[exim.git] / src / src / dkim_transport.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */

/* Transport shim for dkim signing */


#include "exim.h"

#ifndef DISABLE_DKIM	/* rest of file */


static BOOL
dkt_sign_fail(struct ob_dkim * dkim, int * errp)
{
if (dkim->dkim_strict)
  {
  uschar * dkim_strict_result = expand_string(dkim->dkim_strict);

  if (dkim_strict_result)
    if ( (strcmpic(dkim->dkim_strict, US"1") == 0) ||
	 (strcmpic(dkim->dkim_strict, US"true") == 0) )
      {
      /* Set errno to something halfway meaningful */
      *errp = EACCES;
      log_write(0, LOG_MAIN, "DKIM: message could not be signed,"
	" and dkim_strict is set. Deferring message delivery.");
      return FALSE;
      }
  }
return TRUE;
}

/* Send the file at in_fd down the output fd */

static BOOL
dkt_send_file(int out_fd, int in_fd, off_t off
#ifdef OS_SENDFILE
  , size_t size
#endif
  )
{
#ifdef OS_SENDFILE
DEBUG(D_transport) debug_printf("send file fd=%d size=%u\n", out_fd, (unsigned)(size - off));
#else
DEBUG(D_transport) debug_printf("send file fd=%d\n", out_fd);
#endif

/*XXX should implement timeout, like transport_write_block_fd() ? */

#ifdef OS_SENDFILE
/* We can use sendfile() to shove the file contents
   to the socket. However only if we don't use TLS,
   as then there's another layer of indirection
   before the data finally hits the socket. */
if (tls_out.active != out_fd)
  {
  ssize_t copied = 0;

  while(copied >= 0 && off < size)
    copied = os_sendfile(out_fd, in_fd, &off, size - off);
  if (copied < 0)
    return FALSE;
  }
else

#endif

  {
  int sread, wwritten;

  /* Rewind file */
  if (lseek(in_fd, off, SEEK_SET) < 0) return FALSE;

  /* Send file down the original fd */
  while((sread = read(in_fd, deliver_out_buffer, DELIVER_OUT_BUFFER_SIZE)) > 0)
    {
    uschar * p = deliver_out_buffer;
    /* write the chunk */

    while (sread)
      {
#ifdef SUPPORT_TLS
      wwritten = tls_out.active == out_fd
	? tls_write(FALSE, p, sread, FALSE)
	: write(out_fd, CS p, sread);
#else
      wwritten = write(out_fd, CS p, sread);
#endif
      if (wwritten == -1)
	return FALSE;
      p += wwritten;
      sread -= wwritten;
      }
    }

  if (sread == -1)
    return FALSE;
  }

return TRUE;
}


/* This function is a wrapper around transport_write_message().
   It is only called from the smtp transport if DKIM or Domainkeys support
   is active and no transport filter is to be used.

Arguments:
  As for transport_write_message() in transort.c, with additional arguments
  for DKIM.

Returns:       TRUE on success; FALSE (with errno) for any failure
*/

static BOOL
dkt_direct(transport_ctx * tctx, struct ob_dkim * dkim,
  const uschar ** err)
{
int save_fd = tctx->u.fd;
int save_options = tctx->options;
BOOL save_wireformat = spool_file_wireformat;
uschar * hdrs;
gstring * dkim_signature;
int hsize;
const uschar * errstr;
uschar * verrstr;
BOOL rc;

DEBUG(D_transport) debug_printf("dkim signing direct-mode\n");

/* Get headers in string for signing and transmission.  Do CRLF
and dotstuffing (but no body nor dot-termination) */

tctx->u.msg = NULL;
tctx->options = tctx->options & ~(topt_end_dot | topt_use_bdat)
  | topt_output_string | topt_no_body;

rc = transport_write_message(tctx, 0);
hdrs = string_from_gstring(tctx->u.msg);
hsize = tctx->u.msg->ptr;

tctx->u.fd = save_fd;
tctx->options = save_options;
if (!rc) return FALSE;

/* Get signatures for headers plus spool data file */

#ifdef EXPERIMENTAL_ARC
arc_sign_init();
#endif

dkim->dot_stuffed = !!(save_options & topt_end_dot);
if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
				    hdrs, dkim, &errstr)))
  if (!(rc = dkt_sign_fail(dkim, &errno)))
    {
    *err = errstr;
    return FALSE;
    }

