commit 5b1a384: [Rework] Dkim: Remove signing code

Vsevolod Stakhov vsevolod at highsecure.ru
Fri May 31 15:42:05 UTC 2019


Author: Vsevolod Stakhov
Date: 2019-05-31 16:20:42 +0100
URL: https://github.com/rspamd/rspamd/commit/5b1a3846ec7721bc9184c83d83bd75b2c8f0a006

[Rework] Dkim: Remove signing code

---
 src/plugins/dkim_check.c | 234 +----------------------------------------------
 1 file changed, 1 insertion(+), 233 deletions(-)

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 7a242934f..e1cdc5e98 100644
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -82,7 +82,6 @@ struct dkim_ctx {
 	rspamd_lru_hash_t *dkim_sign_hash;
 	const gchar *sign_headers;
 	const gchar *arc_sign_headers;
-	gint sign_condition_ref;
 	guint max_sigs;
 	gboolean trusted_only;
 	gboolean check_local;
@@ -156,7 +155,6 @@ dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 			sizeof (*dkim_module_ctx));
 	dkim_module_ctx->sign_headers = default_sign_headers;
 	dkim_module_ctx->arc_sign_headers = default_arc_sign_headers;
-	dkim_module_ctx->sign_condition_ref = -1;
 	dkim_module_ctx->max_sigs = DEFAULT_MAX_SIGS;
 
 	*ctx = (struct module_ctx *)dkim_module_ctx;
@@ -280,7 +278,7 @@ dkim_module_init (struct rspamd_config *cfg, struct module_ctx **ctx)
 			0);
 	rspamd_rcl_add_doc_by_path (cfg,
 			"dkim",
-			"Lua script that tells if a message should be signed and with what params",
+			"Lua script that tells if a message should be signed and with what params (obsoleted)",
 			"sign_condition",
 			UCL_STRING,
 			NULL,
@@ -586,58 +584,6 @@ dkim_module_config (struct rspamd_config *cfg)
 #endif
 	}
 
-	if ((value = rspamd_config_get_module_opt (cfg, "dkim", "sign_condition"))
-			!= NULL) {
-		const gchar *lua_script;
-
-		lua_script = ucl_object_tostring (value);
-
-		if (lua_script) {
-			if (luaL_dostring (cfg->lua_state, lua_script) != 0) {
-				msg_err_config ("cannot execute lua script for dkim "
-						"sign condition: %s", lua_tostring (cfg->lua_state, -1));
-			}
-			else {
-				if (lua_type (cfg->lua_state, -1) == LUA_TFUNCTION) {
-					dkim_module_ctx->sign_condition_ref = luaL_ref (cfg->lua_state,
-							LUA_REGISTRYINDEX);
-					rspamd_lua_add_ref_dtor (cfg->lua_state,
-							cfg->cfg_pool,
-							dkim_module_ctx->sign_condition_ref);
-
-					rspamd_symcache_add_symbol (cfg->cache,
-							"DKIM_SIGN",
-							0,
-							dkim_sign_callback,
-							NULL,
-							SYMBOL_TYPE_CALLBACK | SYMBOL_TYPE_FINE,
-							-1);
-					msg_info_config ("init condition script for DKIM signing");
-
-					/*
-					 * Allow dkim signing to be executed only after dkim check
-					 */
-					if (cb_id > 0) {
-						rspamd_symcache_add_delayed_dependency (cfg->cache,
-								"DKIM_SIGN", dkim_module_ctx->symbol_reject);
-					}
-
-					rspamd_config_add_symbol (cfg,
-							"DKIM_SIGN", 0.0, "DKIM signature fake symbol",
-							"dkim", RSPAMD_SYMBOL_FLAG_IGNORE, 1, 1);
-
-					rspamd_config_add_symbol_group (cfg, "DKIM_SIGN", "dkim");
-				}
-				else {
-					msg_err_config ("lua script must return "
-							"function(task) and not %s",
-							lua_typename (cfg->lua_state,
-									lua_type (cfg->lua_state, -1)));
-				}
-			}
-		}
-	}
-
 	return res;
 }
 
@@ -1306,184 +1252,6 @@ dkim_symbol_callback (struct rspamd_task *task,
 	rspamd_symcache_item_async_dec_check (task, item, M);
 }
 
-static void
-dkim_sign_callback (struct rspamd_task *task,
-					struct rspamd_symcache_item *item,
-					void *unused)
-{
-	lua_State *L;
-	struct rspamd_task **ptask;
-	gboolean sign = FALSE;
-	gint err_idx;
-	gint64 arc_idx = 0;
-	gsize len;
-	GString *hdr;
-	GList *sigs = NULL;
-	GError *err = NULL;
-	const gchar *selector = NULL, *domain = NULL, *key = NULL, *key_type = NULL,
-			*sign_type_str = NULL, *arc_cv = NULL;
-	rspamd_dkim_sign_context_t *ctx;
-	rspamd_dkim_key_t *dkim_key;
-	enum rspamd_dkim_key_format key_format = RSPAMD_DKIM_KEY_FILE;
-	enum rspamd_dkim_type sign_type = RSPAMD_DKIM_NORMAL;
-	struct dkim_ctx *dkim_module_ctx = dkim_get_context (task->cfg);
-
-	if (dkim_module_ctx->sign_condition_ref == -1) {
-		rspamd_symcache_finalize_item (task, item);
-		return;
-	}
-
-	sign = FALSE;
-	L = task->cfg->lua_state;
-	lua_pushcfunction (L, &rspamd_lua_traceback);
-	err_idx = lua_gettop (L);
-
-	lua_rawgeti (L, LUA_REGISTRYINDEX, dkim_module_ctx->sign_condition_ref);
-	ptask = lua_newuserdata (L, sizeof (struct rspamd_task *));
-	*ptask = task;
-	rspamd_lua_setclass (L, "rspamd{task}", -1);
-
-	if (lua_pcall (L, 1, 1, err_idx) != 0) {
-		msg_err_task ("call to user extraction script failed: %s",
-				lua_tostring (L, -1));
-	}
-	else {
-		if (lua_istable (L, -1)) {
-			/*
-			 * Get the following elements:
-			 * - selector
-			 * - domain
-			 * - key
-			 */
-			if (!rspamd_lua_parse_table_arguments (L, -1, &err,
-					"*key=V;*domain=S;*selector=S;type=S;key_type=S;"
-							"sign_type=S;arc_cv=S;arc_idx=I",
-					&len, &key, &domain, &selector,
-					&key_type, &key_type, &sign_type_str, &arc_cv,
-					&arc_idx)) {
-				msg_err_task ("invalid return value from sign condition: %e",
-						err);
-				g_error_free (err);
-				rspamd_symcache_finalize_item (task, item);
-
-				return;
-			}
-
-			if (key_type) {
-				if (strcmp (key_type, "file") == 0) {
-					key_format = RSPAMD_DKIM_KEY_FILE;
-				}
-				else if (strcmp (key_type, "base64") == 0) {
-					key_format = RSPAMD_DKIM_KEY_BASE64;
-				}
-				else if (strcmp (key_type, "pem") == 0) {
-					key_format = RSPAMD_DKIM_KEY_PEM;
-				}
-				else if (strcmp (key_type, "der") == 0 ||
-						strcmp (key_type, "raw") == 0) {
-					key_format = RSPAMD_DKIM_KEY_RAW;
-				}
-				else {
-					lua_settop (L, 0);
-					luaL_error (L, "unknown key type: %s",
-							key_type);
-					rspamd_symcache_finalize_item (task, item);
-
-					return;
-				}
-			}
-
-			if (sign_type_str) {
-				if (strcmp (sign_type_str, "dkim") == 0) {
-					sign_type = RSPAMD_DKIM_NORMAL;
-				}
-				else if (strcmp (sign_type_str, "arc-sign") == 0) {
-					sign_type = RSPAMD_DKIM_ARC_SIG;
-					if (arc_idx == 0) {
-						lua_settop (L, 0);
-						luaL_error (L, "no arc idx specified");
-						rspamd_symcache_finalize_item (task, item);
-
-						return;
-					}
-				}
-				else if (strcmp (sign_type_str, "arc-seal") == 0) {
-					sign_type = RSPAMD_DKIM_ARC_SEAL;
-					if (arc_cv == NULL) {
-						lua_settop (L, 0);
-						luaL_error (L, "no arc cv specified");
-						rspamd_symcache_finalize_item (task, item);
-
-						return;
-					}
-					if (arc_idx == 0) {
-						lua_settop (L, 0);
-						luaL_error (L, "no arc idx specified");
-						rspamd_symcache_finalize_item (task, item);
-
-						return;
-					}
-				}
-				else {
-					lua_settop (L, 0);
-					luaL_error (L, "unknown sign type: %s",
-							sign_type_str);
-					rspamd_symcache_finalize_item (task, item);
-
-					return;
-				}
-			}
-
-			dkim_key = dkim_module_load_key_format (task, dkim_module_ctx,
-					key, len, key_format);
-
-			if (dkim_key == NULL) {
-				rspamd_symcache_finalize_item (task, item);
-				return;
-			}
-
-			ctx = rspamd_create_dkim_sign_context (task, dkim_key,
-					DKIM_CANON_RELAXED, DKIM_CANON_RELAXED,
-					dkim_module_ctx->sign_headers,
-					sign_type,
-					&err);
-
-			if (ctx == NULL) {
-				msg_err_task ("cannot create sign context: %e",
-						err);
-				g_error_free (err);
-				rspamd_symcache_finalize_item (task, item);
-
-				return;
-			}
-
-			hdr = rspamd_dkim_sign (task, selector, domain, 0, 0,
-					arc_idx, arc_cv,
-					ctx);
-
-			if (hdr) {
-				sigs = g_list_append (sigs, hdr);
-				rspamd_mempool_set_variable (task->task_pool, "dkim-signature",
-						sigs, dkim_module_free_list);
-			}
-
-			sign = TRUE;
-		}
-		else {
-			sign = FALSE;
-		}
-	}
-
-	/* Result + error function */
-	lua_settop (L, 0);
-
-	if (!sign) {
-		msg_debug_task ("skip signing as dkim condition callback returned"
-				" false");
-	}
-	rspamd_symcache_finalize_item (task, item);
-}
-
 struct rspamd_dkim_lua_verify_cbdata {
 	rspamd_dkim_context_t *ctx;
 	struct rspamd_task *task;


More information about the Commits mailing list