From 970424a5fbfce9c2cc353a39fd26cd85e4fb6da0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 25 Oct 2017 10:58:18 +0100 Subject: [PATCH] DKIM: add builtin macro with default list of headers for signing --- doc/doc-docbook/spec.xfpt | 8 +++++--- doc/doc-txt/NewStuff | 1 + src/OS/Makefile-Base | 4 ++++ src/src/dkim.c | 18 ++++++++++++++++-- src/src/macro_predef.c | 23 +++++++++++++++++++---- src/src/macro_predef.h | 1 + src/src/pdkim/pdkim.c | 8 -------- src/src/pdkim/pdkim.h | 9 +++++++++ test/confs/4520 | 2 +- test/log/4520 | 4 ++++ test/log/4523 | 1 + test/log/4524 | 1 + 12 files changed, 62 insertions(+), 18 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f91a4af96..d030ee238 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23806,7 +23806,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_private_key smtp string&!! unset .option dkim_canon smtp string&!! unset .option dkim_strict smtp string&!! unset -.option dkim_sign_headers smtp string&!! unset +.option dkim_sign_headers smtp string&!! per RFC .option dkim_hash smtp string&!! sha256 .option dkim_identity smtp string&!! unset DKIM signing options. For details see section &<>&. @@ -38591,11 +38591,13 @@ either "1" or "true", Exim will defer. Otherwise Exim will send the message unsigned. You can use the &%$dkim_domain%& and &%$dkim_selector%& expansion variables here. -.option dkim_sign_headers smtp string&!! unset -If set, this option must expand to (or be specified as) a colon-separated +.option dkim_sign_headers smtp string&!! see below +If set, this option must expand to a colon-separated list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be used. +The default list is available for the expansion in the macro +"_DKIM_SIGN_HEADERS". .section "Verifying DKIM signatures in incoming mail" "SECID514" diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 39fce1eab..6d875d5f4 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -53,6 +53,7 @@ Version 4.90 13. DKIM support for multiple signing, by domain and/or key-selector. DKIM support for multiple hashes, and for alternate-identity tags. + Builtin macro with default list of signed headers. 14. Exipick understands -C|--config for an alternative Exim configuration file. diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 67ac082ba..60c97c210 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -135,6 +135,7 @@ OBJ_MACRO = macro_predef.o \ macro-manualroute.o macro-queryprogram.o macro-redirect.o \ macro-auth-spa.o macro-cram_md5.o macro-cyrus_sasl.o macro-dovecot.o macro-gsasl_exim.o \ macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-tls.o\ + macro-dkim.o $(OBJ_MACRO): $(MACRO_HSRC) @@ -222,6 +223,9 @@ macro-spa.o : auths/spa.c macro-tls.o: auths/tls.c @echo "$(CC) -DMACRO_PREDEF auths/tls.c" $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/tls.c +macro-dkim.o: dkim.c + @echo "$(CC) -DMACRO_PREDEF dkim.c" + $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ dkim.c macro_predef: $(OBJ_MACRO) @echo "$(LNCC) -o $@" diff --git a/src/src/dkim.c b/src/src/dkim.c index 038adb8b9..41540b39d 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -12,7 +12,20 @@ #ifndef DISABLE_DKIM -#include "pdkim/pdkim.h" +# include "pdkim/pdkim.h" + +# ifdef MACRO_PREDEF +# include "macro_predef.h" + +void +dkim_params(void) +{ +builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS); +} +# else /*!MACRO_PREDEF*/ + + + int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; @@ -661,4 +674,5 @@ expand_bad: goto bad; } -#endif +# endif /*!MACRO_PREDEF*/ +#endif /*!DISABLE_DKIM*/ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index 6b3157fbe..1b5cf4795 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -21,7 +21,7 @@ uschar * syslog_facility_str; /******************************************************************************/ void -builtin_macro_create(const uschar * name) +builtin_macro_create_var(const uschar * name, const uschar * val) { printf ("static macro_item p%d = { ", mp_index); if (mp_index == 0) @@ -29,12 +29,20 @@ if (mp_index == 0) else printf(".next=&p%d,", mp_index-1); -printf(" .command_line=FALSE, .namelen=%d, .replen=1," - " .name=US\"%s\", .replacement=US\"y\" };\n", - Ustrlen(name), CS name); +printf(" .command_line=FALSE, .namelen=%d, .replen=%d," + " .name=US\"%s\", .replacement=US\"%s\" };\n", + Ustrlen(name), Ustrlen(val), CS name, CS val); mp_index++; } + +void +builtin_macro_create(const uschar * name) +{ +builtin_macro_create_var(name, US"y"); +} + + void spf(uschar * buf, int len, const uschar * fmt, ...) { @@ -265,6 +273,12 @@ options_transports(); options_auths(); } +static void +params(void) +{ +dkim_params(); +} + int main(void) @@ -272,6 +286,7 @@ main(void) printf("#include \"exim.h\"\n"); features(); options(); +params(); printf("macro_item * macros = &p%d;\n", mp_index-1); printf("macro_item * mlast = &p0;\n"); diff --git a/src/src/macro_predef.h b/src/src/macro_predef.h index 1d3ba7f74..aece28cc7 100644 --- a/src/src/macro_predef.h +++ b/src/src/macro_predef.h @@ -9,6 +9,7 @@ extern void spf(uschar *, int, const uschar *, ...); extern void builtin_macro_create(const uschar *); +extern void builtin_macro_create_var(const uschar *, const uschar *); extern void options_from_list(optionlist *, unsigned, const uschar *, uschar *); extern void options_main(void); diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 06d455d7d..1420b1a79 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -51,14 +51,6 @@ #define PDKIM_MAX_HEADERS 512 #define PDKIM_MAX_BODY_LINE_LEN 16384 #define PDKIM_DNS_TXT_MAX_NAMELEN 1024 -#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ - "Message-ID:To:Cc:MIME-Version:Content-Type:"\ - "Content-Transfer-Encoding:Content-ID:"\ - "Content-Description:Resent-Date:Resent-From:"\ - "Resent-Sender:Resent-To:Resent-Cc:"\ - "Resent-Message-ID:In-Reply-To:References:"\ - "List-Id:List-Help:List-Unsubscribe:"\ - "List-Subscribe:List-Post:List-Owner:List-Archive" /* -------------------------------------------------------------------------- */ struct pdkim_stringlist { diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index a34999ad8..067c574f2 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -26,6 +26,15 @@ #include "../blob.h" #include "../hash.h" +#define PDKIM_DEFAULT_SIGN_HEADERS "From:Sender:Reply-To:Subject:Date:"\ + "Message-ID:To:Cc:MIME-Version:Content-Type:"\ + "Content-Transfer-Encoding:Content-ID:"\ + "Content-Description:Resent-Date:Resent-From:"\ + "Resent-Sender:Resent-To:Resent-Cc:"\ + "Resent-Message-ID:In-Reply-To:References:"\ + "List-Id:List-Help:List-Unsubscribe:"\ + "List-Subscribe:List-Post:List-Owner:List-Archive" + /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt callback function. This should match the maximum RDLENGTH from DNS. */ diff --git a/test/confs/4520 b/test/confs/4520 index 897c1a675..8fa3c38c8 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -9,7 +9,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_rcpt = accept +acl_smtp_rcpt = accept logwrite = macro: _DKIM_SIGN_HEADERS acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames DDIR=DIR/aux-fixed/dkim diff --git a/test/log/4520 b/test/log/4520 index 8daa636c0..b0ddcd64e 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -13,22 +13,26 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server_dump 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] 1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex diff --git a/test/log/4523 b/test/log/4523 index d1e5ebba3..5c07fa5a2 100644 --- a/test/log/4523 +++ b/test/log/4523 @@ -4,6 +4,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha512 b=1024 i=allheaders@test.ex [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: allheaders@test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive diff --git a/test/log/4524 b/test/log/4524 index a6d687c83..e0dde322a 100644 --- a/test/log/4524 +++ b/test/log/4524 @@ -4,6 +4,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] 1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 512 h=From:To:Subject -- 2.25.1