commit d4b0d46: keys from config and http arrayized
John McKay
adenosine3p at gmail.com
Mon Feb 4 14:35:14 UTC 2019
Author: John McKay
Date: 2019-01-26 11:27:15 +0000
URL: https://github.com/rspamd/rspamd/commit/d4b0d4617b022a2f6e037c027e35d04c9d8544d7
keys from config and http arrayized
---
conf/modules.d/dkim_signing.conf | 15 +++--
lualib/lua_dkim_tools.lua | 136 +++++++++++++++++++++++----------------
src/plugins/lua/arc.lua | 10 +++
src/plugins/lua/dkim_signing.lua | 36 +++--------
4 files changed, 112 insertions(+), 85 deletions(-)
diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf
index d032c944b..07e5c7c92 100644
--- a/conf/modules.d/dkim_signing.conf
+++ b/conf/modules.d/dkim_signing.conf
@@ -58,10 +58,17 @@ dkim_signing {
# Domain specific settings
#domain {
# example.com {
- # # Private key path
- # path = "/var/lib/rspamd/dkim/example.key";
- # # Selector
- # selector = "ds";
+ # selectors [
+ # { # Private key path
+ # path = "/var/lib/rspamd/dkim/example.key";
+ # # Selector
+ # selector = "ds";
+ # },
+ # { # multiple dkim signature
+ # path = "/var/lib/rspamd/dkim/eddsa.key";
+ # selector = "eddsa";
+ # }
+ # ]
# }
#}
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 5e38b2b85..14929295d 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -22,21 +22,57 @@ local lua_util = require "lua_util"
local rspamd_util = require "rspamd_util"
local logger = require "rspamd_logger"
-local function check_violation(N, task, domain, selector)
+local function check_violation(N, task, domain)
-- Check for DKIM_REJECT
local sym_check = 'R_DKIM_REJECT'
if N == 'arc' then sym_check = 'ARC_REJECT' end
if task:has_symbol(sym_check) then
local sym = task:get_symbol(sym_check)
- logger.infox(task, 'skip signing for %s:%s: violation %s found: %s',
- domain, selector, sym_check, sym.options)
+ logger.infox(task, 'skip signing for %s: violation %s found: %s',
+ domain, sym_check, sym.options)
return false
end
return true
end
+local function insert_or_update_prop(N, task, p, prop, origin, data)
+ if #p.keys == 0 then
+ local k = {}
+ k[prop] = data
+ table.insert(p.keys, k)
+ lua_util.debugm(N, task, 'add %s "%s" using %s', prop, data, origin)
+ else
+ for _, k in ipairs(p.keys) do
+ if not k[prop] then
+ k[prop] = data
+ lua_util.debugm(N, task, 'set %s to "%s" using %s', prop, data, origin)
+ end
+ end
+ end
+end
+
+local function get_mempool_selectors(N, task)
+ local p = {}
+ local key_var = "dkim_key"
+ local selector_var = "dkim_selector"
+ if N == "arc" then
+ key_var = "arc_key"
+ selector_var = "arc_selector"
+ end
+
+ p.key = task:get_mempool():get_variable(key_var)
+ p.selector = task:get_mempool():get_variable(selector_var)
+
+ if (not p.key or not p.selector) then
+ return false, {}
+ end
+
+ lua_util.debugm(N, task, 'override selector and key to %s:%s', p.key, p.selector)
+ return true, p
+end
+
local function parse_dkim_http_headers(N, task, settings)
-- Configure headers
local headers = {
@@ -66,11 +102,17 @@ local function parse_dkim_http_headers(N, task, settings)
end
end
- return true,{
- rawkey = tostring(key),
+ local p = {
domain = tostring(domain),
- selector = tostring(selector)
+ keys = {}
+ }
+ local k = {
+ key = tostring(key),
+ selector = tostring(selector),
+ type = 'raw'
}
+ table.insert(p.keys, k)
+ return true, p
end
lua_util.debugm(N, task, 'no sign header %s', headers.sign_header)
@@ -216,81 +258,65 @@ local function prepare_dkim_signing(N, task, settings)
}
if settings.domain[dkim_domain] then
- p.selector = settings.domain[dkim_domain].selector
- p.key = settings.domain[dkim_domain].path
- for _, s in ipairs(settings.domain[dkim_domain].selectors) do
+ -- support old style selector/paths
+ if settings.domain[dkim_domain].selector or
+ settings.domain[dkim_domain].path then
+ local k = {}
+ k.selector = settings.domain[dkim_domain].selector
+ k.key = settings.domain[dkim_domain].path
+ table.insert(p.keys, k)
+ end
+ for _, s in ipairs((settings.domain[dkim_domain].selectors or {})) do
lua_util.debugm(N, task, 'adding selector: %1', s)
local k = {}
k.selector = s.selector
k.key = s.path
- --bit of a hack to make other code play nice
- p.selector = s.selector
- p.key = s.path
table.insert(p.keys, k)
end
end
- if not p.key and p.selector then
- local key_var = "dkim_key"
- local selector_var = "dkim_selector"
- if N == "arc" then
- key_var = "arc_key"
- selector_var = "arc_selector"
- end
-
- p.key = task:get_mempool():get_variable(key_var)
- local selector_override = task:get_mempool():get_variable(selector_var)
-
- if selector_override then
