end
end
- local p = {}
+ local p = {
+ keys = {}
+ }
if settings.domain[dkim_domain] then
p.selector = settings.domain[dkim_domain].selector
p.key = settings.domain[dkim_domain].path
+ for _, s in ipairs(settings.domain[dkim_domain].selectors) do
+ lua_util.debugm(N, task, 'adding selector: %1', s)
+ local k = {}
+ k.selector = s.selector
+ k.key = s.path
+ --bit of a hack to make other code play nice
+ p.selector = s.selector
+ p.key = s.path
+ table.insert(p.keys, k)
+ end
end
if not p.key and p.selector then
}
}
- PRINT_PROTOCOL_STRING ("dkim-signature", "DKIM-Signature");
+ elt = ucl_object_lookup (obj, "dkim-signature");
+ if (elt && elt->type == UCL_STRING) {
+ rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (elt));
+ } else if (elt && elt->type == UCL_ARRAY) {
+ mit = NULL;
+ while ((cmesg = ucl_object_iterate (elt, &mit, true)) != NULL) {
+ rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (cmesg));
+ }
+ }
elt = ucl_object_lookup (obj, "profile");
g_string_free (folded_symbuf, TRUE);
g_string_free (symbuf, TRUE);
- if (ucl_object_lookup (result, "dkim-signature")) {
+ res = ucl_object_lookup (result, "dkim-signature");
+ if (res && res->type == UCL_STRING) {
rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
- ucl_object_tostring (
- ucl_object_lookup (result, "dkim-signature")),
- line_end);
+ ucl_object_tostring (res), line_end);
+ } else if (res && res->type == UCL_ARRAY) {
+ it = NULL;
+ while ((cur = ucl_object_iterate (res, &it, true)) != NULL) {
+ rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
+ ucl_object_tostring (cur), line_end);
+ }
}
if (json || raw || compact) {
{
ucl_object_t *top = NULL;
GString *dkim_sig;
+ GList *dkim_sigs;
const ucl_object_t *milter_reply;
rspamd_task_set_finish_time (task);
}
if (flags & RSPAMD_PROTOCOL_DKIM) {
- dkim_sig = rspamd_mempool_get_variable (task->task_pool,
+ dkim_sigs = rspamd_mempool_get_variable (task->task_pool,
RSPAMD_MEMPOOL_DKIM_SIGNATURE);
- if (dkim_sig) {
+ for (; dkim_sigs != NULL; dkim_sigs = dkim_sigs->next) {
GString *folded_header;
+ dkim_sig = (GString *) dkim_sigs->data;
if (task->flags & RSPAMD_TASK_FLAG_MILTER) {
folded_header = rspamd_header_value_fold ("DKIM-Signature",
rspamd_dkim_key_unref (key);
}
+static void
+dkim_module_free_list (gpointer k)
+{
+ g_list_free_full ((GList *)k, rspamd_gstring_free_hard);
+}
+
gint
dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
{
enum rspamd_dkim_type sign_type = RSPAMD_DKIM_NORMAL;
GError *err = NULL;
GString *hdr;
+ GList *sigs = NULL;
const gchar *selector = NULL, *domain = NULL, *key = NULL, *rawkey = NULL,
*headers = NULL, *sign_type_str = NULL, *arc_cv = NULL,
*pubkey = NULL;
if (hdr) {
if (!no_cache) {
- rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
- hdr, rspamd_gstring_free_hard);
+ sigs = rspamd_mempool_get_variable (task->task_pool, "dkim-signature");
+ if (sigs == NULL) {
+ sigs = g_list_append (sigs, hdr);
+ rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+ sigs, dkim_module_free_list);
+ } else {
+ (void) g_list_append (sigs, hdr);
+ }
}
lua_pushboolean (L, TRUE);
gint64 arc_idx = 0;
gsize len;
GString *tb, *hdr;
+ GList *sigs = NULL;
GError *err = NULL;
const gchar *selector = NULL, *domain = NULL, *key = NULL, *key_type = NULL,
*sign_type_str = NULL, *arc_cv = NULL;
ctx);
if (hdr) {
- rspamd_mempool_set_variable (task->task_pool,
- "dkim-signature",
- hdr, rspamd_gstring_free_hard);
+ sigs = g_list_append (sigs, hdr);
+ rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+ sigs, dkim_module_free_list);
}
sign = TRUE;
lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
p.key, p.selector, p.domain)
end
-
- do_sign()
+ -- TODO: push handling of multiples keys into sign code
+ if #p.keys > 0 then
+ lua_util.debugm(N, task, 'signing for multiple selectors, %1', #p.keys);
+ for _, k in ipairs(p.keys) do
+ p.selector = k.selector
+ p.key = k.key
+ do_sign()
+ end
+ else
+ do_sign()
+ end
else
rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')
return false