfnSelectorCallback = NULL; - dkim_verify_options->pfnPolicyCallback = NULL; - - dkim_status_wrap( DKIMVerifyInit(dkim_context, dkim_verify_options), - "error calling DKIMVerifyInit()" ); - - if (dkim_internal_status != DKIM_SUCCESS) { - /* Invalidate context */ - dkim_context = NULL; - } - - store_pool = old_pool; -} - - -void dkim_exim_verify_finish(void) { - int i; - int old_pool = store_pool; - - if (!dkim_do_verify || - (!(smtp_input && !smtp_batched_input)) || - (dkim_context == NULL) || - (dkim_internal_status != DKIM_SUCCESS)) return; - - store_pool = POOL_PERM; - - /* Flush eventual remaining input chars */ - for (i=0;i<6;i++) - if (dkimbuff[i] < 256) - DKIMVerifyProcess(dkim_context,(char *)&dkimbuff[i],1); - - /* Fetch global result. Can be one of: - DKIM_SUCCESS - DKIM_PARTIAL_SUCCESS - DKIM_NEUTRAL - DKIM_FAIL - */ - dkim_verify_result = DKIMVerifyResults(dkim_context); - - store_pool = old_pool; -} - - -/* Lookup result for a given domain (or identity) */ -int dkim_exim_verify_result(uschar *domain, uschar **result, uschar **error) { - int sig_count = 0; - int i,rc; - char policy[512]; - DKIMVerifyDetails *dkim_verify_details = NULL; - - if (!dkim_do_verify || - (!(smtp_input && !smtp_batched_input)) || - (dkim_context == NULL) || - (dkim_internal_status != DKIM_SUCCESS)) { - rc = DKIM_EXIM_UNVERIFIED; - goto YIELD; - } - - DKIMVerifyGetDetails(dkim_context, - &sig_count, - &dkim_verify_details, - policy); - - - rc = DKIM_EXIM_UNSIGNED; - - debug_printf("DKIM: We have %d signature(s)\n",sig_count); - for (i=0;i= 0) { - debug_printf( "GOOD d=%s i=%s\n", - dkim_verify_details[i].Domain, - dkim_verify_details[i].IdentityDomain ); - } - else { - debug_printf( "FAIL d=%s i=%s c=%d\n", - dkim_verify_details[i].Domain, - dkim_verify_details[i].IdentityDomain, - dkim_verify_details[i].nResult - ); - - } - - if ( (strcmpic(domain,dkim_verify_details[i].Domain) == 0) || - (strcmpic(domain,dkim_verify_details[i].IdentityDomain) == 0) ) { - if (dkim_verify_details[i].nResult >= 0) { - rc = DKIM_EXIM_GOOD; - /* TODO: Add From: domain check */ - } - else { - /* Return DEFER for temp. error types */ - if (dkim_verify_details[i].nResult == DKIM_SELECTOR_DNS_TEMP_FAILURE) { - rc = DKIM_EXIM_DEFER; - } - else { - rc = DKIM_EXIM_FAIL; - } - } - } - } - - YIELD: - switch (rc) { - case DKIM_EXIM_FAIL: - *result = "bad"; - break; - case DKIM_EXIM_DEFER: - *result = "defer"; - break; - case DKIM_EXIM_UNVERIFIED: - *result = "unverified"; - break; - case DKIM_EXIM_UNSIGNED: - *result = "unsigned"; - break; - case DKIM_EXIM_GOOD: - *result = "good"; - break; - } - - return rc; -} - - - -uschar *dkim_exim_sign_headers = NULL; -int dkim_exim_header_callback(const char* header) { - int sep = 0; - uschar *hdr_ptr = dkim_exim_sign_headers; - uschar *hdr_itr = NULL; - uschar hdr_buf[512]; - uschar *hdr_name = string_copy(US header); - char *colon_pos = strchr(hdr_name,':'); - - if (colon_pos == NULL) return 0; - *colon_pos = '\0'; - - debug_printf("DKIM: header '%s' ",hdr_name); - while ((hdr_itr = string_nextinlist(&hdr_ptr, &sep, - hdr_buf, - sizeof(hdr_buf))) != NULL) { - if (strcmpic((uschar *)hdr_name,hdr_itr) == 0) { - debug_printf("included in signature.\n"); - return 1; - } - } - debug_printf("NOT included in signature.\n"); - return 0; -} - -uschar *dkim_exim_sign(int dkim_fd, - uschar *dkim_private_key, - uschar *dkim_domain, - uschar *dkim_selector, - uschar *dkim_canon, - uschar *dkim_sign_headers) { - - uschar *rc = NULL; - char buf[4096]; - int seen_lf = 0; - int seen_lfdot = 0; - int save_errno = 0; - int sread; - char *signature; - int old_pool = store_pool; - store_pool = POOL_PERM; - - dkim_context = NULL; - dkim_sign_options = NULL; - - dkim_context = store_get(sizeof(DKIMContext)); - dkim_sign_options = store_get(sizeof(DKIMSignOptions)); - - memset(dkim_sign_options,0,sizeof(DKIMSignOptions)); - memset(dkim_context,0,sizeof(DKIMContext)); - - dkim_sign_options->nIncludeBodyLengthTag = 0; - dkim_sign_options->nIncludeCopiedHeaders = 0; - dkim_sign_options->nHash = DKIM_HASH_SHA256; - dkim_sign_options->nIncludeTimeStamp = 0; - dkim_sign_options->nIncludeQueryMethod = 0; - dkim_sign_options->pfnHeaderCallback = dkim_exim_header_callback; - dkim_sign_options->nIncludeBodyHash = DKIM_BODYHASH_IETF_1; - - - dkim_domain = expand_string(dkim_domain); - if (dkim_domain == NULL) { - /* expansion error, do not send message. */ - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dkim_domain: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - /* Set up $dkim_domain expansion variable. */ - dkim_signing_domain = dkim_domain; - Ustrncpy((uschar *)dkim_sign_options->szDomain,dkim_domain,255); - - - /* Get selector to use. */ - dkim_selector = expand_string(dkim_selector); - if (dkim_selector == NULL) { - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dkim_selector: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - /* Set up $dkim_selector expansion variable. */ - dkim_signing_selector = dkim_selector; - Ustrncpy((uschar *)dkim_sign_options->szSelector,dkim_selector,79); - - /* Expand provided options */ - dkim_canon = expand_string(dkim_canon?dkim_canon:US"relaxed"); - if (dkim_canon == NULL) { - /* expansion error, do not send message. */ - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dkim_canon: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - if (Ustrcmp(dkim_canon, "relaxed") == 0) - dkim_sign_options->nCanon = DKIM_SIGN_RELAXED; - else if (Ustrcmp(dkim_canon, "simple") == 0) - dkim_sign_options->nCanon = DKIM_SIGN_SIMPLE; - else { - log_write(0, LOG_MAIN, "DKIM: unknown canonicalization method '%s', defaulting to 'relaxed'.