From 1048ad10cdfaa0d7a47e65557227579da8e4ce75 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rambler-co.ru>
Date: Mon, 4 Jun 2012 21:36:58 +0400
Subject: [PATCH] * Implement 'time_jitter' setting allowing to check
 signatures in future in case of incorrect system time (1 minute jittering by
 default).

---
 src/dkim.c               |  4 ++--
 src/dkim.h               |  3 ++-
 src/plugins/dkim_check.c | 12 +++++++++++-
 test/rspamd_dkim_test.c  |  2 +-
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/dkim.c b/src/dkim.c
index 6fa1b0957..dec600e67 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -349,7 +349,7 @@ rspamd_dkim_parse_bodylength (rspamd_dkim_context_t* ctx, const gchar *param, gs
  * @return new context or NULL
  */
 rspamd_dkim_context_t*
-rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err)
+rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, guint time_jitter, GError **err)
 {
 	const gchar						*p, *c, *tag, *end;
 	gsize							 taglen;
@@ -577,7 +577,7 @@ rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err)
 	}
 	/* Check expiration */
 	now = time (NULL);
-	if (new->timestamp && new->timestamp > now) {
+	if (new->timestamp && now < new->timestamp && new->timestamp - now > (gint)time_jitter) {
 		g_set_error (err, DKIM_ERROR, DKIM_SIGERROR_FUTURE, "signature was made in future, ignoring");
 		return NULL;
 	}
diff --git a/src/dkim.h b/src/dkim.h
index 0dda5761f..f4fc21863 100644
--- a/src/dkim.h
+++ b/src/dkim.h
@@ -172,10 +172,11 @@ typedef void (*dkim_key_handler_f)(rspamd_dkim_key_t *key, gsize keylen, rspamd_
  * Create new dkim context from signature
  * @param sig message's signature
  * @param pool pool to allocate memory from
+ * @param time_jitter jitter in seconds to allow time diff while checking
  * @param err pointer to error object
  * @return new context or NULL
  */
-rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool, GError **err);
+rspamd_dkim_context_t* rspamd_create_dkim_context (const gchar *sig, memory_pool_t *pool,  guint time_jitter, GError **err);
 
 /**
  * Make DNS request for specified context and obtain and parse key
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index ce4fdb1d1..c5e9d4416 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -33,6 +33,7 @@
  * - domains (map): map of domains to check (if absent all domains are checked)
  * - strict_domains (map): map of domains that requires strict score for dkim
  * - strict_multiplier (number): multiplier for strict domains
+ * - time_jitter (number): jitter in seconds to allow time diff while checking
  */
 
 #include "config.h"
@@ -52,6 +53,7 @@
 #define DEFAULT_SYMBOL_ALLOW "R_DKIM_ALLOW"
 #define DEFAULT_CACHE_SIZE 2048
 #define DEFAULT_CACHE_MAXAGE 86400
+#define DEFAULT_TIME_JITTER 60
 
 struct dkim_ctx {
 	gint                            (*filter) (struct worker_task * task);
@@ -64,6 +66,7 @@ struct dkim_ctx {
 	GHashTable						*dkim_domains;
 	GHashTable						*strict_domains;
 	guint							 strict_multiplier;
+	guint							 time_jitter;
 	rspamd_lru_hash_t               *dkim_hash;
 };
 
@@ -100,6 +103,7 @@ dkim_module_init (struct config_file *cfg, struct module_ctx **ctx)
 	register_module_opt ("dkim", "domains", MODULE_OPT_TYPE_MAP);
 	register_module_opt ("dkim", "strict_domains", MODULE_OPT_TYPE_MAP);
 	register_module_opt ("dkim", "strict_multiplier", MODULE_OPT_TYPE_UINT);
+	register_module_opt ("dkim", "time_jitter", MODULE_OPT_TYPE_TIME);
 
 	return 0;
 }
@@ -143,6 +147,12 @@ dkim_module_config (struct config_file *cfg)
 	else {
 		cache_expire = DEFAULT_CACHE_MAXAGE;
 	}
+	if ((value = get_module_opt (cfg, "dkim", "time_jitter")) != NULL) {
+		dkim_module_ctx->time_jitter = cfg_parse_time (value, TIME_SECONDS) / 1000;
+	}
+	else {
+		dkim_module_ctx->time_jitter = DEFAULT_TIME_JITTER;
+	}
 	if ((value = get_module_opt (cfg, "dkim", "whitelist")) != NULL) {
 		if (! add_map (value, read_radix_list, fin_radix_list, (void **)&dkim_module_ctx->whitelist_ip)) {
 			msg_warn ("cannot load whitelist from %s", value);
@@ -285,7 +295,7 @@ dkim_symbol_callback (struct worker_task *task, void *unused)
 #endif
 			/* Parse signature */
 			msg_debug ("create dkim signature");
-			ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, &err);
+			ctx = rspamd_create_dkim_context (hlist->data, task->task_pool, dkim_module_ctx->time_jitter, &err);
 			if (ctx == NULL) {
 				msg_info ("cannot parse DKIM context: %s", err->message);
 				g_error_free (err);
diff --git a/test/rspamd_dkim_test.c b/test/rspamd_dkim_test.c
index ac9a88d84..b6a613e48 100644
--- a/test/rspamd_dkim_test.c
+++ b/test/rspamd_dkim_test.c
@@ -81,7 +81,7 @@ rspamd_dkim_test_func ()
 
 	g_assert (resolver != NULL);
 
-	ctx = rspamd_create_dkim_context (test_dkim_sig, pool, &err);
+	ctx = rspamd_create_dkim_context (test_dkim_sig, pool, 0, &err);
 
 	g_assert (ctx != NULL);
 
-- 
2.39.5