- p.selector = selector_override
- end
-
- if (not p.key or not p.selector) and (not (settings.try_fallback or
- settings.use_redis or settings.selector_map
- or settings.path_map)) then
- lua_util.debugm(N, task, 'dkim unconfigured and fallback disabled')
- return false,{}
+ if #p.keys == 0 then
+ local ret, k = get_mempool_selectors(N, task)
+ if ret then
+ table.insert(p.keys, k)
+ lua_util.debugm(N, task, 'using mempool selector %s with key %s',
+ k.selector, k.key)
end
-
- lua_util.debugm(N, task, 'override selector and key to %s:%s', p.key, p.selector)
end
- if not p.selector and settings.selector_map then
+ if settings.selector_map then
local data = settings.selector_map:get_key(dkim_domain)
if data then
- p.selector = data
- lua_util.debugm(N, task, 'override selector to "%s" using selector_map', p.selector)
- elseif not settings.try_fallback then
- lua_util.debugm(N, task, 'no selector for %s', dkim_domain)
- return false,{}
+ insert_or_update_prop(N, task, p, 'selector', 'selector_map', data)
+ else
+ lua_util.debugm(N, task, 'no selector in map for %s', dkim_domain)
end
end
- if not p.key and settings.path_map then
+ if settings.path_map then
local data = settings.path_map:get_key(dkim_domain)
if data then
- p.key = data
- lua_util.debugm(N, task, 'override key to "%s" using path_map', p.key)
- elseif not settings.try_fallback then
- lua_util.debugm(N, task, 'no key for %s', dkim_domain)
- return false,{}
+ insert_or_update_prop(N, task, p, 'key', 'path_map', data)
+ else
+ lua_util.debugm(N, task, 'no key in map for %s', dkim_domain)
end
end
- if not p.key then
- if not settings.use_redis then
- p.key = settings.path
- lua_util.debugm(N, task, 'use default key "%s" from path', p.key)
- end
+ if #p.keys == 0 and not settings.try_fallback then
+ lua_util.debugm(N, task, 'dkim unconfigured and fallback disabled')
+ return false,{}
end
- if not p.selector then
- p.selector = settings.selector
- lua_util.debugm(N, task, 'use default selector "%s"', p.selector)
+ if not settings.use_redis then
+ insert_or_update_prop(N, task, p, 'key',
+ 'default path', settings.path)
end
+ insert_or_update_prop(N, task, p, 'selector',
+ 'default selector', settings.selector)
+
if settings.check_violation then
- if not check_violation(N, task, p.domain, p.selector) then
+ if not check_violation(N, task, p.domain) then
return false,{}
end
end
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index cec738df7..d22114b59 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -514,6 +514,16 @@ local function arc_signing_cb(task)
return
end
+ -- TODO: support multiple signatures here and not this hack
+ if #p.keys > 0 then
+ p.selector = p.keys[1].selector
+ if p.keys[1].type == "raw" then
+ p.rawkey = p.keys[1].key
+ else
+ p.key = p.keys[1].key
+ end
+ end
+
p.arc_cv = 'none'
p.arc_idx = 1
p.no_cache = true
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index b510a437e..a65356448 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -151,35 +151,19 @@ local function dkim_signing_cb(task)
try_redis_key(p.selector)
end
else
- if ((p.key or p.rawkey) and p.selector) then
- if p.key then
+ if #p.keys > 0 then
+ for _, k in ipairs(p.keys) do
-- templates
- p.key = lua_util.template(p.key, {
+ k.key = lua_util.template(k.key, {
domain = p.domain,
- selector = p.selector
+ selector = k.selector
})
- local exists,err = rspamd_util.file_exists(p.key)
- if not exists then
- if err and err == 'No such file or directory' then
- lua_util.debugm(N, task, 'cannot read key from "%s": %s', p.key, err)
- else
- rspamd_logger.warnx(task, 'cannot read key from "%s": %s', p.key, err)
- end
- return false
- end
-
- lua_util.debugm(N, task, 'key found at "%s", use selector "%s" for domain "%s"',
+ -- TODO: pass this to the function instead of setting some variable
+ p.selector = k.selector
+ p.key = k.key
+ -- TODO: push handling of multiples keys into sign code
+ lua_util.debugm(N, task, 'using key "%s", use selector "%s" for domain "%s"',
p.key, p.selector, p.domain)
- end
- -- TODO: push handling of multiples keys into sign code
- if #p.keys > 0 then
- lua_util.debugm(N, task, 'signing for multiple selectors, %1', #p.keys);
- for _, k in ipairs(p.keys) do
- p.selector = k.selector
- p.key = k.key
- do_sign()
- end
- else
do_sign()
end
else
@@ -232,4 +216,4 @@ rspamd_config:register_symbol({
})
-- Add dependency on DKIM checks
-rspamd_config:register_dependency(settings['symbol'], 'DKIM_CHECK')
\ No newline at end of file
+rspamd_config:register_dependency(settings['symbol'], 'DKIM_CHECK')
More information about the Commits
mailing list