\n",dkim_canon); - dkim_sign_options->nCanon = DKIM_SIGN_RELAXED; - } - - /* Expand signing headers once */ - if (dkim_sign_headers != NULL) { - dkim_sign_headers = expand_string(dkim_sign_headers); - if (dkim_sign_headers == NULL) { - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dkim_sign_headers: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - } - - if (dkim_sign_headers == NULL) { - /* Use RFC defaults */ - dkim_sign_headers = US"from:sender:reply-to:subject:date:" - "message-id:to:cc:mime-version:content-type:" - "content-transfer-encoding:content-id:" - "content-description:resent-date:resent-from:" - "resent-sender:resent-to:resent-cc:resent-message-id:" - "in-reply-to:references:" - "list-id:list-help:list-unsubscribe:" - "list-subscribe:list-post:list-owner:list-archive"; - } - dkim_exim_sign_headers = dkim_sign_headers; - - /* Get private key to use. */ - dkim_private_key = expand_string(dkim_private_key); - if (dkim_private_key == NULL) { - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "dkim_private_key: %s", expand_string_message); - rc = NULL; - goto CLEANUP; - } - - if ( (Ustrlen(dkim_private_key) == 0) || - (Ustrcmp(dkim_private_key,"0") == 0) || - (Ustrcmp(dkim_private_key,"false") == 0) ) { - /* don't sign, but no error */ - rc = US""; - goto CLEANUP; - } - - if (dkim_private_key[0] == '/') { - int privkey_fd = 0; - /* Looks like a filename, load the private key. */ - memset(big_buffer,0,big_buffer_size); - privkey_fd = open(CS dkim_private_key,O_RDONLY); - (void)read(privkey_fd,big_buffer,16383); - (void)close(privkey_fd); - dkim_private_key = big_buffer; - } - - /* Initialize signing context. */ - dkim_status_wrap( DKIMSignInit(dkim_context, dkim_sign_options), - "error calling DKIMSignInit()" ); - - if (dkim_internal_status != DKIM_SUCCESS) { - /* Invalidate context */ - dkim_context = NULL; - goto CLEANUP; - } - - while((sread = read(dkim_fd,&buf,4096)) > 0) { - int pos = 0; - char c; - - while (pos < sread) { - c = buf[pos++]; - - if ((c == '.') && seen_lfdot) { - /* escaped dot, write "\n.", continue */ - dkim_internal_status = DKIMSignProcess(dkim_context,"\n.",2); - seen_lf = 0; - seen_lfdot = 0; - continue; - } - - if (seen_lfdot) { - /* EOM, write "\n" and break */ - dkim_internal_status = DKIMSignProcess(dkim_context,"\n",1); - break; - } - - if ((c == '.') && seen_lf) { - seen_lfdot = 1; - continue; - } - - if (seen_lf) { - /* normal lf, just send it */ - dkim_internal_status = DKIMSignProcess(dkim_context,"\n",1); - seen_lf = 0; - } - - if (c == '\n') { - seen_lf = 1; - continue; - } - - /* write the char */ - dkim_internal_status = DKIMSignProcess(dkim_context,&c,1); - } - } - - /* Handle failed read above. */ - if (sread == -1) { - debug_printf("DKIM: Error reading -K file.\n"); - save_errno = errno; - rc = NULL; - goto CLEANUP; - } - - if (!dkim_status_wrap(dkim_internal_status, - "error while processing message data")) { - rc = NULL; - goto CLEANUP; - } - - if (!dkim_status_wrap( DKIMSignGetSig2( dkim_context, dkim_private_key, &signature ), - "error while signing message" ) ) { - rc = NULL; - goto CLEANUP; - } - - log_write(0, LOG_MAIN, "Message signed with DKIM: %s\n",signature); - - rc = store_get(strlen(signature)+3); - Ustrcpy(rc,US signature); - Ustrcat(rc,US"\r\n"); - - CLEANUP: - if (dkim_context != NULL) { - dkim_context = NULL; - } - store_pool = old_pool; - errno = save_errno; - return rc; -} - -unsigned int dkim_status_wrap(int stat, uschar *text) { - char *p = DKIMGetErrorString(stat); - - if (stat != DKIM_SUCCESS) { - debug_printf("DKIM: %s",text?text:US""); - if (p) debug_printf(" (%s)",p); - debug_printf("\n"); - } - dkim_internal_status = stat; - return (dkim_internal_status==DKIM_SUCCESS)?1:0; -} - -#endif diff --git a/src/src/dkim-exim.h b/src/src/dkim-exim.h deleted file mode 100755 index b974d9522..000000000 --- a/src/src/dkim-exim.h +++ /dev/null @@ -1,35 +0,0 @@ -/* $Cambridge: exim/src/src/dkim-exim.h,v 1.1 2007/09/28 12:21:57 tom Exp $ */ - -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* Copyright (c) University of Cambridge 1995 - 2007 */ -/* See the file NOTICE for conditions of use and distribution. */ - -/* Code for DKIM support. Other DKIM relevant code is in - receive.c, transport.c and transports/smtp.c */ - -/* Exim interface to DKIM results */ - -#define DKIM_EXIM_FAIL -2 /* Message has a bad signature from that domain or identity. */ -#define DKIM_EXIM_DEFER -1 /* Message has an unverified signature from that domain */ -#define DKIM_EXIM_UNVERIFIED 0 /* Message was not validated with the DK engine */ -#define DKIM_EXIM_UNSIGNED 1 /* Message has no signature from that domain or identity */ -#define DKIM_EXIM_GOOD 2 /* Message has good signature from that domain or identity */ - - -#ifdef EXPERIMENTAL_DKIM -#include - -int dkim_exim_verify_result(uschar *,uschar **,uschar **); - -/* Internal prototypes */ -int dkim_receive_getc(void); -int dkim_receive_ungetc(int); -void dkim_exim_verify_init(void); -void dkim_exim_verify_finish(void); -uschar *dkim_exim_sign(int, uschar *, uschar *, uschar *, uschar *, uschar *); -unsigned int dkim_status_wrap(int, uschar *); - -#endif diff --git a/src/src/dkim.c b/src/src/dkim.c new file mode 100644 index 000000000..a898b75d7 --- /dev/null +++ b/src/src/dkim.c @@ -0,0 +1,159 @@ +/* $Cambridge: exim/src/src/dkim.c,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */ + +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2009 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* Code for DKIM support. Other DKIM relevant code is in + receive.c, transport.c and transports/smtp.c */ + +#include "exim.h" + +#ifndef DISABLE_DKIM + +#include "pdkim/pdkim.h" + +uschar *dkim_exim_sign(int dkim_fd, + uschar *dkim_private_key, + uschar *dkim_domain, + uschar *dkim_selector, + uschar *dkim_canon, + uschar *dkim_sign_headers) { + pdkim_ctx *ctx = NULL; + uschar *rc = NULL; + char *signature; + int pdkim_canon; + int sread; + char buf[4096]; + int save_errno = 0; + + dkim_domain = expand_string(dkim_domain); + if (dkim_domain == NULL) { + /* expansion error, do not send message. */ + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "dkim_domain: %s", expand_string_message); + rc = NULL; + goto CLEANUP; + } + /* Set up $dkim_domain expansion variable. */ + dkim_signing_domain = dkim_domain; + + /* Get selector to use. */ + dkim_selector = expand_string(dkim_selector); + if (dkim_selector == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "dkim_selector: %s", expand_string_message); + rc = NULL; + goto CLEANUP; + } + /* Set up $dkim_selector expansion variable. */ + dkim_signing_selector = dkim_selector; + + /* Get canonicalization to use */ + dkim_canon = expand_string(dkim_canon?dkim_canon:US"relaxed"); + if (dkim_canon == NULL) { + /* expansion error, do not send message. */ + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "dkim_canon: %s", expand_string_message); + rc = NULL; + goto CLEANUP; + } + if (Ustrcmp(dkim_canon, "relaxed") == 0) + pdkim_canon = PDKIM_CANON_RELAXED; + else if (Ustrcmp(dkim_canon, "simple") == 0) + pdkim_canon = PDKIM_CANON_RELAXED; + else { + log_write(0, LOG_MAIN, "DKIM: unknown canonicalization method '%s', defaulting to 'relaxed'.\n",dkim_canon); + pdkim_canon = PDKIM_CANON_RELAXED; + } + + /* Expand signing headers once */ + if (dkim_sign_headers != NULL) { + dkim_sign_headers = expand_string(dkim_sign_headers); + if (dkim_sign_headers == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "dkim_sign_headers: %s", expand_string_message); + rc = NULL; + goto CLEANUP; + } + } + dkim_exim_sign_headers = dkim_sign_headers; + + /* Get private key to use. */ + dkim_private_key = expand_string(dkim_private_key); + if (dkim_private_key == NULL) { + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "dkim_private_key: %s", expand_string_message); + rc = NULL; + goto CLEANUP; + } + if ( (Ustrlen(dkim_private_key) == 0) || + (Ustrcmp(dkim_private_key,"0") == 0) || + (Ustrcmp(dkim_private_key,"false") == 0) ) { + /* don't sign, but no error */ + rc = US""; + goto CLEANUP; + } + + if (dkim_private_key[0] == '/') { + int privkey_fd = 0; + /* Looks like a filename, load the private key. */ + memset(big_buffer,0,big_buffer_size); + privkey_fd = open(CS dkim_private_key,O_RDONLY); + (void)read(privkey_fd,big_buffer,16383); + (void)close(privkey_fd); + dkim_private_key = big_buffer; + } + + ctx = pdkim_init_sign((char *)dkim_signing_domain, + (char *)dkim_signing_selector, + dkim_private_key + ); + + pdkim_set_debug_stream(ctx,debug_file); + + pdkim_set_optional(ctx, + PDKIM_INPUT_SMTP, + (char *)dkim_exim_sign_headers, + NULL, + pdkim_canon, + pdkim_canon, + 0, + PDKIM_ALGO_RSA_SHA1, + 0, + 0); + + while((sread = read(dkim_fd,&buf,4096)) > 0) { + if (pdkim_feed(ctx,buf,sread) != PDKIM_OK) { + rc = NULL; + goto CLEANUP; + } + } + /* Handle failed read above. */ + if (sread == -1) { + debug_printf("DKIM: Error reading -K file.\n"); + save_errno = errno; + rc = NULL; + goto CLEANUP; + } + + if (pdkim_feed_finish(ctx,&signature) != PDKIM_OK) + goto CLEANUP; + + rc = store_get(strlen(signature)+3); + Ustrcpy(rc,US signature); + Ustrcat(rc,US"\r\n"); + + CLEANUP: + if (ctx != NULL) { + pdkim_free_ctx(ctx); + } + store_pool = old_pool; + errno = save_errno; + return rc; +}; + +#endif diff --git a/src/src/dkim.h b/src/src/dkim.h new file mode 100644 index 000000000..d5dc5b551 --- /dev/null +++ b/src/src/dkim.h @@ -0,0 +1,16 @@ +/* $Cambridge: exim/src/src/dkim.h,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */ + +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2009 */ +/* See the file NOTICE for conditions of use and distribution. */ + +uschar *dkim_exim_sign(int , + uschar *, + uschar *, + uschar *, + uschar *, + uschar *); + diff --git a/src/src/drtables.c b/src/src/drtables.c index b95d4fc95..34431a47f 100644 --- a/src/src/drtables.c +++ b/src/src/drtables.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/drtables.c,v 1.9 2007/09/28 12:21:57 tom Exp $ */ +/* $Cambridge: exim/src/src/drtables.c,v 1.9.