diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-21 16:19:41 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-21 16:19:41 +0100 |
| commit | 2972451188c08b3a741d8381a63087421d6e9a1b (patch) | |
| tree | 5f56a72ec9cb718c3e3d47b1cc02d9daffbfca53 | |
| parent | 9b054676f05cbad1ab1b50e17cb49523c31280fb (diff) | |
| download | rspamd-2972451188c08b3a741d8381a63087421d6e9a1b.tar.gz rspamd-2972451188c08b3a741d8381a63087421d6e9a1b.zip | |
[Minor] Dkim_signing: Unify redis signing routines
| -rw-r--r-- | lualib/lua_dkim_tools.lua | 64 | ||||
| -rw-r--r-- | src/plugins/lua/dkim_signing.lua | 132 |
2 files changed, 106 insertions, 90 deletions
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua index b996e96a4..5733cf81a 100644 --- a/lualib/lua_dkim_tools.lua +++ b/lualib/lua_dkim_tools.lua @@ -457,4 +457,68 @@ end exports.prepare_dkim_signing = prepare_dkim_signing +exports.sign_using_redis = function(N, task, settings, selectors, sign_func, err_func) + local lua_redis = require "lua_redis" + + local function try_redis_key(selector, p) + p.key = nil + p.selector = selector + local rk = string.format('%s.%s', p.selector, p.domain) + local function redis_key_cb(err, data) + if err then + err_func(string.format("cannot make request to load DKIM key for %s: %s", + rk, err)) + elseif type(data) ~= 'string' then + lua_util.debugm(N, task, "missing DKIM key for %s", rk) + else + p.rawkey = data + lua_util.debugm(N, task, 'found and parsed key for %s:%s in Redis', + p.domain, p.selector) + sign_func(task, p) + end + end + local rret = lua_redis.redis_make_request(task, + settings.redis_params, -- connect params + rk, -- hash key + false, -- is write + redis_key_cb, --callback + 'HGET', -- command + {settings.key_prefix, rk} -- arguments + ) + if not rret then + err_func(task, + string.format( "cannot make request to load DKIM key for %s", rk)) + end + end + + for _, p in ipairs(selectors) do + if settings.selector_prefix then + logger.infox(task, "using selector prefix '%s' for domain '%s'", + settings.selector_prefix, p.domain); + local function redis_selector_cb(err, data) + if err or type(data) ~= 'string' then + err_func(task, string.format("cannot make request to load DKIM selector for domain %s: %s", + p.domain, err)) + else + try_redis_key(data, p) + end + end + local rret = lua_redis.redis_make_request(task, + settings.redis_params, -- connect params + p.domain, -- hash key + false, -- is write + redis_selector_cb, --callback + 'HGET', -- command + {settings.selector_prefix, p.domain} -- arguments + ) + if not rret then + err_func(task, string.format("cannot make Redis request to load DKIM selector for domain %s: %s", + p.domain)) + end + else + try_redis_key(p.selector, p) + end + end +end + return exports diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index 68b19673b..d8e1f7519 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -51,6 +51,44 @@ local N = 'dkim_signing' local redis_params local sign_func = rspamd_plugins.dkim.sign +local function do_sign(task, p) + if settings.check_pubkey then + local resolve_name = p.selector .. "._domainkey." .. p.domain + task:get_resolver():resolve_txt({ + task = task, + name = resolve_name, + callback = function(_, _, results, err) + if not err and results and results[1] then + p.pubkey = results[1] + p.strict_pubkey_check = not settings.allow_pubkey_mismatch + elseif not settings.allow_pubkey_mismatch then + rspamd_logger.errx('public key for domain %s/%s is not found: %s, skip signing', + p.domain, p.selector, err) + return + else + rspamd_logger.infox('public key for domain %s/%s is not found: %s', + p.domain, p.selector, err) + end + + local sret, _ = sign_func(task, p) + if sret then + task:insert_result(settings.symbol, 1.0) + end + end, + forced = true + }) + else + local sret, _ = sign_func(task, p) + if sret then + task:insert_result(settings.symbol, 1.0) + end + end +end + +local function sign_error(task, msg) + rspamd_logger.errx(task, 'signing failure: %s', msg) +end + local function dkim_signing_cb(task) local ret,selectors = dkim_sign_tools.prepare_dkim_signing(N, task, settings) @@ -58,96 +96,8 @@ local function dkim_signing_cb(task) return end - local function do_sign(p) - if settings.check_pubkey then - local resolve_name = p.selector .. "._domainkey." .. p.domain - task:get_resolver():resolve_txt({ - task = task, - name = resolve_name, - callback = function(_, _, results, err) - if not err and results and results[1] then - p.pubkey = results[1] - p.strict_pubkey_check = not settings.allow_pubkey_mismatch - elseif not settings.allow_pubkey_mismatch then - rspamd_logger.errx('public key for domain %s/%s is not found: %s, skip signing', - p.domain, p.selector, err) - return - else - rspamd_logger.infox('public key for domain %s/%s is not found: %s', - p.domain, p.selector, err) - end - - local sret, _ = sign_func(task, p) - if sret then - task:insert_result(settings.symbol, 1.0) - end - end, - forced = true - }) - else - local sret, _ = sign_func(task, p) - if sret then - task:insert_result(settings.symbol, 1.0) - end - end - end - if settings.use_redis then - local function try_redis_key(selector, p) - p.key = nil - p.selector = selector - local rk = string.format('%s.%s', p.selector, p.domain) - local function redis_key_cb(err, data) - if err then - rspamd_logger.infox(task, "cannot make request to load DKIM key for %s: %s", - rk, err) - elseif type(data) ~= 'string' then - lua_util.debugm(N, task, "missing DKIM key for %s", rk) - else - p.rawkey = data - lua_util.debugm(N, task, 'found and parsed key for %s:%s in Redis', - p.domain, p.selector) - do_sign(p) - end - end - local rret = rspamd_redis_make_request(task, - redis_params, -- connect params - rk, -- hash key - false, -- is write - redis_key_cb, --callback - 'HGET', -- command - {settings.key_prefix, rk} -- arguments - ) - if not rret then - rspamd_logger.infox(task, "cannot make request to load DKIM key for %s", rk) - end - end - for _, p in ipairs(selectors) do - if settings.selector_prefix then - rspamd_logger.infox(task, "Using selector prefix '%s' for domain '%s'", - settings.selector_prefix, p.domain); - local function redis_selector_cb(err, data) - if err or type(data) ~= 'string' then - rspamd_logger.infox(task, "cannot make request to load DKIM selector for domain %s: %s", p.domain, err) - else - try_redis_key(data, p) - end - end - local rret = lua_redis.redis_make_request(task, - redis_params, -- connect params - p.domain, -- hash key - false, -- is write - redis_selector_cb, --callback - 'HGET', -- command - {settings.selector_prefix, p.domain} -- arguments - ) - if not rret then - rspamd_logger.infox(task, "cannot make request to load DKIM selector for '%s'", p.domain) - end - else - try_redis_key(p.selector, p) - end - end + dkim_sign_tools.sign_using_redis(N, task, settings, selectors, do_sign, sign_error) else if #selectors > 0 then for _, k in ipairs(selectors) do @@ -161,7 +111,7 @@ local function dkim_signing_cb(task) k.key, k.selector, k.domain) end - do_sign(k) + do_sign(task, k) end else rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing') @@ -208,6 +158,8 @@ if settings.use_redis then lua_util.disable_module(N, "redis") return end + + settings.redis_params = redis_params end |