commit c296be5: [Minor] dkim_signing: auth_only is a misnomer

Andrew Lewis nerf at judo.za.org
Thu Jan 23 19:21:06 UTC 2020 

Author: Andrew Lewis
Date: 2020-01-23 20:25:47 +0200
URL: https://github.com/rspamd/rspamd/commit/c296be57e97c770b0c3b2d0f9f1b36f4f34824b9 (refs/pull/3233/head)

[Minor] dkim_signing: auth_only is a misnomer

---
 conf/modules.d/arc.conf          |  4 ++--
 conf/modules.d/dkim_signing.conf |  4 ++--
 lualib/lua_cfg_transform.lua     | 12 ++++++++++++
 lualib/lua_dkim_tools.lua        |  6 +++---
 lualib/rspamadm/configwizard.lua | 10 +++++-----
 src/plugins/lua/arc.lua          |  2 +-
 src/plugins/lua/dkim_signing.lua |  2 +-
 7 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/conf/modules.d/arc.conf b/conf/modules.d/arc.conf
index 9528427b4..4b5682b77 100644
--- a/conf/modules.d/arc.conf
+++ b/conf/modules.d/arc.conf
@@ -33,12 +33,12 @@ arc {
   allow_hdrfrom_multiple = false;
   # If true, username does not need to contain matching domain
   allow_username_mismatch = false;
-  # If false, messages from authenticated users are not selected for signing
-  auth_only = false;
   # Default path to key, can include '$domain' and '$selector' variables
   #path = "${DBDIR}/arc/$domain.$selector.key";
   # Default selector to use
   selector = "arc";
+  # If false, messages from authenticated users are not selected for signing
+  sign_authenticated = false;
   # If false, inbound messages are not selected for signing
   sign_inbound = true;
   # If false, messages from local networks are not selected for signing
diff --git a/conf/modules.d/dkim_signing.conf b/conf/modules.d/dkim_signing.conf
index 6577735d5..42cb0e2b8 100644
--- a/conf/modules.d/dkim_signing.conf
+++ b/conf/modules.d/dkim_signing.conf
@@ -31,12 +31,12 @@ dkim_signing {
   allow_hdrfrom_multiple = false;
   # If true, username does not need to contain matching domain
   allow_username_mismatch = false;
-  # If false, messages from authenticated users are not selected for signing
-  auth_only = true;
   # Default path to key, can include '$domain' and '$selector' variables
   #path = "/var/lib/rspamd/dkim/$domain.$selector.key";
   # Default selector to use
   selector = "dkim";
+  # If false, messages from authenticated users are not selected for signing
+  sign_authenticated = true;
   # If false, messages from local networks are not selected for signing
   sign_local = true;
   # Symbol to add when message is signed
diff --git a/lualib/lua_cfg_transform.lua b/lualib/lua_cfg_transform.lua
index a82bae1b7..bdcc82635 100644
--- a/lualib/lua_cfg_transform.lua
+++ b/lualib/lua_cfg_transform.lua
@@ -444,6 +444,18 @@ return function(cfg)
     end
   end
 
+  -- DKIM signing/ARC legacy
+  for _, mod in ipairs({'dkim_signing', 'arc'}) do
+    if cfg[mod] then
+      if cfg[mod].auth_only ~= nil then
+        if cfg[mod].sign_authenticated ~= nil then
+	  logger.warnx(rspamd_config, 'both auth_only (%s) and sign_authenticated (%s) for %s are specified, prefer auth_only', cfg[mod].auth_only, cfg[mod].sign_authenticated, mod)
+        end
+        cfg.[mod].sign_authenticated = cfg.[mod].auth_only
+      end
+    end
+  end
+
   if cfg.dkim and cfg.dkim.sign_headers and type(cfg.dkim.sign_headers) == 'table' then
     -- Flatten
     cfg.dkim.sign_headers = table.concat(cfg.dkim.sign_headers, ':')
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 42b595670..53a8a8f0f 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -156,7 +156,7 @@ local function prepare_dkim_signing(N, task, settings)
     is_local = true
   end
 
-  if settings.auth_only and auser then
+  if settings.sign_authenticated and auser then
     lua_util.debugm(N, task, 'user is authenticated')
     is_authed = true
   elseif (settings.sign_networks and settings.sign_networks:get_key(ip)) then
@@ -167,7 +167,7 @@ local function prepare_dkim_signing(N, task, settings)
   elseif settings.sign_inbound and not is_local and not auser then
     lua_util.debugm(N, task, 'mail was sent to us')
   else
-    lua_util.debugm(N, task, 'ignoring unauthenticated mail')
+    lua_util.debugm(N, task, 'mail is ineligible for signing')
     return false,{}
   end
 
@@ -212,7 +212,7 @@ local function prepare_dkim_signing(N, task, settings)
 
   local function is_skip_sign()
     return not (settings.sign_networks and is_sign_networks) and
-        not (settings.auth_only and is_authed) and
+        not (settings.sign_authenticated and is_authed) and
         not (settings.sign_local and is_local)
   end
 
diff --git a/lualib/rspamadm/configwizard.lua b/lualib/rspamadm/configwizard.lua
index 6de3e9c26..d5b56ccb1 100644
--- a/lualib/rspamadm/configwizard.lua
+++ b/lualib/rspamadm/configwizard.lua
@@ -277,7 +277,7 @@ local function setup_dkim_signing(cfg, changes)
   local sign_type = readline_default('Enter your choice (1, 2, 3, 4) [default: 1]: ', '1')
   local sign_networks
   local allow_mismatch
-  local auth_only
+  local sign_authenticated
   local use_esld
   local sign_domain = 'pet luacheck'
 
@@ -311,11 +311,11 @@ local function setup_dkim_signing(cfg, changes)
   end
 
   if sign_type ~= '3' then
-    auth_only = ask_yes_no(
-        string.format('Do you want to sign mail from %s only? ',
+    sign_authenticated = ask_yes_no(
+        string.format('Do you want to sign mail from %s? ',
             highlight('authenticated users')), true)
   else
-    auth_only = true
+    sign_authenticated = true
   end
 
   if fun.any(function(s) return s == sign_domain end, defined_auth_types) then
@@ -416,7 +416,7 @@ local function setup_dkim_signing(cfg, changes)
   end
 
   res_tbl.use_esld = use_esld
-  res_tbl.auth_only = auth_only
+  res_tbl.sign_authenticated = sign_authenticated
 end
 
 local function check_redis_classifier(cls, changes)
diff --git a/src/plugins/lua/arc.lua b/src/plugins/lua/arc.lua
index 22eb59603..1b6d1c430 100644
--- a/src/plugins/lua/arc.lua
+++ b/src/plugins/lua/arc.lua
@@ -76,7 +76,7 @@ local settings = {
   allow_hdrfrom_mismatch_sign_networks = false,
   allow_hdrfrom_multiple = false,
   allow_username_mismatch = false,
-  auth_only = true,
+  sign_authenticated = true,
   domain = {},
   path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'arc', '$domain.$selector.key'),
   sign_local = true,
diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua
index 23956b3c2..283aa5051 100644
--- a/src/plugins/lua/dkim_signing.lua
+++ b/src/plugins/lua/dkim_signing.lua
@@ -32,7 +32,7 @@ local settings = {
   allow_hdrfrom_multiple = false,
   allow_username_mismatch = false,
   allow_pubkey_mismatch = true,
-  auth_only = true,
+  sign_authenticated = true,
   check_pubkey = false,
   domain = {},
   path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'dkim', '$domain.$selector.key'),

More information about the Commits mailing list