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -105,7 +105,7 @@ be NULL for methods that don't need them. */ #include "lookups/whoson.h" #endif -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM #include "lookups/dkim.h" #endif @@ -181,7 +181,7 @@ of the key strings. */ { US"dkim", /* lookup name */ lookup_querystyle, /* query style */ -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM dkim_open, /* open function */ NULL, /* check function */ dkim_find, /* find function */ diff --git a/src/src/exim.c b/src/src/exim.c index b078c6000..9826ca495 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.61 2008/10/12 09:58:13 nm4 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.61.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -905,6 +905,9 @@ fprintf(f, "Support for:"); #ifdef WITH_CONTENT_SCAN fprintf(f, " Content_Scanning"); #endif +#ifndef DISABLE_DKIM + fprintf(f, " DKIM"); +#endif #ifdef WITH_OLD_DEMIME fprintf(f, " Old_Demime"); #endif @@ -917,12 +920,6 @@ fprintf(f, "Support for:"); #ifdef EXPERIMENTAL_BRIGHTMAIL fprintf(f, " Experimental_Brightmail"); #endif -#ifdef EXPERIMENTAL_DOMAINKEYS - fprintf(f, " Experimental_DomainKeys"); -#endif -#ifdef EXPERIMENTAL_DKIM - fprintf(f, " Experimental_DKIM"); -#endif #ifdef EXPERIMENTAL_DCC fprintf(f, " Experimental_DCC"); #endif diff --git a/src/src/exim.h b/src/src/exim.h index a2f422c11..f5accafd0 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.h,v 1.24 2008/01/16 13:44:45 nm4 Exp $ */ +/* $Cambridge: exim/src/src/exim.h,v 1.24.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -446,11 +446,8 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #ifdef EXPERIMENTAL_SRS #include "srs.h" #endif -#ifdef EXPERIMENTAL_DOMAINKEYS -#include "dk.h" -#endif -#ifdef EXPERIMENTAL_DKIM -#include "dkim-exim.h" +#ifndef DISABLE_DKIM +#include "dkim.h" #endif /* The following stuff must follow the inclusion of config.h because it diff --git a/src/src/expand.c b/src/src/expand.c index 599dd9c0d..3422f2e40 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/expand.c,v 1.97 2008/12/12 14:51:47 nm4 Exp $ */ +/* $Cambridge: exim/src/src/expand.c,v 1.97.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -364,9 +364,6 @@ enum { vtype_load_avg, /* value not used; result is int from os_getloadavg */ vtype_pspace, /* partition space; value is T/F for spool/log */ vtype_pinodes /* partition inodes; value is T/F for spool/log */ -#ifdef EXPERIMENTAL_DOMAINKEYS - ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */ -#endif }; /* This table must be kept in alphabetical order. */ @@ -404,20 +401,7 @@ static var_entry var_table[] = { { "demime_errorlevel", vtype_int, &demime_errorlevel }, { "demime_reason", vtype_stringptr, &demime_reason }, #endif -#ifdef EXPERIMENTAL_DOMAINKEYS - { "dk_domain", vtype_stringptr, &dk_signing_domain }, - { "dk_is_signed", vtype_dk_verify, NULL }, - { "dk_result", vtype_dk_verify, NULL }, - { "dk_selector", vtype_stringptr, &dk_signing_selector }, - { "dk_sender", vtype_dk_verify, NULL }, - { "dk_sender_domain", vtype_dk_verify, NULL }, - { "dk_sender_local_part",vtype_dk_verify, NULL }, - { "dk_sender_source", vtype_dk_verify, NULL }, - { "dk_signsall", vtype_dk_verify, NULL }, - { "dk_status", vtype_dk_verify, NULL }, - { "dk_testing", vtype_dk_verify, NULL }, -#endif -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM { "dkim_domain", vtype_stringptr, &dkim_signing_domain }, { "dkim_selector", vtype_stringptr, &dkim_signing_selector }, #endif @@ -1382,51 +1366,6 @@ while (last > first) switch (var_table[middle].type) { -#ifdef EXPERIMENTAL_DOMAINKEYS - - case vtype_dk_verify: - if (dk_verify_block == NULL) return US""; - s = NULL; - if (Ustrcmp(var_table[middle].name, "dk_result") == 0) - s = dk_verify_block->result_string; - if (Ustrcmp(var_table[middle].name, "dk_sender") == 0) - s = dk_verify_block->address; - if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0) - s = dk_verify_block->domain; - if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0) - s = dk_verify_block->local_part; - - if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0) - switch(dk_verify_block->address_source) { - case DK_EXIM_ADDRESS_NONE: s = US"0"; break; - case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break; - case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break; - } - - if (Ustrcmp(var_table[middle].name, "dk_status") == 0) - switch(dk_verify_block->result) { - case DK_EXIM_RESULT_ERR: s = US"error"; break; - case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break; - case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break; - case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break; - case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break; - case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break; - case DK_EXIM_RESULT_GOOD: s = US"good"; break; - case DK_EXIM_RESULT_BAD: s = US"bad"; break; - } - - if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0) - s = (dk_verify_block->signsall)? US"1" : US"0"; - - if (Ustrcmp(var_table[middle].name, "dk_testing") == 0) - s = (dk_verify_block->testing)? US"1" : US"0"; - - if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0) - s = (dk_verify_block->is_signed)? US"1" : US"0"; - - return (s == NULL)? US"" : s; -#endif - case vtype_filter_int: if (!filter_running) return NULL; /* Fall through */ diff --git a/src/src/functions.h b/src/src/functions.h index 2c77c17fd..41b334a15 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/functions.h,v 1.43 2008/12/18 13:13:54 michael Exp $ */ +/* $Cambridge: exim/src/src/functions.h,v 1.43.