пре 5 година · 21804f336f
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -38,13 +38,13 @@ local function check_violation(N, task, domain)
 end

 local function insert_or_update_prop(N, task, p, prop, origin, data)
  if #p.keys == 0 then
  if #p == 0 then
    local k = {}
    k[prop] = data
    table.insert(p.keys, k)
    table.insert(p, k)
    lua_util.debugm(N, task, 'add %s "%s" using %s', prop, data, origin)
  else
    for _, k in ipairs(p.keys) do
    for _, k in ipairs(p) do
      if not k[prop] then
        k[prop] = data
        lua_util.debugm(N, task, 'set %s to "%s" using %s', prop, data, origin)
@@ -102,16 +102,13 @@ local function parse_dkim_http_headers(N, task, settings)
      end
    end

    local p = {
      domain = tostring(domain),
      keys = {}
    }
    local p = {}
    local k = {
      key = tostring(key),
      domain = tostring(domain),
      rawkey = tostring(key),
      selector = tostring(selector),
      type = 'raw'
    }
    table.insert(p.keys, k)
    table.insert(p, k)
    return true, p
  end

@@ -253,9 +250,7 @@ local function prepare_dkim_signing(N, task, settings)
    end
  end

  local p = {
    keys = {}
  }
  local p = {}

  if settings.domain[dkim_domain] then
    -- support old style selector/paths
@@ -264,21 +259,21 @@ local function prepare_dkim_signing(N, task, settings)
      local k = {}
      k.selector = settings.domain[dkim_domain].selector
      k.key = settings.domain[dkim_domain].path
      table.insert(p.keys, k)
      table.insert(p, k)
    end
    for _, s in ipairs((settings.domain[dkim_domain].selectors or {})) do
      lua_util.debugm(N, task, 'adding selector: %1', s)
      local k = {}
      k.selector = s.selector
      k.key = s.path
      table.insert(p.keys, k)
      table.insert(p, k)
    end
  end

  if #p.keys == 0 then
  if #p == 0 then
    local ret, k = get_mempool_selectors(N, task)
    if ret then
      table.insert(p.keys, k)
      table.insert(p, k)
      lua_util.debugm(N, task, 'using mempool selector %s with key %s',
                      k.selector, k.key)
    end
@@ -302,7 +297,7 @@ local function prepare_dkim_signing(N, task, settings)
    end
  end

  if #p.keys == 0 and not settings.try_fallback then
  if #p == 0 and not settings.try_fallback then
    lua_util.debugm(N, task, 'dkim unconfigured and fallback disabled')
    return false,{}
  end
@@ -321,7 +316,8 @@ local function prepare_dkim_signing(N, task, settings)
    end
  end

  p.domain = dkim_domain
  insert_or_update_prop(N, task, p, 'domain', 'dkim_domain',
    dkim_domain)

  return true,p
 end
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -508,21 +508,14 @@ end
 local function arc_signing_cb(task)
  local arc_seals = task:cache_get('arc-seals')

  local ret,p = dkim_sign_tools.prepare_dkim_signing(N, task, settings)
  local ret, selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings)

  if not ret then
    return
  end

  -- TODO: support multiple signatures here and not this hack
  if #p.keys > 0 then
    p.selector = p.keys[1].selector
    if p.keys[1].type == "raw" then
      p.rawkey = p.keys[1].key
    else
      p.key = p.keys[1].key
    end
  end
  -- TODO: support multiple signatures here
  local p = selectors[1]

  p.arc_cv = 'none'
  p.arc_idx = 1
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -51,13 +51,13 @@ local redis_params
 local sign_func = rspamd_plugins.dkim.sign

 local function dkim_signing_cb(task)
  local ret,p = dkim_sign_tools.prepare_dkim_signing(N, task, settings)
  local ret,selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings)

  if not ret then
    return
  end

  local function do_sign()
  local function do_sign(p)
    if settings.check_pubkey then
      local resolve_name = p.selector .. "._domainkey." .. p.domain
      task:get_resolver():resolve_txt({
@@ -92,7 +92,7 @@ local function dkim_signing_cb(task)
  end

  if settings.use_redis then
    local function try_redis_key(selector)
    local function try_redis_key(selector, p)
      p.key = nil
      p.selector = selector
      local rk = string.format('%s.%s', p.selector, p.domain)
@@ -106,7 +106,7 @@ local function dkim_signing_cb(task)
          p.rawkey = data
          lua_util.debugm(N, task, 'found and parsed key for %s:%s in Redis',
              p.domain, p.selector)
          do_sign()
          do_sign(p)
        end
      end
      local rret = rspamd_redis_make_request(task,
@@ -121,49 +121,43 @@ local function dkim_signing_cb(task)
        rspamd_logger.infox(task, "cannot make request to load DKIM key for %s", rk)
      end
    end
    if settings.selector_prefix then
      rspamd_logger.infox(task, "Using selector prefix '%s' for domain '%s'",
          settings.selector_prefix, p.domain);
      local function redis_selector_cb(err, data)
        if err or type(data) ~= 'string' then
          rspamd_logger.infox(task, "cannot make request to load DKIM selector for domain %s: %s", p.domain, err)
        else
          try_redis_key(data)
    for _, p in ipairs(selectors) do
      if settings.selector_prefix then
        rspamd_logger.infox(task, "Using selector prefix '%s' for domain '%s'",
            settings.selector_prefix, p.domain);
        local function redis_selector_cb(err, data)
          if err or type(data) ~= 'string' then
            rspamd_logger.infox(task, "cannot make request to load DKIM selector for domain %s: %s", p.domain, err)
          else
            try_redis_key(data, p)
          end
        end
        local rret = lua_redis.redis_make_request(task,
          redis_params, -- connect params
          p.domain, -- hash key
          false, -- is write
          redis_selector_cb, --callback
          'HGET', -- command
          {settings.selector_prefix, p.domain} -- arguments
        )
        if not rret then
          rspamd_logger.infox(task, "cannot make request to load DKIM selector for '%s'", p.domain)
        end
      else
        try_redis_key(p.selector, p)
      end
      local rret = lua_redis.redis_make_request(task,
        redis_params, -- connect params
        p.domain, -- hash key
        false, -- is write
        redis_selector_cb, --callback
        'HGET', -- command
        {settings.selector_prefix, p.domain} -- arguments
      )
      if not rret then
        rspamd_logger.infox(task, "cannot make request to load DKIM selector for '%s'", p.domain)
      end
    else
      if not p.selector then
        rspamd_logger.errx(task, 'No selector specified')
        return false
      end
      try_redis_key(p.selector)
    end
  else
    if #p.keys > 0 then
      for _, k in ipairs(p.keys) do
    if #selectors > 0 then
      for _, k in ipairs(selectors) do
        -- templates
        k.key = lua_util.template(k.key, {
          domain = p.domain,
          domain = k.domain,
          selector = k.selector
        })
        -- TODO: pass this to the function instead of setting some variable
        p.selector = k.selector
        p.key = k.key
        -- TODO: push handling of multiples keys into sign code
        lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"',
            p.key, p.selector, p.domain)
        do_sign()
            k.key, k.selector, k.domain)
        do_sign(k)
      end
    else
      rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')