#ifdef EXPERIMENTAL_ARC
if (dkim->arc_signspec)			/* Prepend ARC headers */
  if (!(dkim_signature =
	arc_sign(dkim->arc_signspec, dkim_signature, &verrstr)))
    {
    *err = verrstr;
    return FALSE;
    }
#endif

/* Write the signature and headers into the deliver-out-buffer.  This should
mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
(transport_write_message() sizes the BDAT for the buffered amount) - for short
messages, the BDAT LAST command.  We want no dotstuffing expansion here, it
having already been done - but we have to say we want CRLF output format, and
temporarily set the marker for possible already-CRLF input. */

tctx->options &= ~topt_escape_headers;
spool_file_wireformat = TRUE;
transport_write_reset(0);
if (  (  dkim_signature
      && dkim_signature->ptr > 0
      && !write_chunk(tctx, dkim_signature->s, dkim_signature->ptr)
      )
   || !write_chunk(tctx, hdrs, hsize)
   )
  return FALSE;

spool_file_wireformat = save_wireformat;
tctx->options = save_options | topt_no_headers | topt_continuation;

if (!(transport_write_message(tctx, 0)))
  return FALSE;

tctx->options = save_options;
return TRUE;
}


/* This function is a wrapper around transport_write_message().
   It is only called from the smtp transport if DKIM or Domainkeys support
   is active and a transport filter is to be used.  The function sets up a
   replacement fd into a -K file, then calls the normal function. This way, the
   exact bits that exim would have put "on the wire" will end up in the file
   (except for TLS encapsulation, which is the very very last thing). When we
   are done signing the file, send the signed message down the original fd (or
   TLS fd).

Arguments:
  As for transport_write_message() in transort.c, with additional arguments
  for DKIM.

Returns:       TRUE on success; FALSE (with errno) for any failure
*/

static BOOL
dkt_via_kfile(transport_ctx * tctx, struct ob_dkim * dkim, const uschar ** err)
{
int dkim_fd;
int save_errno = 0;
BOOL rc;
uschar * dkim_spool_name;
gstring * dkim_signature;
int options, dlen;
off_t k_file_size;
const uschar * errstr;

dkim_spool_name = spool_fname(US"input", message_subdir, message_id,
		    string_sprintf("-%d-K", (int)getpid()));

DEBUG(D_transport) debug_printf("dkim signing via file %s\n", dkim_spool_name);

if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0)
  {
  /* Can't create spool file. Ugh. */
  rc = FALSE;
  save_errno = errno;
  *err = string_sprintf("dkim spoolfile create: %s", strerror(errno));
  goto CLEANUP;
  }

/* Call transport utility function to write the -K file; does the CRLF expansion
(but, in the CHUNKING case, neither dot-stuffing nor dot-termination). */

  {
  int save_fd = tctx->u.fd;
  tctx->u.fd = dkim_fd;
  options = tctx->options;
  tctx->options &= ~topt_use_bdat;

  rc = transport_write_message(tctx, 0);

  tctx->u.fd = save_fd;
  tctx->options = options;
  }

/* Save error state. We must clean up before returning. */
if (!rc)
  {
  save_errno = errno;
  goto CLEANUP;
  }

#ifdef EXPERIMENTAL_ARC
arc_sign_init();
#endif

/* Feed the file to the goats^W DKIM lib */

dkim->dot_stuffed = !!(options & topt_end_dot);
if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
  {
  dlen = 0;
  if (!(rc = dkt_sign_fail(dkim, &save_errno)))
    {
    *err = errstr;
    goto CLEANUP;
    }
  }
else
  dlen = dkim_signature->ptr;

#ifdef EXPERIMENTAL_ARC
if (dkim->arc_signspec)				/* Prepend ARC headers */
  {
  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
    goto CLEANUP;
  dlen = dkim_signature->ptr;
  }
#endif

#ifndef OS_SENDFILE
if (options & topt_use_bdat)
#endif
  if ((k_file_size = lseek(dkim_fd, 0, SEEK_END)) < 0)
    {
    *err = string_sprintf("dkim spoolfile seek: %s", strerror(errno));
    goto CLEANUP;
    }

if (options & topt_use_bdat)
  {
  /* On big messages output a precursor chunk to get any pipelined
  MAIL & RCPT commands flushed, then reap the responses so we can
  error out on RCPT rejects before sending megabytes. */

  if (  dlen + k_file_size > DELIVER_OUT_BUFFER_SIZE
     && dlen > 0)
    {
    if (  tctx->chunk_cb(tctx, dlen, 0) != OK
       || !transport_write_block(tctx,
		    dkim_signature->s, dlen, FALSE)
       || tctx->chunk_cb(tctx, 0, tc_reap_prev) != OK
       )
      goto err;
    dlen = 0;
    }

  /* Send the BDAT command for the entire message, as a single LAST-marked
  chunk. */

  if (tctx->chunk_cb(tctx, dlen + k_file_size, tc_chunk_last) != OK)
    goto err;
  }

if(dlen > 0 && !transport_write_block(tctx, dkim_signature->s, dlen, TRUE))
  goto err;

if (!dkt_send_file(tctx->u.fd, dkim_fd, 0
#ifdef OS_SENDFILE
  , k_file_size
#endif
  ))
  {
  save_errno = errno;
  rc = FALSE;
  }

CLEANUP:
  /* unlink -K file */
  if (dkim_fd >= 0) (void)close(dkim_fd);
  Uunlink(dkim_spool_name);
  errno = save_errno;
  return rc;

err:
  save_errno = errno;
  rc = FALSE;
  goto CLEANUP;
}


/***************************************************************************************************
*    External interface to write the message, while signing it with DKIM and/or Domainkeys         *
***************************************************************************************************/

/* This function is a wrapper around transport_write_message().
   It is only called from the smtp transport if DKIM or Domainkeys support
   is compiled in.

Arguments:
  As for transport_write_message() in transort.c, with additional arguments
  for DKIM.

Returns:       TRUE on success; FALSE (with errno) for any failure
*/

BOOL
dkim_transport_write_message(transport_ctx * tctx,
  struct ob_dkim * dkim, const uschar ** err)
{
/* If we can't sign, just call the original function. */

if (  !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
   && !dkim->force_bodyhash)
  return transport_write_message(tctx, 0);

/* If there is no filter command set up, construct the message and calculate
a dkim signature of it, send the signature and a reconstructed message. This
avoids using a temprary file. */

if (  !transport_filter_argv
   || !*transport_filter_argv
   || !**transport_filter_argv
   )
  return dkt_direct(tctx, dkim, err);

/* Use the transport path to write a file, calculate a dkim signature,
send the signature and then send the file. */

return dkt_via_kfile(tctx, dkim, err);
}

#endif	/* whole file */

/* vi: aw ai sw=2
*/
/* End of dkim_transport.c */
Commit	Line	Data
42055a33 JH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
f9ba5e22	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
42055a33 JH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	/* Transport shim for dkim signing */
	9
42055a33 JH	10
	11	#include "exim.h"
	12
09d5060c JH	13	#ifndef DISABLE_DKIM /* rest of file */
09d5060c JH	14
42055a33 JH	15
	16	static BOOL
	17	dkt_sign_fail(struct ob_dkim * dkim, int * errp)
	18	{
	19	if (dkim->dkim_strict)
	20	{
	21	uschar * dkim_strict_result = expand_string(dkim->dkim_strict);
	22
	23	if (dkim_strict_result)
	24	if ( (strcmpic(dkim->dkim_strict, US"1") == 0) \|\|
	25	(strcmpic(dkim->dkim_strict, US"true") == 0) )
	26	{
	27	/* Set errno to something halfway meaningful */
	28	*errp = EACCES;
	29	log_write(0, LOG_MAIN, "DKIM: message could not be signed,"
	30	" and dkim_strict is set. Deferring message delivery.");
	31	return FALSE;
	32	}
	33	}
	34	return TRUE;
	35	}
	36
d315eda1 JH	37	/* Send the file at in_fd down the output fd */
d315eda1 JH	38
42055a33	39	static BOOL
bb07bcd3 JH	40	dkt_send_file(int out_fd, int in_fd, off_t off
	41	#ifdef OS_SENDFILE
	42	, size_t size
	43	#endif
	44	)
42055a33	45	{
47c292c9	46	#ifdef OS_SENDFILE
6c140c01	47	DEBUG(D_transport) debug_printf("send file fd=%d size=%u\n", out_fd, (unsigned)(size - off));
47c292c9 JH	48	#else
	49	DEBUG(D_transport) debug_printf("send file fd=%d\n", out_fd);
	50	#endif
42055a33 JH	51
	52	/XXX should implement timeout, like transport_write_block_fd() ? /
	53
7d758a6a	54	#ifdef OS_SENDFILE
42055a33 JH	55	/* We can use sendfile() to shove the file contents
	56	to the socket. However only if we don't use TLS,
	57	as then there's another layer of indirection
	58	before the data finally hits the socket. */
	59	if (tls_out.active != out_fd)
	60	{
	61	ssize_t copied = 0;
	62
	63	while(copied >= 0 && off < size)
7d758a6a	64	copied = os_sendfile(out_fd, in_fd, &off, size - off);
42055a33 JH	65	if (copied < 0)
	66	return FALSE;
	67	}
	68	else
	69
	70	#endif
	71
	72	{
	73	int sread, wwritten;
	74
328c5688	75	/* Rewind file */
d315eda1	76	if (lseek(in_fd, off, SEEK_SET) < 0) return FALSE;
328c5688	77
42055a33	78	/* Send file down the original fd */
d315eda1	79	while((sread = read(in_fd, deliver_out_buffer, DELIVER_OUT_BUFFER_SIZE)) > 0)
42055a33 JH	80	{
	81	uschar * p = deliver_out_buffer;
	82	/* write the chunk */
	83
	84	while (sread)
	85	{
	86	#ifdef SUPPORT_TLS
	87	wwritten = tls_out.active == out_fd
925ac8e4	88	? tls_write(FALSE, p, sread, FALSE)
42055a33 JH	89	: write(out_fd, CS p, sread);
	90	#else
	91	wwritten = write(out_fd, CS p, sread);
	92	#endif
	93	if (wwritten == -1)
	94	return FALSE;
	95	p += wwritten;
	96	sread -= wwritten;
	97	}
	98	}
	99
	100	if (sread == -1)
	101	return FALSE;
	102	}
	103
	104	return TRUE;
	105	}
	106
	107
	108
	109
	110	/* This function is a wrapper around transport_write_message().
	111	It is only called from the smtp transport if DKIM or Domainkeys support
	112	is active and no transport filter is to be used.
	113
	114	Arguments:
	115	As for transport_write_message() in transort.c, with additional arguments
	116	for DKIM.
	117
	118	Returns: TRUE on success; FALSE (with errno) for any failure
	119	*/
	120
	121	static BOOL
	122	dkt_direct(transport_ctx * tctx, struct ob_dkim * dkim,
	123	const uschar ** err)
	124	{
	125	int save_fd = tctx->u.fd;
	126	int save_options = tctx->options;
328c5688	127	BOOL save_wireformat = spool_file_wireformat;
9e70917d	128	uschar * hdrs;
acec9514	129	gstring * dkim_signature;
9e70917d	130	int hsize;
42055a33	131	const uschar * errstr;
617d3932	132	uschar * verrstr;
42055a33 JH	133	BOOL rc;
	134
	135	DEBUG(D_transport) debug_printf("dkim signing direct-mode\n");
	136
328c5688 JH	137	/* Get headers in string for signing and transmission. Do CRLF
328c5688 JH	138	and dotstuffing (but no body nor dot-termination) */
42055a33 JH	139
	140	tctx->u.msg = NULL;
	141	tctx->options = tctx->options & ~(topt_end_dot \| topt_use_bdat)
	142	\| topt_output_string \| topt_no_body;
	143
	144	rc = transport_write_message(tctx, 0);
acec9514 JH	145	hdrs = string_from_gstring(tctx->u.msg);
acec9514 JH	146	hsize = tctx->u.msg->ptr;
42055a33 JH	147
	148	tctx->u.fd = save_fd;
	149	tctx->options = save_options;
	150	if (!rc) return FALSE;
	151
	152	/* Get signatures for headers plus spool data file */
	153
dde9989b JH	154	#ifdef EXPERIMENTAL_ARC
	155	arc_sign_init();
	156	#endif
42055a33	157
dde9989b	158	dkim->dot_stuffed = !!(save_options & topt_end_dot);
9e70917d	159	if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
42055a33	160	hdrs, dkim, &errstr)))
9e70917d JH	161	if (!(rc = dkt_sign_fail(dkim, &errno)))
	162	{
	163	*err = errstr;
	164	return FALSE;
	165	}
42055a33	166
617d3932 JH	167	#ifdef EXPERIMENTAL_ARC
	168	if (dkim->arc_signspec) /* Prepend ARC headers */
	169	if (!(dkim_signature =
	170	arc_sign(dkim->arc_signspec, dkim_signature, &verrstr)))
	171	{
	172	*err = verrstr;
	173	return FALSE;
	174	}
	175	#endif
	176
42055a33 JH	177	/* Write the signature and headers into the deliver-out-buffer. This should
	178	mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
	179	(transport_write_message() sizes the BDAT for the buffered amount) - for short
328c5688 JH	180	messages, the BDAT LAST command. We want no dotstuffing expansion here, it
	181	having already been done - but we have to say we want CRLF output format, and
	182	temporarily set the marker for possible already-CRLF input. */
42055a33	183
328c5688 JH	184	tctx->options &= ~topt_escape_headers;
328c5688 JH	185	spool_file_wireformat = TRUE;
42055a33	186	transport_write_reset(0);
9e70917d	187	if ( ( dkim_signature
acec9514 JH	188	&& dkim_signature->ptr > 0
acec9514 JH	189	&& !write_chunk(tctx, dkim_signature->s, dkim_signature->ptr)
9e70917d JH	190	)
	191	\|\| !write_chunk(tctx, hdrs, hsize)
	192	)
42055a33 JH	193	return FALSE;
42055a33 JH	194
328c5688	195	spool_file_wireformat = save_wireformat;
42055a33 JH	196	tctx->options = save_options \| topt_no_headers \| topt_continuation;
	197
	198	if (!(transport_write_message(tctx, 0)))
	199	return FALSE;
	200
	201	tctx->options = save_options;
	202	return TRUE;
	203	}
	204
	205
	206	/* This function is a wrapper around transport_write_message().
	207	It is only called from the smtp transport if DKIM or Domainkeys support
	208	is active and a transport filter is to be used. The function sets up a
	209	replacement fd into a -K file, then calls the normal function. This way, the
	210	exact bits that exim would have put "on the wire" will end up in the file
	211	(except for TLS encapsulation, which is the very very last thing). When we
	212	are done signing the file, send the signed message down the original fd (or
	213	TLS fd).
	214
	215	Arguments:
	216	As for transport_write_message() in transort.c, with additional arguments
	217	for DKIM.
	218
	219	Returns: TRUE on success; FALSE (with errno) for any failure
	220	*/
	221
	222	static BOOL
	223	dkt_via_kfile(transport_ctx * tctx, struct ob_dkim * dkim, const uschar ** err)
	224	{
	225	int dkim_fd;
	226	int save_errno = 0;
	227	BOOL rc;
9e70917d	228	uschar * dkim_spool_name;
acec9514	229	gstring * dkim_signature;
9e70917d	230	int options, dlen;
42055a33 JH	231	off_t k_file_size;
	232	const uschar * errstr;
	233
	234	dkim_spool_name = spool_fname(US"input", message_subdir, message_id,
	235	string_sprintf("-%d-K", (int)getpid()));
	236
	237	DEBUG(D_transport) debug_printf("dkim signing via file %s\n", dkim_spool_name);
	238
	239	if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR\|O_CREAT\|O_TRUNC, SPOOL_MODE)) < 0)
	240	{
	241	/* Can't create spool file. Ugh. */
	242	rc = FALSE;
	243	save_errno = errno;
	244	*err = string_sprintf("dkim spoolfile create: %s", strerror(errno));
	245	goto CLEANUP;
	246	}
	247
	248	/* Call transport utility function to write the -K file; does the CRLF expansion
	249	(but, in the CHUNKING case, neither dot-stuffing nor dot-termination). */
	250
	251	{
	252	int save_fd = tctx->u.fd;
	253	tctx->u.fd = dkim_fd;
	254	options = tctx->options;
	255	tctx->options &= ~topt_use_bdat;
	256
	257	rc = transport_write_message(tctx, 0);
	258
	259	tctx->u.fd = save_fd;
	260	tctx->options = options;
	261	}
	262
	263	/* Save error state. We must clean up before returning. */
	264	if (!rc)
	265	{
	266	save_errno = errno;
	267	goto CLEANUP;
	268	}
	269
dde9989b JH	270	#ifdef EXPERIMENTAL_ARC
	271	arc_sign_init();
	272	#endif
	273
42055a33 JH	274	/* Feed the file to the goats^W DKIM lib */
	275
	276	dkim->dot_stuffed = !!(options & topt_end_dot);
9e70917d	277	if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
42055a33	278	{
9e70917d JH	279	dlen = 0;
	280	if (!(rc = dkt_sign_fail(dkim, &save_errno)))
	281	{
	282	*err = errstr;
	283	goto CLEANUP;
	284	}
42055a33	285	}
9e70917d	286	else
acec9514	287	dlen = dkim_signature->ptr;
42055a33	288
617d3932 JH	289	#ifdef EXPERIMENTAL_ARC
	290	if (dkim->arc_signspec) /* Prepend ARC headers */
	291	{
	292	if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
	293	goto CLEANUP;
	294	dlen = dkim_signature->ptr;
	295	}
	296	#endif
	297
7d758a6a	298	#ifndef OS_SENDFILE
42055a33 JH	299	if (options & topt_use_bdat)
42055a33 JH	300	#endif
d315eda1 JH	301	if ((k_file_size = lseek(dkim_fd, 0, SEEK_END)) < 0)
	302	{
	303	*err = string_sprintf("dkim spoolfile seek: %s", strerror(errno));
	304	goto CLEANUP;
	305	}
42055a33 JH	306
	307	if (options & topt_use_bdat)
	308	{
	309	/* On big messages output a precursor chunk to get any pipelined
	310	MAIL & RCPT commands flushed, then reap the responses so we can
	311	error out on RCPT rejects before sending megabytes. */
	312
9e70917d JH	313	if ( dlen + k_file_size > DELIVER_OUT_BUFFER_SIZE
9e70917d JH	314	&& dlen > 0)
42055a33	315	{
9e70917d JH	316	if ( tctx->chunk_cb(tctx, dlen, 0) != OK
9e70917d JH	317	\|\| !transport_write_block(tctx,
acec9514	318	dkim_signature->s, dlen, FALSE)
42055a33 JH	319	\|\| tctx->chunk_cb(tctx, 0, tc_reap_prev) != OK
	320	)
	321	goto err;
9e70917d	322	dlen = 0;
42055a33 JH	323	}
	324
	325	/* Send the BDAT command for the entire message, as a single LAST-marked
	326	chunk. */
	327
9e70917d	328	if (tctx->chunk_cb(tctx, dlen + k_file_size, tc_chunk_last) != OK)
42055a33 JH	329	goto err;
	330	}
	331
acec9514	332	if(dlen > 0 && !transport_write_block(tctx, dkim_signature->s, dlen, TRUE))
42055a33 JH	333	goto err;
42055a33 JH	334
bb07bcd3 JH	335	if (!dkt_send_file(tctx->u.fd, dkim_fd, 0
	336	#ifdef OS_SENDFILE
	337	, k_file_size
	338	#endif
	339	))
42055a33 JH	340	{
	341	save_errno = errno;
	342	rc = FALSE;
	343	}
	344
	345	CLEANUP:
	346	/* unlink -K file */
d315eda1	347	if (dkim_fd >= 0) (void)close(dkim_fd);
42055a33 JH	348	Uunlink(dkim_spool_name);
	349	errno = save_errno;
	350	return rc;
	351
	352	err:
	353	save_errno = errno;
	354	rc = FALSE;
	355	goto CLEANUP;
	356	}
	357
	358
	359
	360	/***************************************************************************************************
	361	* External interface to write the message, while signing it with DKIM and/or Domainkeys *
	362	***************************************************************************************************/
	363
	364	/* This function is a wrapper around transport_write_message().
	365	It is only called from the smtp transport if DKIM or Domainkeys support
	366	is compiled in.
	367
	368	Arguments:
	369	As for transport_write_message() in transort.c, with additional arguments
	370	for DKIM.
	371
	372	Returns: TRUE on success; FALSE (with errno) for any failure
	373	*/
	374
	375	BOOL
	376	dkim_transport_write_message(transport_ctx * tctx,
	377	struct ob_dkim * dkim, const uschar ** err)
	378	{
	379	/* If we can't sign, just call the original function. */
	380
617d3932 JH	381	if ( !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
617d3932 JH	382	&& !dkim->force_bodyhash)
42055a33 JH	383	return transport_write_message(tctx, 0);
	384
	385	/* If there is no filter command set up, construct the message and calculate
	386	a dkim signature of it, send the signature and a reconstructed message. This
	387	avoids using a temprary file. */
	388
	389	if ( !transport_filter_argv
	390	\|\| !*transport_filter_argv
	391	\|\| !**transport_filter_argv
	392	)
	393	return dkt_direct(tctx, dkim, err);
	394
	395	/* Use the transport path to write a file, calculate a dkim signature,
	396	send the signature and then send the file. */
	397
	398	return dkt_via_kfile(tctx, dkim, err);
	399	}
	400
	401	#endif /* whole file */
	402
	403	/* vi: aw ai sw=2
	404	*/
	405	/* End of dkim_transport.c */