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -83,7 +83,7 @@ extern void deliver_succeeded(address_item *); extern int demime(uschar **); #endif extern BOOL directory_make(uschar *, uschar *, int, BOOL); -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) +#ifndef DISABLE_DKIM extern BOOL dkim_transport_write_message(address_item *, int, int, int, uschar *, uschar *, uschar *, uschar *, rewrite_rule *, int, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *, diff --git a/src/src/globals.c b/src/src/globals.c index 93f74910c..9bc119b9f 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.81 2008/02/12 12:52:51 nm4 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.81.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -526,13 +526,7 @@ BOOL disable_fsync = FALSE; BOOL disable_ipv6 = FALSE; BOOL disable_logging = FALSE; -#ifdef EXPERIMENTAL_DOMAINKEYS -uschar *dk_signing_domain = NULL; -uschar *dk_signing_selector = NULL; -int dk_do_verify = 0; -#endif - -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; int dkim_do_verify = 0; diff --git a/src/src/globals.h b/src/src/globals.h index ac425ed98..8444daba6 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.62 2008/02/12 12:52:51 nm4 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.62.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -295,13 +295,7 @@ extern BOOL disable_fsync; /* Not for normal use */ extern BOOL disable_ipv6; /* Don't do any IPv6 things */ extern BOOL disable_logging; /* Disables log writing when TRUE */ -#ifdef EXPERIMENTAL_DOMAINKEYS -extern uschar *dk_signing_domain; /* Domain used for signing a message. */ -extern uschar *dk_signing_selector; /* Selector used for signing a message. */ -extern int dk_do_verify; /* DK verification switch. Set with ACL control statement. */ -#endif - -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM extern uschar *dkim_signing_domain; /* Domain used for signing a message. */ extern uschar *dkim_signing_selector; /* Selector used for signing a message. */ extern int dkim_do_verify; /* DKIM verification switch. Set with ACL control statement. */ diff --git a/src/src/lookups/dkim.c b/src/src/lookups/dkim.c index f90283ee5..52f2d880f 100755 --- a/src/src/lookups/dkim.c +++ b/src/src/lookups/dkim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/lookups/dkim.c,v 1.1 2007/09/28 12:21:57 tom Exp $ */ +/* $Cambridge: exim/src/src/lookups/dkim.c,v 1.1.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -39,7 +39,7 @@ int dkim_find(void *handle, uschar *filename, uschar *keystring, int length, uschar **result, uschar **errmsg, BOOL *do_cache) { -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM dkim_exim_verify_result(keystring,result,errmsg); return OK; #else diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 7d6475e36..20a3399e2 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */ +/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.1.2.2 2009/02/24 15:57:55 tom Exp $ */ /* pdkim.c */ #include @@ -549,7 +549,7 @@ pdkim_str *pdkim_create_header(pdkim_ctx *ctx, int final) { /* -------------------------------------------------------------------------- */ -int pdkim_feed_finish(pdkim_ctx *ctx) { +int pdkim_feed_finish(pdkim_ctx *ctx, char **signature) { /* Check if we must still flush a (partial) header. If that is the case, the message has no body, and we must compute a body hash @@ -730,14 +730,19 @@ int pdkim_feed_finish(pdkim_ctx *ctx) { if (ctx->debug_stream) { fprintf(ctx->debug_stream, "PDKIM >> Final DKIM-Signature header >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - fprintf(ctx->debug_stream,"%s\n",hdr->str); - //pdkim_quoteprint(ctx->debug_stream, hdr->str, hdr->len, 1); + pdkim_quoteprint(ctx->debug_stream, hdr->str, hdr->len, 1); fprintf(ctx->debug_stream, "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } #endif + + if (signature != NULL) { + *signature = hdr->str; + } + } + return PDKIM_OK; } @@ -793,6 +798,7 @@ void pdkim_set_debug_stream(pdkim_ctx *ctx, /* -------------------------------------------------------------------------- */ int pdkim_set_optional(pdkim_ctx *ctx, + int input_mode, char *sign_headers, char *identity, int canon_headers, @@ -818,6 +824,7 @@ int pdkim_set_optional(pdkim_ctx *ctx, strcpy(ctx->sig->sign_headers, sign_headers); } + ctx->input_mode = input_mode; ctx->sig->canon_headers = canon_headers; ctx->sig->canon_body = canon_body; ctx->sig->bodylength = bodylength; diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index ab73271fa..de6352c19 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.1 2009/02/24 13:13:47 tom Exp $ */ +/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.2 2009/02/24 15:57:55 tom Exp $ */ /* pdkim.h */ #include "sha1.h" @@ -181,8 +181,8 @@ int pdkim_finish_bodyhash (pdkim_ctx *); int pdkim_bodyline_complete (pdkim_ctx *); int pdkim_header_complete (pdkim_ctx *); -int pdkim_feed (pdkim_ctx *, char *data, int len); -int pdkim_feed_finish (pdkim_ctx *); +int pdkim_feed (pdkim_ctx *, char *, int); +int pdkim_feed_finish (pdkim_ctx *, char **); pdkim_str *pdkim_create_header (pdkim_ctx *, int); @@ -190,7 +190,9 @@ pdkim_str pdkim_ctx *pdkim_init_sign (char *, char *, char *); -int pdkim_set_optional (pdkim_ctx *, char *, char *, +int pdkim_set_optional (pdkim_ctx *, + int, + char *, char *, int, int, unsigned long, int, unsigned long, diff --git a/src/src/receive.c b/src/src/receive.c index f0df716df..02fd8922f 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/receive.c,v 1.45 2009/01/02 17:12:03 nm4 Exp $ */ +/* $Cambridge: exim/src/src/receive.c,v 1.45.