diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-04-08 16:23:57 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-04-08 16:23:57 +0100 |
| commit | 201f4fdeb20444ccf6dd5474d596cf6227badb37 (patch) | |
| tree | 38117b8950b34d4a3394848d5062f09ce2dd3059 /src/libserver | |
| parent | 508f85e07f5725778455e5f6c7cab6646c5ce781 (diff) | |
| download | rspamd-201f4fdeb20444ccf6dd5474d596cf6227badb37.tar.gz rspamd-201f4fdeb20444ccf6dd5474d596cf6227badb37.zip | |
[Minor] Log key id on DKIM failures
Diffstat (limited to 'src/libserver')
| -rw-r--r-- | src/libserver/dkim.c | 39 | ||||
| -rw-r--r-- | src/libserver/dkim.h | 7 |
2 files changed, 37 insertions, 9 deletions
diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c index 3c7b9530c..daa0c380f 100644 --- a/src/libserver/dkim.c +++ b/src/libserver/dkim.c @@ -146,20 +146,23 @@ struct rspamd_dkim_context_s { const gchar *dkim_header; }; +#define RSPAMD_DKIM_KEY_ID_LEN 8 + struct rspamd_dkim_key_s { guint8 *keydata; gsize keylen; gsize decoded_len; - guint ttl; + gchar key_id[RSPAMD_DKIM_KEY_ID_LEN]; union { RSA *key_rsa; EC_KEY *key_ecdsa; guchar *key_eddsa; } key; - enum rspamd_dkim_key_type type; BIO *key_bio; EVP_PKEY *key_evp; time_t mtime; + guint ttl; + enum rspamd_dkim_key_type type; ref_entry_t ref; }; @@ -1289,6 +1292,8 @@ rspamd_dkim_make_key (const gchar *keydata, key->keylen = keylen; key->type = type; + rspamd_strlcpy (key->key_id, keydata, MIN (keylen, sizeof (key->key_id))); + rspamd_cryptobox_base64_decode (keydata, keylen, key->keydata, &key->decoded_len); @@ -1362,6 +1367,16 @@ rspamd_dkim_make_key (const gchar *keydata, return key; } +const gchar * +rspamd_dkim_key_id (rspamd_dkim_key_t *key) +{ + if (key) { + return key->key_id; + } + + return NULL; +} + /** * Free DKIM key * @param key @@ -2617,11 +2632,13 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, msg_info_dkim ( "%s: headers RSA verification failure; " - "body length %d->%d; headers length %d; d=%s; s=%s; orig header: %s", + "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s", rspamd_dkim_type_to_string (ctx->common.type), (gint)(body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, - ctx->domain, ctx->selector, ctx->dkim_header); + ctx->domain, ctx->selector, + rspamd_dkim_key_id (key), + ctx->dkim_header); } break; case RSPAMD_DKIM_KEY_ECDSA: @@ -2629,11 +2646,13 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, key->key.key_ecdsa) != 1) { msg_info_dkim ( "%s: headers ECDSA verification failure; " - "body length %d->%d; headers length %d; d=%s; s=%s; orig header: %s", + "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s", rspamd_dkim_type_to_string (ctx->common.type), (gint)(body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, - ctx->domain, ctx->selector, ctx->dkim_header); + ctx->domain, ctx->selector, + rspamd_dkim_key_id (key), + ctx->dkim_header); msg_debug_dkim ("headers ecdsa verify failed"); res->rcode = DKIM_REJECT; res->fail_reason = "headers ecdsa verify failed"; @@ -2644,11 +2663,13 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, key->key.key_eddsa, RSPAMD_CRYPTOBOX_MODE_25519)) { msg_info_dkim ( "%s: headers EDDSA verification failure; " - "body length %d->%d; headers length %d; d=%s; s=%s; orig header: %s", + "body length %d->%d; headers length %d; d=%s; s=%s; key=%s; orig header: %s", rspamd_dkim_type_to_string (ctx->common.type), (gint)(body_end - body_start), ctx->common.body_canonicalised, ctx->common.headers_canonicalised, - ctx->domain, ctx->selector, ctx->dkim_header); + ctx->domain, ctx->selector, + rspamd_dkim_key_id (key), + ctx->dkim_header); msg_debug_dkim ("headers eddsa verify failed"); res->rcode = DKIM_REJECT; res->fail_reason = "headers eddsa verify failed"; @@ -2657,7 +2678,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, } - if (ctx->common.type == RSPAMD_DKIM_ARC_SEAL && res && res->rcode == DKIM_CONTINUE) { + if (ctx->common.type == RSPAMD_DKIM_ARC_SEAL && res->rcode == DKIM_CONTINUE) { switch (ctx->cv) { case RSPAMD_ARC_INVALID: msg_info_dkim ("arc seal is invalid i=%d", ctx->common.idx); diff --git a/src/libserver/dkim.h b/src/libserver/dkim.h index adc68403a..6245dc512 100644 --- a/src/libserver/dkim.h +++ b/src/libserver/dkim.h @@ -269,6 +269,13 @@ rspamd_dkim_key_t *rspamd_dkim_make_key (const gchar *keydata, guint keylen, GError **err); /** + * Returns key id for dkim key (first 7 bytes of base64 representation) + * @param key + * @return + */ +const gchar *rspamd_dkim_key_id (rspamd_dkim_key_t *key); + +/** * Parse DKIM public key from a TXT record * @param txt * @param keylen |