Add multiple signature support.

Configuration is not clean and milter doesn't support it yet

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 5469ac138e243d05880206e99cae14458acac448..5e38b2b856b052e75c5c25dab0c458a5909c9edc 100644 (file)
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,11 +211,23 @@ local function prepare_dkim_signing(N, task, settings)
     end
   end
 
-  local p = {}
+  local p = {
+    keys = {}
+  }
 
   if settings.domain[dkim_domain] then
     p.selector = settings.domain[dkim_domain].selector
     p.key = settings.domain[dkim_domain].path
+    for _, s in ipairs(settings.domain[dkim_domain].selectors) do
+      lua_util.debugm(N, task, 'adding selector: %1', s)
+      local k = {}
+      k.selector = s.selector
+      k.key = s.path
+      --bit of a hack to make other code play nice
+      p.selector = s.selector
+      p.key = s.path
+      table.insert(p.keys, k)
+    end
   end
 
   if not p.key and p.selector then

diff --git a/src/client/rspamc.c b/src/client/rspamc.c
index c52f615dc8615182d03cc62d5ce3a42e50c93dbd..3433ef7d6e95e2b6cb7b2d6e773b78f81ce3289f 100644 (file)
--- a/src/client/rspamc.c
+++ b/src/client/rspamc.c
@@ -887,7 +887,15 @@ rspamc_symbols_output (FILE *out, ucl_object_t *obj)
                }
        }
 
-       PRINT_PROTOCOL_STRING ("dkim-signature", "DKIM-Signature");
+       elt = ucl_object_lookup (obj, "dkim-signature");
+       if (elt && elt->type == UCL_STRING) {
+               rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (elt));
+       } else if (elt && elt->type == UCL_ARRAY) {
+               mit = NULL;
+               while ((cmesg = ucl_object_iterate (elt, &mit, true)) != NULL) {
+                       rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (cmesg));
+               }
+       }
 
        elt = ucl_object_lookup (obj, "profile");
 
@@ -1372,11 +1380,16 @@ rspamc_mime_output (FILE *out, ucl_object_t *result, GString *input,
                g_string_free (folded_symbuf, TRUE);
                g_string_free (symbuf, TRUE);
 
-               if (ucl_object_lookup (result, "dkim-signature")) {
+               res = ucl_object_lookup (result, "dkim-signature");
+               if (res && res->type == UCL_STRING) {
                        rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
-                                       ucl_object_tostring (
-                                                       ucl_object_lookup (result, "dkim-signature")),
-                                       line_end);
+                                       ucl_object_tostring (res), line_end);
+               } else if (res && res->type == UCL_ARRAY) {
+                       it = NULL;
+                       while ((cur = ucl_object_iterate (res, &it, true)) != NULL) {
+                               rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
+                                       ucl_object_tostring (cur), line_end);
+                       }
                }
 
                if (json || raw || compact) {

diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index 574c5fa9f89c4375791b3a29f27e6b9b1da7c281..ba468ee5f22722f547acc3ab04289f8b876c1756 100644 (file)
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -1132,6 +1132,7 @@ rspamd_protocol_write_ucl (struct rspamd_task *task,
 {
        ucl_object_t *top = NULL;
        GString *dkim_sig;
+       GList *dkim_sigs;
        const ucl_object_t *milter_reply;
 
        rspamd_task_set_finish_time (task);
@@ -1200,11 +1201,12 @@ rspamd_protocol_write_ucl (struct rspamd_task *task,
        }
 
        if (flags & RSPAMD_PROTOCOL_DKIM) {
-               dkim_sig = rspamd_mempool_get_variable (task->task_pool,
+               dkim_sigs = rspamd_mempool_get_variable (task->task_pool,
                                RSPAMD_MEMPOOL_DKIM_SIGNATURE);
 
-               if (dkim_sig) {
+               for (; dkim_sigs != NULL; dkim_sigs = dkim_sigs->next) {
                        GString *folded_header;
+                       dkim_sig = (GString *) dkim_sigs->data;
 
                        if (task->flags & RSPAMD_TASK_FLAG_MILTER) {
                                folded_header = rspamd_header_value_fold ("DKIM-Signature",

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 06c039ea45f3923c49bf7cdf047eb02dc1f06c7b..278a8e1e118fc097aa0e38c8a9a0b4f94d33c591 100644 (file)
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -141,6 +141,12 @@ dkim_module_key_dtor (gpointer k)
        rspamd_dkim_key_unref (key);
 }
 
+static void
+dkim_module_free_list (gpointer k)
+{
+       g_list_free_full ((GList *)k, rspamd_gstring_free_hard);
+}
+
 gint
 dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 {
@@ -792,6 +798,7 @@ lua_dkim_sign_handler (lua_State *L)
        enum rspamd_dkim_type sign_type = RSPAMD_DKIM_NORMAL;
        GError *err = NULL;
        GString *hdr;
+       GList *sigs = NULL;
        const gchar *selector = NULL, *domain = NULL, *key = NULL, *rawkey = NULL,
                        *headers = NULL, *sign_type_str = NULL, *arc_cv = NULL,
                        *pubkey = NULL;
@@ -962,8 +969,14 @@ lua_dkim_sign_handler (lua_State *L)
        if (hdr) {
 
                if (!no_cache) {
-                       rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
-                                       hdr, rspamd_gstring_free_hard);
+                       sigs = rspamd_mempool_get_variable (task->task_pool, "dkim-signature");
+                       if (sigs == NULL) {
+                               sigs = g_list_append (sigs, hdr);
+                               rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+                                               sigs, dkim_module_free_list);
+                       } else {
+                               (void) g_list_append (sigs, hdr);
+                       }
                }
 
                lua_pushboolean (L, TRUE);
@@ -1362,6 +1375,7 @@ dkim_sign_callback (struct rspamd_task *task,
        gint64 arc_idx = 0;
        gsize len;
        GString *tb, *hdr;
+       GList *sigs = NULL;
        GError *err = NULL;
        const gchar *selector = NULL, *domain = NULL, *key = NULL, *key_type = NULL,
                        *sign_type_str = NULL, *arc_cv = NULL;
@@ -1506,9 +1520,9 @@ dkim_sign_callback (struct rspamd_task *task,
                                        ctx);
 
                        if (hdr) {
-                               rspamd_mempool_set_variable (task->task_pool,
-                                               "dkim-signature",
-                                               hdr, rspamd_gstring_free_hard);
+                               sigs = g_list_append (sigs, hdr);
+                               rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+                                               sigs, dkim_module_free_list);
                        }
 
                        sign = TRUE;

diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 77acc2f61c16febeaad1dd7ede04bbdf25442afc..b510a437e7ac8358ab5398fa3cd4ef013e12cd72 100644 (file)
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -171,8 +171,17 @@ local function dkim_signing_cb(task)
         lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
             p.key, p.selector, p.domain)
       end
-
-      do_sign()
+      -- TODO: push handling of multiples keys into sign code
+      if #p.keys > 0 then
+        lua_util.debugm(N, task, 'signing for multiple selectors, %1', #p.keys);
+        for _, k in ipairs(p.keys) do
+          p.selector = k.selector
+          p.key = k.key
+          do_sign()
+        end
+      else
+        do_sign()
+      end
     else
       rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')
       return false