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -11,38 +11,6 @@ #include "exim.h" -#if (defined EXPERIMENTAL_DOMAINKEYS) && (defined EXPERIMENTAL_DKIM) - -#warning Chaining Domainkeys via DKIM receive functions -#define RECEIVE_GETC dkim_receive_getc -#define RECEIVE_UNGETC dkim_receive_ungetc - -#else - -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) - -#ifdef EXPERIMENTAL_DOMAINKEYS -#warning Using Domainkeys receive functions -#define RECEIVE_GETC dk_receive_getc -#define RECEIVE_UNGETC dk_receive_ungetc -#endif -#ifdef EXPERIMENTAL_DKIM -#warning Using DKIM receive functions -#define RECEIVE_GETC dkim_receive_getc -#define RECEIVE_UNGETC dkim_receive_ungetc -#endif - -#else - -/* Normal operation */ -#define RECEIVE_GETC receive_getc -#define RECEIVE_UNGETC receive_ungetc - -#endif - -#endif - - #ifdef EXPERIMENTAL_DCC extern int dcc_ok; #endif @@ -600,7 +568,7 @@ if (!dot_ends) { register int last_ch = '\n'; - for (; (ch = (RECEIVE_GETC)()) != EOF; last_ch = ch) + for (; (ch = (receive_getc)()) != EOF; last_ch = ch) { if (ch == 0) body_zerocount++; if (last_ch == '\r' && ch != '\n') @@ -642,7 +610,7 @@ if (!dot_ends) ch_state = 1; -while ((ch = (RECEIVE_GETC)()) != EOF) +while ((ch = (receive_getc)()) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -758,7 +726,7 @@ int ch_state = 0; register int ch; register int linelength = 0; -while ((ch = (RECEIVE_GETC)()) != EOF) +while ((ch = (receive_getc)()) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -1416,14 +1384,9 @@ if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX; message_linecount = body_linecount = body_zerocount = max_received_linelength = 0; -#ifdef EXPERIMENTAL_DOMAINKEYS -/* Call into DK to set up the context. Check if DK is to be run are carried out - inside dk_exim_verify_init(). */ -dk_exim_verify_init(); -#endif -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM /* Call into DKIM to set up the context. Check if DKIM is to be run are carried out - inside dk_exim_verify_init(). */ + inside dkim_exim_verify_init(). */ dkim_exim_verify_init(); #endif @@ -1476,7 +1439,7 @@ next->text. */ for (;;) { - int ch = (RECEIVE_GETC)(); + int ch = (receive_getc)(); /* If we hit EOF on a SMTP connection, it's an error, since incoming SMTP must have a correct "." terminator. */ @@ -1540,7 +1503,7 @@ for (;;) if (ch == '\n') { if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE; - else if (first_line_ended_crlf) RECEIVE_UNGETC(' '); + else if (first_line_ended_crlf) receive_ungetc(' '); goto EOL; } @@ -1555,13 +1518,13 @@ for (;;) if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) { - ch = (RECEIVE_GETC)(); + ch = (receive_getc)(); if (ch == '\r') { - ch = (RECEIVE_GETC)(); + ch = (receive_getc)(); if (ch != '\n') { - RECEIVE_UNGETC(ch); + receive_ungetc(ch); ch = '\r'; /* Revert to CR */ } } @@ -1589,7 +1552,7 @@ for (;;) if (ch == '\r') { - ch = (RECEIVE_GETC)(); + ch = (receive_getc)(); if (ch == '\n') { if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE; @@ -1599,7 +1562,7 @@ for (;;) /* Otherwise, put back the character after CR, and turn the bare CR into LF SP. */ - ch = (RECEIVE_UNGETC)(ch); + ch = (receive_ungetc)(ch); next->text[ptr++] = '\n'; message_size++; ch = ' '; @@ -1684,14 +1647,14 @@ for (;;) if (ch != EOF) { - int nextch = (RECEIVE_GETC)(); + int nextch = (receive_getc)(); if (nextch == ' ' || nextch == '\t') { next->text[ptr++] = nextch; message_size++; continue; /* Iterate the loop */ } - else if (nextch != EOF) (RECEIVE_UNGETC)(nextch); /* For next time */ + else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */ else ch = EOF; /* Cause main loop to exit at end */ } @@ -3007,10 +2970,7 @@ else if (smtp_input && !smtp_batched_input) { -#ifdef EXPERIMENTAL_DOMAINKEYS - dk_exim_verify_finish(); -#endif -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM dkim_exim_verify_finish(); #endif @@ -3554,8 +3514,8 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket && if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0) { - int c = (RECEIVE_GETC)(); - if (c != EOF) (RECEIVE_UNGETC)(c); else + int c = (receive_getc)(); + if (c != EOF) (receive_ungetc)(c); else { uschar *msg = US"SMTP connection lost after final dot"; smtp_reply = US""; /* No attempt to send a response */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index b710c89ce..8cf43c8d9 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.63 2008/09/29 11:41:07 nm4 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.63.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1037,10 +1037,7 @@ authenticated_sender = NULL; bmi_run = 0; bmi_verdicts = NULL; #endif -#ifdef EXPERIMENTAL_DOMAINKEYS -dk_do_verify = 0; -#endif -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM dkim_do_verify = 0; #endif #ifdef EXPERIMENTAL_SPF diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 311d1833c..a6bde5fd0 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/spool_in.c,v 1.23 2009/01/20 16:09:20 fanf2 Exp $ */ +/* $Cambridge: exim/src/src/spool_in.c,v 1.23.