Merge pull request #2739 from McKayJT/dkim-sign-ed25519

[Feature] Add ed25519 and multiple signature support
author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2019-02-04 14:31:53 +0000
committer: GitHub <noreply@github.com> 2019-02-04 14:31:53 +0000
commit: 9e11c03379029b306a886ce2ba8beadb37790ba2 (patch)
tree: 50547857fe15d09b424a5fe7c3c34fe9e0062eb9 /lualib
parent: f8972718df531c3608e9693d72d290573f9b5d20 (diff)
parent: 161184eb72bd570e7002d15a689f2dac56392d21 (diff)
download: rspamd-9e11c03379029b306a886ce2ba8beadb37790ba2.tar.gz
rspamd-9e11c03379029b306a886ce2ba8beadb37790ba2.zip
1 files changed, 85 insertions, 51 deletions
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 5469ac138..4302d24ad 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -22,21 +22,57 @@ local lua_util = require "lua_util"
 local rspamd_util = require "rspamd_util"
 local logger = require "rspamd_logger"
 
-local function check_violation(N, task, domain, selector)
+local function check_violation(N, task, domain)
   -- Check for DKIM_REJECT
   local sym_check = 'R_DKIM_REJECT'
 
   if N == 'arc' then sym_check = 'ARC_REJECT' end
   if task:has_symbol(sym_check) then
     local sym = task:get_symbol(sym_check)
-    logger.infox(task, 'skip signing for %s:%s: violation %s found: %s',
-        domain, selector, sym_check, sym.options)
+    logger.infox(task, 'skip signing for %s: violation %s found: %s',
+        domain, sym_check, sym.options)
     return false
   end
 
   return true
 end
 
+local function insert_or_update_prop(N, task, p, prop, origin, data)
+  if #p == 0 then
+    local k = {}
+    k[prop] = data
+    table.insert(p, k)
+    lua_util.debugm(N, task, 'add %s "%s" using %s', prop, data, origin)
+  else
+    for _, k in ipairs(p) do
+      if not k[prop] then
+        k[prop] = data
+        lua_util.debugm(N, task, 'set %s to "%s" using %s', prop, data, origin)
+      end
+    end
+  end
+end
+
+local function get_mempool_selectors(N, task)
+  local p = {}
+  local key_var = "dkim_key"
+  local selector_var = "dkim_selector"
+  if N == "arc" then
+    key_var = "arc_key"
+    selector_var = "arc_selector"
+  end
+
+  p.key = task:get_mempool():get_variable(key_var)
+  p.selector = task:get_mempool():get_variable(selector_var)
+
+  if (not p.key or not p.selector) then
+    return false, {}
+  end
+
+  lua_util.debugm(N, task, 'override selector and key to %s:%s', p.key, p.selector)
+  return true, p
+end
+
 local function parse_dkim_http_headers(N, task, settings)
   -- Configure headers
   local headers = {
@@ -66,11 +102,14 @@ local function parse_dkim_http_headers(N, task, settings)
       end
     end
 
-    return true,{
-      rawkey = tostring(key),
+    local p = {}
+    local k = {
       domain = tostring(domain),
-      selector = tostring(selector)
+      rawkey = tostring(key),
+      selector = tostring(selector),
     }
+    table.insert(p, k)
+    return true, p
   end
 
   lua_util.debugm(N, task, 'no sign header %s', headers.sign_header)
@@ -214,76 +253,71 @@ local function prepare_dkim_signing(N, task, settings)
   local p = {}
 
   if settings.domain[dkim_domain] then
-    p.selector = settings.domain[dkim_domain].selector
-    p.key = settings.domain[dkim_domain].path
-  end
-
-  if not p.key and p.selector then
-    local key_var = "dkim_key"
-    local selector_var = "dkim_selector"
-    if N == "arc" then
-      key_var = "arc_key"
-      selector_var = "arc_selector"
+    -- support old style selector/paths
+    if settings.domain[dkim_domain].selector or
+       settings.domain[dkim_domain].path then
+      local k = {}
+      k.selector = settings.domain[dkim_domain].selector
+      k.key = settings.domain[dkim_domain].path
+      table.insert(p, k)
     end
-
-    p.key = task:get_mempool():get_variable(key_var)
-    local selector_override = task:get_mempool():get_variable(selector_var)
-
-    if selector_override then
-      p.selector = selector_override
+    for _, s in ipairs((settings.domain[dkim_domain].selectors or {})) do
+      lua_util.debugm(N, task, 'adding selector: %1', s)
+      local k = {}
+      k.selector = s.selector
+      k.key = s.path
+      table.insert(p, k)
     end
+  end
 
