commit bbabe7c: Add multiple signature support.
John McKay
adenosine3p at gmail.com
Mon Feb 4 14:35:11 UTC 2019
Author: John McKay
Date: 2019-01-26 06:34:41 +0000
URL: https://github.com/rspamd/rspamd/commit/bbabe7c61ca8403cf332fbfa6a0f23997f8cb92d
Add multiple signature support.
Configuration is not clean and milter doesn't support it yet
---
lualib/lua_dkim_tools.lua | 14 +++++++++++++-
src/client/rspamc.c | 23 ++++++++++++++++++-----
src/libserver/protocol.c | 6 ++++--
src/plugins/dkim_check.c | 24 +++++++++++++++++++-----
src/plugins/lua/dkim_signing.lua | 13 +++++++++++--
5 files changed, 65 insertions(+), 15 deletions(-)
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 5469ac138..5e38b2b85 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,11 +211,23 @@ local function prepare_dkim_signing(N, task, settings)
end
end
- local p = {}
+ local p = {
+ keys = {}
+ }
if settings.domain[dkim_domain] then
p.selector = settings.domain[dkim_domain].selector
p.key = settings.domain[dkim_domain].path
+ for _, s in ipairs(settings.domain[dkim_domain].selectors) do
+ lua_util.debugm(N, task, 'adding selector: %1', s)
+ local k = {}
+ k.selector = s.selector
+ k.key = s.path
+ --bit of a hack to make other code play nice
+ p.selector = s.selector
+ p.key = s.path
+ table.insert(p.keys, k)
+ end
end
if not p.key and p.selector then
diff --git a/src/client/rspamc.c b/src/client/rspamc.c
index c52f615dc..3433ef7d6 100644
--- a/src/client/rspamc.c
+++ b/src/client/rspamc.c
@@ -887,7 +887,15 @@ rspamc_symbols_output (FILE *out, ucl_object_t *obj)
}
}
- PRINT_PROTOCOL_STRING ("dkim-signature", "DKIM-Signature");
+ elt = ucl_object_lookup (obj, "dkim-signature");
+ if (elt && elt->type == UCL_STRING) {
+ rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (elt));
+ } else if (elt && elt->type == UCL_ARRAY) {
+ mit = NULL;
+ while ((cmesg = ucl_object_iterate (elt, &mit, true)) != NULL) {
+ rspamd_fprintf (out, "DKIM-Signature: %s\n", ucl_object_tostring (cmesg));
+ }
+ }
elt = ucl_object_lookup (obj, "profile");
@@ -1372,11 +1380,16 @@ rspamc_mime_output (FILE *out, ucl_object_t *result, GString *input,
g_string_free (folded_symbuf, TRUE);
g_string_free (symbuf, TRUE);
- if (ucl_object_lookup (result, "dkim-signature")) {
+ res = ucl_object_lookup (result, "dkim-signature");
+ if (res && res->type == UCL_STRING) {
rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
- ucl_object_tostring (
- ucl_object_lookup (result, "dkim-signature")),
- line_end);
+ ucl_object_tostring (res), line_end);
+ } else if (res && res->type == UCL_ARRAY) {
+ it = NULL;
+ while ((cur = ucl_object_iterate (res, &it, true)) != NULL) {
+ rspamd_printf_gstring (added_headers, "DKIM-Signature: %s%s",
+ ucl_object_tostring (cur), line_end);
+ }
}
if (json || raw || compact) {
diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index 574c5fa9f..ba468ee5f 100644
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -1132,6 +1132,7 @@ rspamd_protocol_write_ucl (struct rspamd_task *task,
{
ucl_object_t *top = NULL;
GString *dkim_sig;
+ GList *dkim_sigs;
const ucl_object_t *milter_reply;
rspamd_task_set_finish_time (task);
@@ -1200,11 +1201,12 @@ rspamd_protocol_write_ucl (struct rspamd_task *task,
}
if (flags & RSPAMD_PROTOCOL_DKIM) {
- dkim_sig = rspamd_mempool_get_variable (task->task_pool,
+ dkim_sigs = rspamd_mempool_get_variable (task->task_pool,
RSPAMD_MEMPOOL_DKIM_SIGNATURE);
- if (dkim_sig) {
+ for (; dkim_sigs != NULL; dkim_sigs = dkim_sigs->next) {
GString *folded_header;
+ dkim_sig = (GString *) dkim_sigs->data;
if (task->flags & RSPAMD_TASK_FLAG_MILTER) {
folded_header = rspamd_header_value_fold ("DKIM-Signature",
diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 06c039ea4..278a8e1e1 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -141,6 +141,12 @@ dkim_module_key_dtor (gpointer k)
rspamd_dkim_key_unref (key);
}
+static void
+dkim_module_free_list (gpointer k)
+{
+ g_list_free_full ((GList *)k, rspamd_gstring_free_hard);
+}
+
gint
dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
{
@@ -792,6 +798,7 @@ lua_dkim_sign_handler (lua_State *L)
enum rspamd_dkim_type sign_type = RSPAMD_DKIM_NORMAL;
GError *err = NULL;
GString *hdr;
+ GList *sigs = NULL;
const gchar *selector = NULL, *domain = NULL, *key = NULL, *rawkey = NULL,
*headers = NULL, *sign_type_str = NULL, *arc_cv = NULL,
*pubkey = NULL;
@@ -962,8 +969,14 @@ lua_dkim_sign_handler (lua_State *L)
if (hdr) {
if (!no_cache) {
- rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
- hdr, rspamd_gstring_free_hard);
+ sigs = rspamd_mempool_get_variable (task->task_pool, "dkim-signature");
+ if (sigs == NULL) {
+ sigs = g_list_append (sigs, hdr);
+ rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+ sigs, dkim_module_free_list);
+ } else {
+ (void) g_list_append (sigs, hdr);
+ }
}
lua_pushboolean (L, TRUE);
@@ -1362,6 +1375,7 @@ dkim_sign_callback (struct rspamd_task *task,
gint64 arc_idx = 0;
gsize len;
GString *tb, *hdr;
+ GList *sigs = NULL;
GError *err = NULL;
const gchar *selector = NULL, *domain = NULL, *key = NULL, *key_type = NULL,
*sign_type_str = NULL, *arc_cv = NULL;
@@ -1506,9 +1520,9 @@ dkim_sign_callback (struct rspamd_task *task,
ctx);
if (hdr) {
- rspamd_mempool_set_variable (task->task_pool,
- "dkim-signature",
- hdr, rspamd_gstring_free_hard);
+ sigs = g_list_append (sigs, hdr);
+ rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
+ sigs, dkim_module_free_list);
}
sign = TRUE;
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 77acc2f61..b510a437e 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -171,8 +171,17 @@ local function dkim_signing_cb(task)
lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
p.key, p.selector, p.domain)
end
-
- do_sign()
+ -- TODO: push handling of multiples keys into sign code
+ if #p.keys > 0 then
+ lua_util.debugm(N, task, 'signing for multiple selectors, %1', #p.keys);
+ for _, k in ipairs(p.keys) do
+ p.selector = k.selector
+ p.key = k.key
+ do_sign()
+ end
+ else
+ do_sign()
+ end
else
rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')
return false
More information about the Commits
mailing list