From: Vsevolod Stakhov Date: Sun, 21 Apr 2019 16:18:44 +0000 (+0100) Subject: [Minor] Unify redis signing in ARC X-Git-Tag: 1.9.3~91 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1459cbf62ecd56e7615ffc4ff4627d2b4215fb53;p=rspamd.git [Minor] Unify redis signing in ARC --- diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua index 5dfba662c..daca346c0 100644 --- a/src/plugins/lua/arc.lua +++ b/src/plugins/lua/arc.lua @@ -507,6 +507,51 @@ local function arc_sign_seal(task, params, header) task:insert_result(settings.sign_symbol, 1.0, string.format('i=%d', cur_idx)) end +local function do_sign(task, p) + if settings.check_pubkey then + local resolve_name = p.selector .. "._domainkey." .. p.domain + task:get_resolver():resolve_txt({ + task = task, + name = resolve_name, + callback = function(_, _, results, err) + if not err and results and results[1] then + p.pubkey = results[1] + p.strict_pubkey_check = not settings.allow_pubkey_mismatch + elseif not settings.allow_pubkey_mismatch then + rspamd_logger.errx('public key for domain %s/%s is not found: %s, skip signing', + p.domain, p.selector, err) + return + else + rspamd_logger.infox('public key for domain %s/%s is not found: %s', + p.domain, p.selector, err) + end + + local dret, hdr = dkim_sign(task, p) + if dret then + local sret, _ = arc_sign_seal(task, p, hdr) + if sret then + task:insert_result(settings.sign_symbol, 1.0) + end + end + + end, + forced = true + }) + else + local dret, hdr = dkim_sign(task, p) + if dret then + local sret, _ = arc_sign_seal(task, p, hdr) + if sret then + task:insert_result(settings.sign_symbol, 1.0) + end + end + end +end + +local function sign_error(task, msg) + rspamd_logger.errx(task, 'signing failure: %s', msg) +end + local function arc_signing_cb(task) local arc_seals = task:cache_get('arc-seals') @@ -535,62 +580,7 @@ local function arc_signing_cb(task) end if settings.use_redis then - local function try_redis_key(selector) - p.key = nil - p.selector = selector - local rk = string.format('%s.%s', p.selector, p.domain) - local function redis_key_cb(err, data) - if err or type(data) ~= 'string' then - rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM key for %s: %s", - rk, err) - else - p.rawkey = data - local dret, hdr = dkim_sign(task, p) - if dret then - return arc_sign_seal(task, p, hdr) - end - end - end - local rret = rspamd_redis_make_request(task, - redis_params, -- connect params - rk, -- hash key - false, -- is write - redis_key_cb, --callback - 'HGET', -- command - {settings.key_prefix, rk} -- arguments - ) - if not rret then - rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM key for %s", rk) - end - end - if settings.selector_prefix then - rspamd_logger.infox(rspamd_config, "Using selector prefix %s for domain %s", settings.selector_prefix, p.domain); - local function redis_selector_cb(err, data) - if err or type(data) ~= 'string' then - rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM selector for domain %s: %s", - p.domain, err) - else - try_redis_key(data) - end - end - local rret = rspamd_redis_make_request(task, - redis_params, -- connect params - p.domain, -- hash key - false, -- is write - redis_selector_cb, --callback - 'HGET', -- command - {settings.selector_prefix, p.domain} -- arguments - ) - if not rret then - rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM selector for %s", p.domain) - end - else - if not p.selector then - rspamd_logger.errx(task, 'No selector specified') - return false - end - try_redis_key(p.selector) - end + dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) else if ((p.key or p.rawkey) and p.selector) then if p.key then