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -278,11 +278,7 @@ bmi_run = 0; bmi_verdicts = NULL; #endif -#ifdef EXPERIMENTAL_DOMAINKEYS -dk_do_verify = 0; -#endif - -#ifdef EXPERIMENTAL_DKIM +#ifndef DISABLE_DKIM dkim_do_verify = 0; #endif diff --git a/src/src/transport.c b/src/src/transport.c index 3c8c3f5f2..6f201c3a2 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/transport.c,v 1.23 2008/09/30 10:03:55 tom Exp $ */ +/* $Cambridge: exim/src/src/transport.c,v 1.23.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -941,7 +941,7 @@ return (len = chunk_ptr - deliver_out_buffer) <= 0 || } -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) +#ifndef DISABLE_DKIM /*************************************************************************************************** * External interface to write the message, while signing it with DKIM and/or Domainkeys * @@ -965,14 +965,6 @@ Arguments: as for internal_transport_write_message() above, with additional 0/false => send anyway uschar *dkim_sign_headers DKIM: List of headers that should be included in signature generation - uschar *dk_private_key Domainkeys: The private key to use (filename or plain data) - uschar *dk_domain Domainkeys: Override domain (normally NULL) - uschar *dk_selector Domainkeys: The selector to use. - uschar *dk_canon Domainkeys: The canonalization scheme to use, "simple" or "nofws" - uschar *dk_headers Domainkeys: Colon-separated header list to include in the signing - process. - uschar *dk_strict Domainkeys: What to do if signing fails: 1/true => throw error - 0/false => send anyway Returns: TRUE on success; FALSE (with errno) for any failure */ @@ -982,9 +974,7 @@ dkim_transport_write_message(address_item *addr, int fd, int options, int size_limit, uschar *add_headers, uschar *remove_headers, uschar *check_string, uschar *escape_string, rewrite_rule *rewrite_rules, int rewrite_existflags, uschar *dkim_private_key, uschar *dkim_domain, - uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers, - uschar *dk_private_key, uschar *dk_domain, uschar *dk_selector, uschar *dk_canon, - uschar *dk_headers, uschar *dk_strict + uschar *dkim_selector, uschar *dkim_canon, uschar *dkim_strict, uschar *dkim_sign_headers ) { int dkim_fd; @@ -995,12 +985,10 @@ dkim_transport_write_message(address_item *addr, int fd, int options, int sread = 0; int wwritten = 0; uschar *dkim_signature = NULL; - uschar *dk_signature = NULL; off_t size = 0; - if ( !( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) || - ((dk_private_key != NULL) && (dk_selector != NULL)) ) ) { - /* If we can sign with neither method, just call the original function. */ + if (!( ((dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL)) )) { + /* If we can't sign, just call the original function. */ return transport_write_message(addr, fd, options, size_limit, add_headers, remove_headers, check_string, escape_string, rewrite_rules, @@ -1031,8 +1019,6 @@ dkim_transport_write_message(address_item *addr, int fd, int options, goto CLEANUP; } - - #ifdef EXPERIMENTAL_DKIM if ( (dkim_private_key != NULL) && (dkim_domain != NULL) && (dkim_selector != NULL) ) { /* Rewind file and feed it to the goats^W DKIM lib */ lseek(dkim_fd, 0, SEEK_SET); @@ -1075,48 +1061,6 @@ dkim_transport_write_message(address_item *addr, int fd, int options, } #endif - #ifdef EXPERIMENTAL_DOMAINKEYS - if ( (dk_private_key != NULL) && (dk_selector != NULL) ) { - /* Rewind file and feed it to the goats^W DK lib */ - lseek(dkim_fd, 0, SEEK_SET); - dk_signature = dk_exim_sign(dkim_fd, - dk_private_key, - dk_domain, - dk_selector, - dk_canon); - if (dk_signature == NULL) { - if (dk_strict != NULL) { - uschar *dk_strict_result = expand_string(dk_strict); - if (dk_strict_result != NULL) { - if ( (strcmpic(dk_strict,US"1") == 0) || - (strcmpic(dk_strict,US"true") == 0) ) { - save_errno = errno; - rc = FALSE; - goto CLEANUP; - } - } - } - } - else { - int siglen = Ustrlen(dk_signature); - while(siglen > 0) { - #ifdef SUPPORT_TLS - if (tls_active == fd) wwritten = tls_write(dk_signature, siglen); else - #endif - wwritten = write(fd,dk_signature,siglen); - if (wwritten == -1) { - /* error, bail out */ - save_errno = errno; - rc = FALSE; - goto CLEANUP; - } - siglen -= wwritten; - dk_signature += wwritten; - } - } - } - #endif - /* Fetch file positition (the size) */ size = lseek(dkim_fd,0,SEEK_CUR); diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index e56093f4d..da3622c04 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/transports/smtp.c,v 1.41 2009/01/02 17:22:12 nm4 Exp $ */ +/* $Cambridge: exim/src/src/transports/smtp.c,v 1.41.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -39,19 +39,7 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, data_timeout) }, { "delay_after_cutoff", opt_bool, (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) }, - #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) - { "dk_canon", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_canon) }, - { "dk_domain", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_domain) }, - { "dk_headers", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_headers) }, - { "dk_private_key", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_private_key) }, - { "dk_selector", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_selector) }, - { "dk_strict", opt_stringptr, - (void *)offsetof(smtp_transport_options_block, dk_strict) }, +#ifndef DISABLE_DKIM { "dkim_canon", opt_stringptr, (void *)offsetof(smtp_transport_options_block, dkim_canon) }, { "dkim_domain", opt_stringptr, @@ -64,7 +52,7 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) }, { "dkim_strict", opt_stringptr, (void *)offsetof(smtp_transport_options_block, dkim_strict) }, - #endif +#endif { "dns_qualify_single", opt_bool, (void *)offsetof(smtp_transport_options_block, dns_qualify_single) }, { "dns_search_parents", opt_bool, @@ -75,14 +63,14 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, final_timeout) }, { "gethostbyname", opt_bool, (void *)offsetof(smtp_transport_options_block, gethostbyname) }, - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS { "gnutls_require_kx", opt_stringptr, (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) }, { "gnutls_require_mac", opt_stringptr, (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) }, { "gnutls_require_protocols", opt_stringptr, (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) }, - #endif +#endif { "helo_data", opt_stringptr, (void *)offsetof(smtp_transport_options_block, helo_data) }, { "hosts", opt_stringptr, @@ -91,28 +79,28 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) }, { "hosts_avoid_pipelining", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) }, - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS { "hosts_avoid_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) }, - #endif +#endif { "hosts_max_try", opt_int, (void *)offsetof(smtp_transport_options_block, hosts_max_try) }, { "hosts_max_try_hardlimit", opt_int, (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) }, - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS { "hosts_nopass_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) }, - #endif +#endif { "hosts_override", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_override) }, { "hosts_randomize", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_randomize) }, { "hosts_require_auth", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_require_auth) }, - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS { "hosts_require_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_require_tls) }, - #endif +#endif { "hosts_try_auth", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_try_auth) }, { "interface", opt_stringptr, @@ -135,7 +123,7 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, serialize_hosts) }, { "size_addition", opt_int, (void *)offsetof(smtp_transport_options_block, size_addition) } - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS ,{ "tls_certificate", opt_stringptr, (void *)offsetof(smtp_transport_options_block, tls_certificate) }, { "tls_crl", opt_stringptr, @@ -148,7 +136,7 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) }, { "tls_verify_certificates", opt_stringptr, (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) } - #endif +#endif }; /* Size of the options list. An extern variable has to be used so that its @@ -196,7 +184,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { TRUE, /* keepalive */ FALSE, /* lmtp_ignore_quota */ TRUE /* retry_include_ip_address */ - #ifdef SUPPORT_TLS +#ifdef SUPPORT_TLS ,NULL, /* tls_certificate */ NULL, /* tls_crl */ NULL, /* tls_privatekey */ @@ -206,21 +194,15 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* gnutls_require_proto */ NULL, /* tls_verify_certificates */ TRUE /* tls_tempfail_tryclear */ - #endif - #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) - ,NULL, /* dk_canon */ - NULL, /* dk_domain */ - NULL, /* dk_headers */ - NULL, /* dk_private_key */ - NULL, /* dk_selector */ - NULL /* dk_strict */ +#endif +#ifndef DISABLE_DKIM ,NULL, /* dkim_canon */ NULL, /* dkim_domain */ NULL, /* dkim_private_key */ NULL, /* dkim_selector */ NULL, /* dkim_sign_headers */ NULL /* dkim_strict */ - #endif +#endif }; @@ -1592,7 +1574,7 @@ if (!ok) ok = TRUE; else DEBUG(D_transport|D_v) debug_printf(" SMTP>> writing message and terminating \".\"\n"); transport_count = 0; -#if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) +#ifndef DISABLE_DKIM ok = dkim_transport_write_message(addrlist, inblock.sock, topt_use_crlf | topt_end_dot | topt_escape_headers | (tblock->body_only? topt_no_headers : 0) | @@ -1605,9 +1587,7 @@ if (!ok) ok = TRUE; else US".", US"..", /* Escaping strings */ tblock->rewrite_rules, tblock->rewrite_existflags, ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector, - ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers, - ob->dk_private_key, ob->dk_domain, ob->dk_selector, - ob->dk_canon, ob->dk_headers, ob->dk_strict + ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers ); #else ok = transport_write_message(addrlist, inblock.sock, diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index 79239ad39..129d40278 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/transports/smtp.h,v 1.14 2008/03/05 21:13:23 tom Exp $ */ +/* $Cambridge: exim/src/src/transports/smtp.h,v 1.14.2.1 2009/02/24 15:57:55 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -57,13 +57,7 @@ typedef struct { uschar *tls_verify_certificates; BOOL tls_tempfail_tryclear; #endif - #if (defined EXPERIMENTAL_DOMAINKEYS) || (defined EXPERIMENTAL_DKIM) - uschar *dk_domain; - uschar *dk_private_key; - uschar *dk_selector; - uschar *dk_canon; - uschar *dk_headers; - uschar *dk_strict; + #ifndef DISABLE_DKIM uschar *dkim_domain; uschar *dkim_private_key; uschar *dkim_selector;