From: Jeremy Harris Date: Wed, 8 Nov 2017 10:43:28 +0000 (+0000) Subject: DKIM: call ACL once for each signature matching the identity from dkim_verify_signers... X-Git-Tag: exim-4_90_RC2~11 X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=18067c75fc8494ce7968776cd61a1693d20d8380 DKIM: call ACL once for each signature matching the identity from dkim_verify_signers. Bug 2189 --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 1a7a7baa6..cfee04ccd 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -38708,6 +38708,11 @@ dkim_verify_signers = $sender_address_domain:$dkim_signers If a domain or identity is listed several times in the (expanded) value of &%dkim_verify_signers%&, the ACL is only called once for that domain or identity. +.new +If multiple signatures match a domain (or identity), the ACL is called once +for each matching signature. +.wen + Inside the &%acl_smtp_dkim%&, the following expansion variables are available (from most to least important): diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4b3d64e0c..fd188a00a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -182,6 +182,10 @@ JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error. Previously only that bufferd was discarded, resulting in SYMTP command desynchronisation. +JH/32 DKIM: when a message has multiple signatures matching an identity given + in dkim_verify_signers, run the dkim acl once for each. Previously only + one run was done. Bug 2189. + Exim version 4.89 ----------------- diff --git a/src/src/dkim.c b/src/src/dkim.c index 528ce82c4..396e5b905 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -235,14 +235,6 @@ return; } -/* Log a line for "the current" signature */ -void -dkim_exim_verify_log_item(void) -{ -dkim_exim_verify_log_sig(dkim_cur_sig); -} - - /* Log a line for each signature */ void dkim_exim_verify_log_all(void) @@ -303,37 +295,72 @@ store_pool = dkim_verify_oldpool; } -void -dkim_exim_acl_setup(uschar * id) + +/* Args as per dkim_exim_acl_run() below */ +static int +dkim_acl_call(uschar * id, gstring ** res_ptr, + uschar ** user_msgptr, uschar ** log_msgptr) +{ +int rc; +DEBUG(D_receive) + debug_printf("calling acl_smtp_dkim for dkim_cur_signer='%s'\n", id); + +rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, user_msgptr, log_msgptr); +dkim_exim_verify_log_sig(dkim_cur_sig); +*res_ptr = string_append_listele(*res_ptr, ':', dkim_verify_status); +return rc; +} + + + +/* For the given identity, run the DKIM ACL once for each matching signature. + +Arguments + id Identity to look for in dkim signatures + res_ptr ptr to growable string-list of status results, + appended to per ACL run + user_msgptr where to put a user error (for SMTP response) + log_msgptr where to put a logging message (not for SMTP response) + +Returns: OK access is granted by an ACCEPT verb + DISCARD access is granted by a DISCARD verb + FAIL access is denied + FAIL_DROP access is denied; drop the connection + DEFER can't tell at the moment + ERROR disaster +*/ + +int +dkim_exim_acl_run(uschar * id, gstring ** res_ptr, + uschar ** user_msgptr, uschar ** log_msgptr) { pdkim_signature * sig; uschar * cmp_val; +int rc = -1; dkim_verify_status = US"none"; dkim_verify_reason = US""; -dkim_cur_sig = NULL; dkim_cur_signer = id; if (dkim_disable_verify || !id || !dkim_verify_ctx) - return; + return OK; -/* Find signature to run ACL on */ +/* Find signatures to run ACL on */ for (sig = dkim_signatures; sig; sig = sig->next) if ( (cmp_val = Ustrchr(id, '@') != NULL ? US sig->identity : US sig->domain) && strcmpic(cmp_val, id) == 0 ) { - dkim_cur_sig = sig; - /* The "dkim_domain" and "dkim_selector" expansion variables have - related globals, since they are used in the signing code too. - Instead of inventing separate names for verification, we set - them here. This is easy since a domain and selector is guaranteed - to be in a signature. The other dkim_* expansion items are - dynamically fetched from dkim_cur_sig at expansion time (see - function below). */ + related globals, since they are used in the signing code too. + Instead of inventing separate names for verification, we set + them here. This is easy since a domain and selector is guaranteed + to be in a signature. The other dkim_* expansion items are + dynamically fetched from dkim_cur_sig at expansion time (see + function below). */ + dkim_cur_sig = sig; dkim_signing_domain = US sig->domain; dkim_signing_selector = US sig->selector; dkim_key_length = sig->sighash.len * 8; @@ -343,8 +370,18 @@ for (sig = dkim_signatures; sig; sig = sig->next) dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS); dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON); - return; + + if ((rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK) + return rc; } + +if (rc != -1) + return rc; + +/* No matching sig found. Call ACL once anyway. */ + +dkim_cur_sig = NULL; +return dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr); } diff --git a/src/src/dkim.h b/src/src/dkim.h index f32aa6635..c48241ce2 100644 --- a/src/src/dkim.h +++ b/src/src/dkim.h @@ -10,9 +10,8 @@ gstring * dkim_exim_sign(int, off_t, uschar *, struct ob_dkim *, const uschar ** void dkim_exim_verify_init(BOOL); void dkim_exim_verify_feed(uschar *, int); void dkim_exim_verify_finish(void); -void dkim_exim_verify_log_item(void); void dkim_exim_verify_log_all(void); -void dkim_exim_acl_setup(uschar *); +int dkim_exim_acl_run(uschar *, gstring **, uschar **, uschar **); uschar *dkim_exim_expand_query(int); #define DKIM_ALGO 1 diff --git a/src/src/receive.c b/src/src/receive.c index 8aa890bd0..e7e518a92 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3444,19 +3444,9 @@ else seen_items = string_catn(seen_items, ":", 1); } - seen_items = string_cat(seen_items, item); - dkim_exim_acl_setup(item); - DEBUG(D_receive) - debug_printf("calling acl_smtp_dkim for dkim_cur_signer='%s'\n", - item); - - rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, - &user_msg, &log_msg); - dkim_exim_verify_log_item(); - results = string_append_listele(results, ':', dkim_verify_status); - + rc = dkim_exim_acl_run(item, &results, &user_msg, &log_msg); if (rc != OK) { DEBUG(D_receive) diff --git a/test/log/4524 b/test/log/4524 index 917646132..1eaac2f1b 100644 --- a/test/log/4524 +++ b/test/log/4524 @@ -7,8 +7,10 @@ 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.dkim.dom.ain bits: 512 h= -1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass:none +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From:To:Subject +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.dkim.dom.ain bits: 1024 h= +1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass:pass:none 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed