ARC: add optional x= tag to signing

diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 3c348d0df6118784c46b3a3677f8ed5fe4eab0c8..b981f3b7a439225668971cfeb3f34a2c669bbca2 100644 (file)
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -806,9 +806,15 @@ Expanded as a whole; if unset, empty or forced-failure then no signing is done.
 If it is set, all three elements must be non-empty.
 
 The fourth element is optional, and if present consists of a comma-separated list
 If it is set, all three elements must be non-empty.
 
 The fourth element is optional, and if present consists of a comma-separated list

-of options.  The only option implemented so far is
-  timestamps    Add a t= tag to the generated AMS and AS headers, with the
-                current time.
+of options.  The options implemented are
+
+  timestamps           Add a t= tag to the generated AMS and AS headers, with the
+                       current time.
+  expire[=<val>]       Add an x= tag to the generated AMS header, with an expiry time.
+                       If the value <val> is an plain number it is used unchanged.
+                       If it starts with a '+' then the following number is added
+                       to the current time, as an offset in seconds.
+                       If a value is not given it defaults to a one month offset.

 
 [As of writing, gmail insist that a t= tag on the AS is mandatory]
 
 
 [As of writing, gmail insist that a t= tag on the AS is mandatory]
 

diff --git a/src/src/arc.c b/src/src/arc.c
index fdc280eb63a0bb141578ec84938558f21a0126ce..c860aed366cc33b4e41f878e01d1e7664fdcdd78 100644 (file)
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -22,6 +22,9 @@ extern pdkim_ctx * dkim_verify_ctx;
 extern pdkim_ctx dkim_sign_ctx;
 
 #define ARC_SIGN_OPT_TSTAMP    BIT(0)
 extern pdkim_ctx dkim_sign_ctx;
 
 #define ARC_SIGN_OPT_TSTAMP    BIT(0)

+#define ARC_SIGN_OPT_EXPIRE    BIT(1)
+
+#define ARC_SIGN_DEFAULT_EXPIRE_DELTA (60 * 60 * 24 * 30)      /* one month */

 
 /******************************************************************************/
 
 
 /******************************************************************************/
 


@@ -86,6 +89,8 @@ typedef struct arc_ctx {
 #define HDR_AR         US"Authentication-Results:"
 #define HDRLEN_AR      23
 
 #define HDR_AR         US"Authentication-Results:"
 #define HDRLEN_AR      23
 

+static time_t now;
+static time_t expire;

 static hdr_rlist * headers_rlist;
 static arc_ctx arc_sign_ctx = { NULL };
 
 static hdr_rlist * headers_rlist;
 static arc_ctx arc_sign_ctx = { NULL };
 


@@ -1298,7 +1303,10 @@ g = string_append(g, 7,
       US"; s=", selector);
 if (options & ARC_SIGN_OPT_TSTAMP)
   g = string_append(g, 2,
       US"; s=", selector);
 if (options & ARC_SIGN_OPT_TSTAMP)
   g = string_append(g, 2,

-      US"; t=", string_sprintf("%lu", (u_long)time(NULL)));
+      US"; t=", string_sprintf("%lu", (u_long)now));
+if (options & ARC_SIGN_OPT_EXPIRE)
+  g = string_append(g, 2,
+      US"; x=", string_sprintf("%lu", (u_long)expire));

 g = string_append(g, 3,
       US";\r\n\tbh=", pdkim_encode_base64(bodyhash),
       US";\r\n\th=");
 g = string_append(g, 3,
       US";\r\n\tbh=", pdkim_encode_base64(bodyhash),
       US";\r\n\th=");


@@ -1432,7 +1440,7 @@ arcset = string_append(NULL, 9,
          US"; s=", selector);                                  /*XXX same as AMS */
 if (options & ARC_SIGN_OPT_TSTAMP)
   arcset = string_append(arcset, 2,
          US"; s=", selector);                                  /*XXX same as AMS */
 if (options & ARC_SIGN_OPT_TSTAMP)
   arcset = string_append(arcset, 2,

-      US"; t=", string_sprintf("%lu", (u_long)time(NULL)));
+      US"; t=", string_sprintf("%lu", (u_long)now));

 arcset = string_cat(arcset,
          US";\r\n\t b=;");
 
 arcset = string_cat(arcset,
          US";\r\n\t b=;");
 


@@ -1555,6 +1563,8 @@ int instance;
 gstring * g = NULL;
 pdkim_bodyhash * b;
 
 gstring * g = NULL;
 pdkim_bodyhash * b;
 

+expire = now = 0;
+

 /* Parse the signing specification */
 
 identity = string_nextinlist(&signspec, &sep, NULL, 0);
 /* Parse the signing specification */
 
 identity = string_nextinlist(&signspec, &sep, NULL, 0);


@@ -1574,7 +1584,29 @@ if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))
   int osep = ',';
   while ((s = string_nextinlist(&opts, &osep, NULL, 0)))
     if (Ustrcmp(s, "timestamps") == 0)
   int osep = ',';
   while ((s = string_nextinlist(&opts, &osep, NULL, 0)))
     if (Ustrcmp(s, "timestamps") == 0)

+      {

       options |= ARC_SIGN_OPT_TSTAMP;
       options |= ARC_SIGN_OPT_TSTAMP;

+      if (!now) now = time(NULL);
+      }
+    else if (Ustrncmp(s, "expire", 6) == 0)
+      {
+      options |= ARC_SIGN_OPT_EXPIRE;
+      if (*(s += 6) == '=')
+       if (*++s == '+')
+         {
+         if (!(expire = (time_t)atoi(++s)))
+           expire = ARC_SIGN_DEFAULT_EXPIRE_DELTA;
+         if (!now) now = time(NULL);
+         expire += now;
+         }
+       else
+         expire = (time_t)atol(s);
+      else
+       {
+       if (!now) now = time(NULL);
+       expire = now + ARC_SIGN_DEFAULT_EXPIRE_DELTA;
+       }
+      }

   }
 
 DEBUG(D_transport) debug_printf("ARC: sign for %s\n", identity);
   }
 
 DEBUG(D_transport) debug_printf("ARC: sign for %s\n", identity);