From: John McKay Date: Sat, 26 Jan 2019 06:34:41 +0000 (+0000) Subject: Add multiple signature support. X-Git-Tag: 1.9.0~220^2~9 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=bbabe7c61ca8403cf332fbfa6a0f23997f8cb92d;p=rspamd.git Add multiple signature support. Configuration is not clean and milter doesn't support it yet --- diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua index 5469ac138..5e38b2b85 100644 --- a/lualib/lua_dkim_tools.lua +++ b/lualib/lua_dkim_tools.lua @@ -211,11 +211,23 @@ local function prepare_dkim_signing(N, task, settings) end end - local p = {} + local p = { + keys = {} + } if settings.domain[dkim_domain] then p.selector = settings.domain[dkim_domain].selector p.key = settings.domain[dkim_domain].path + for _, s in ipairs(settings.domain[dkim_domain].selectors) do + lua_util.debugm(N, task, 'adding selector: %1', s) + local k = {} + k.selector = s.selector + k.key = s.path + --bit of a hack to make other code play nice + p.selector = s.selector + p.key = s.path + table.insert(p.keys, k) + end end if not p.key and p.selector then diff --git a/src/client/rspamc.c b/src/client/rspamc.c index c52f615dc..3433ef7d6 100644 --- a/src/client/rspamc.c +++ b/src/client/rspamc.c @@ -887,7 +887,15 @@ rspamc_symbols_output (FILE *out, ucl_object_t *obj) } } - PRINT_PROTOCOL_STRING ("dkim-signature", "DKIM-Signature"); + elt = ucl_object_lookup (obj, "dkim-signature"); + if (elt && elt->type == UCL_STRING) { + rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (elt)); + } else if (elt && elt->type == UCL_ARRAY) { + mit = NULL; + while ((cmesg = ucl_object_iterate (elt, &mit, true)) != NULL) { + rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (cmesg)); + } + } elt = ucl_object_lookup (obj, "profile"); @@ -1372,11 +1380,16 @@ rspamc_mime_output (FILE *out, ucl_object_t *result, GString *input, g_string_free (folded_symbuf, TRUE); g_string_free (symbuf, TRUE); - if (ucl_object_lookup (result, "dkim-signature")) { + res = ucl_object_lookup (result, "dkim-signature"); + if (res && res->type == UCL_STRING) { rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s", - ucl_object_tostring ( - ucl_object_lookup (result, "dkim-signature")), - line_end); + ucl_object_tostring (res), line_end); + } else if (res && res->type == UCL_ARRAY) { + it = NULL; + while ((cur = ucl_object_iterate (res, &it, true)) != NULL) { + rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s", + ucl_object_tostring (cur), line_end); + } } if (json || raw || compact) { diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c index 574c5fa9f..ba468ee5f 100644 --- a/src/libserver/protocol.c +++ b/src/libserver/protocol.c @@ -1132,6 +1132,7 @@ rspamd_protocol_write_ucl (struct rspamd_task *task, { ucl_object_t *top = NULL; GString *dkim_sig; + GList *dkim_sigs; const ucl_object_t *milter_reply; rspamd_task_set_finish_time (task); @@ -1200,11 +1201,12 @@ rspamd_protocol_write_ucl (struct rspamd_task *task, } if (flags & RSPAMD_PROTOCOL_DKIM) { - dkim_sig = rspamd_mempool_get_variable (task->task_pool, + dkim_sigs = rspamd_mempool_get_variable (task->task_pool, RSPAMD_MEMPOOL_DKIM_SIGNATURE); - if (dkim_sig) { + for (; dkim_sigs != NULL; dkim_sigs = dkim_sigs->next) { GString *folded_header; + dkim_sig = (GString *) dkim_sigs->data; if (task->flags & RSPAMD_TASK_FLAG_MILTER) { folded_header = rspamd_header_value_fold ("DKIM-Signature", diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c index 06c039ea4..278a8e1e1 100644 --- a/src/plugins/dkim_check.c +++ b/src/plugins/dkim_check.c @@ -141,6 +141,12 @@ dkim_module_key_dtor (gpointer k) rspamd_dkim_key_unref (key); } +static void +dkim_module_free_list (gpointer k) +{ + g_list_free_full ((GList *)k, rspamd_gstring_free_hard); +} + gint dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx) { @@ -792,6 +798,7 @@ lua_dkim_sign_handler (lua_State *L) enum rspamd_dkim_type sign_type = RSPAMD_DKIM_NORMAL; GError *err = NULL; GString *hdr; + GList *sigs = NULL; const gchar *selector = NULL, *domain = NULL, *key = NULL, *rawkey = NULL, *headers = NULL, *sign_type_str = NULL, *arc_cv = NULL, *pubkey = NULL; @@ -962,8 +969,14 @@ lua_dkim_sign_handler (lua_State *L) if (hdr) { if (!no_cache) { - rspamd_mempool_set_variable (task->task_pool, "dkim-signature", - hdr, rspamd_gstring_free_hard); + sigs = rspamd_mempool_get_variable (task->task_pool, "dkim-signature"); + if (sigs == NULL) { + sigs = g_list_append (sigs, hdr); + rspamd_mempool_set_variable (task->task_pool, "dkim-signature", + sigs, dkim_module_free_list); + } else { + (void) g_list_append (sigs, hdr); + } } lua_pushboolean (L, TRUE); @@ -1362,6 +1375,7 @@ dkim_sign_callback (struct rspamd_task *task, gint64 arc_idx = 0; gsize len; GString *tb, *hdr; + GList *sigs = NULL; GError *err = NULL; const gchar *selector = NULL, *domain = NULL, *key = NULL, *key_type = NULL, *sign_type_str = NULL, *arc_cv = NULL; @@ -1506,9 +1520,9 @@ dkim_sign_callback (struct rspamd_task *task, ctx); if (hdr) { - rspamd_mempool_set_variable (task->task_pool, - "dkim-signature", - hdr, rspamd_gstring_free_hard); + sigs = g_list_append (sigs, hdr); + rspamd_mempool_set_variable (task->task_pool, "dkim-signature", + sigs, dkim_module_free_list); } sign = TRUE; diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 77acc2f61..b510a437e 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -171,8 +171,17 @@ local function dkim_signing_cb(task) lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"', p.key, p.selector, p.domain) end - - do_sign() + -- TODO: push handling of multiples keys into sign code + if #p.keys > 0 then + lua_util.debugm(N, task, 'signing for multiple selectors, %1', #p.keys); + for _, k in ipairs(p.keys) do + p.selector = k.selector + p.key = k.key + do_sign() + end + else + do_sign() + end else rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') return false