-    if (not p.key or not p.selector) and (not (settings.try_fallback or
-        settings.use_redis or settings.selector_map
-        or settings.path_map)) then
-      lua_util.debugm(N, task, 'dkim unconfigured and fallback disabled')
-      return false,{}
+  if #p == 0 then
+    local ret, k = get_mempool_selectors(N, task)
+    if ret then
+      table.insert(p, k)
+      lua_util.debugm(N, task, 'using mempool selector %s with key %s',
+                      k.selector, k.key)
     end
-
-    lua_util.debugm(N, task, 'override selector and key to %s:%s', p.key, p.selector)
   end
 
-  if not p.selector and settings.selector_map then
+  if settings.selector_map then
     local data = settings.selector_map:get_key(dkim_domain)
     if data then
-      p.selector = data
-      lua_util.debugm(N, task, 'override selector to "%s" using selector_map', p.selector)
-    elseif not settings.try_fallback then
-      lua_util.debugm(N, task, 'no selector for %s', dkim_domain)
-      return false,{}
+      insert_or_update_prop(N, task, p, 'selector', 'selector_map', data)
+    else
+      lua_util.debugm(N, task, 'no selector in map for %s', dkim_domain)
     end
   end
 
-  if not p.key and settings.path_map then
+  if settings.path_map then
     local data = settings.path_map:get_key(dkim_domain)
     if data then
-      p.key = data
-      lua_util.debugm(N, task, 'override key to "%s" using path_map', p.key)
-    elseif not settings.try_fallback then
-      lua_util.debugm(N, task, 'no key for %s', dkim_domain)
-      return false,{}
+      insert_or_update_prop(N, task, p, 'key', 'path_map', data)
+    else
+      lua_util.debugm(N, task, 'no key in map for %s', dkim_domain)
     end
   end
 
-  if not p.key then
-    if not settings.use_redis then
-      p.key = settings.path
-      lua_util.debugm(N, task, 'use default key "%s" from path', p.key)
-    end
+  if #p == 0 and not settings.try_fallback then
+    lua_util.debugm(N, task, 'dkim unconfigured and fallback disabled')
+    return false,{}
   end
 
-  if not p.selector then
-    p.selector = settings.selector
-    lua_util.debugm(N, task, 'use default selector "%s"', p.selector)
+  if not settings.use_redis then
+    insert_or_update_prop(N, task, p, 'key',
+        'default path', settings.path)
   end
 
+  insert_or_update_prop(N, task, p, 'selector',
+        'default selector', settings.selector)
+
   if settings.check_violation then
-    if not check_violation(N, task, p.domain, p.selector) then
+    if not check_violation(N, task, p.domain) then
       return false,{}
     end
   end
 
-  p.domain = dkim_domain
+  insert_or_update_prop(N, task, p, 'domain', 'dkim_domain',
+    dkim_domain)
 
   return true,p
 end
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2019-02-04 14:31:53 +0000
committer	GitHub <noreply@github.com>	2019-02-04 14:31:53 +0000
commit	9e11c03379029b306a886ce2ba8beadb37790ba2 (patch)
tree	50547857fe15d09b424a5fe7c3c34fe9e0062eb9 /lualib
parent	f8972718df531c3608e9693d72d290573f9b5d20 (diff)
parent	161184eb72bd570e7002d15a689f2dac56392d21 (diff)
download	rspamd-9e11c03379029b306a886ce2ba8beadb37790ba2.tar.gz rspamd-9e11c03379029b306a886ce2ba8beadb37790ba2.zip