X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=f510214439b23605335945a27a40911ade2da981;hb=45f35410b4bdd59614dd9811ee99aea6a5d1164c;hp=2873eda5310095674e8a8c021a8d09bf53517977;hpb=41468ba140a1678e7491534fa3cddded53e1e6d2;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/dkim.c b/src/src/dkim.c index 2873eda53..f51021443 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -18,7 +18,7 @@ int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; pdkim_signature *dkim_signatures = NULL; pdkim_signature *dkim_cur_sig = NULL; -static BOOL dkim_collect_error = FALSE; +static const uschar * dkim_collect_error = NULL; static int dkim_exim_query_dns_txt(char *name, char *answer) @@ -88,7 +88,7 @@ if (dkim_verify_ctx) dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing); dkim_collect_input = !!dkim_verify_ctx; -dkim_collect_error = FALSE; +dkim_collect_error = NULL; /* Start feed up with any cached data */ receive_get_cache(); @@ -106,9 +106,9 @@ store_pool = POOL_PERM; if ( dkim_collect_input && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK) { + dkim_collect_error = pdkim_errstr(rc); log_write(0, LOG_MAIN, - "DKIM: validation error: %.100s", pdkim_errstr(rc)); - dkim_collect_error = TRUE; + "DKIM: validation error: %.100s", dkim_collect_error); dkim_collect_input = FALSE; } store_pool = dkim_verify_oldpool; @@ -119,9 +119,8 @@ void dkim_exim_verify_finish(void) { pdkim_signature * sig = NULL; -int dkim_signers_size = 0; -int dkim_signers_ptr = 0; -int rc; +int dkim_signers_size = 0, dkim_signers_ptr = 0, rc; +const uschar * errstr; store_pool = POOL_PERM; @@ -133,8 +132,8 @@ dkim_signatures = NULL; if (dkim_collect_error) { log_write(0, LOG_MAIN, - "DKIM: Error while running this message through validation," - " disabling signature verification."); + "DKIM: Error during validation, disabling signature verification: %.100s", + dkim_collect_error); dkim_disable_verify = TRUE; goto out; } @@ -143,10 +142,11 @@ dkim_collect_input = FALSE; /* Finish DKIM operation and fetch link to signatures chain */ -if ((rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures)) != PDKIM_OK) +rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr); +if (rc != PDKIM_OK) { - log_write(0, LOG_MAIN, - "DKIM: validation error: %.100s", pdkim_errstr(rc)); + log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc), + errstr ? ": " : "", errstr ? errstr : US""); goto out; } @@ -449,7 +449,7 @@ switch (what) uschar * -dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim) +dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim, const uschar ** errstr) { const uschar * dkim_domain; int sep = 0; @@ -571,7 +571,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, if (dkim_private_key_expanded[0] == '/') { - int privkey_fd = 0; + int privkey_fd, off = 0, len; /* Looks like a filename, load the private key. */ @@ -585,24 +585,33 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, goto bad; } - if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0) + do { - log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", - dkim_private_key_expanded); - goto bad; + if ((len = read(privkey_fd, big_buffer + off, big_buffer_size - 2 - off)) < 0) + { + (void) close(privkey_fd); + log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", + dkim_private_key_expanded); + goto bad; + } + off += len; } + while (len > 0); (void) close(privkey_fd); + big_buffer[off] = '\0'; dkim_private_key_expanded = big_buffer; } - ctx = pdkim_init_sign(CS dkim_signing_domain, + if (!(ctx = pdkim_init_sign(CS dkim_signing_domain, CS dkim_signing_selector, CS dkim_private_key_expanded, PDKIM_ALGO_RSA_SHA256, dkim->dot_stuffed, - &dkim_exim_query_dns_txt - ); + &dkim_exim_query_dns_txt, + errstr + ))) + goto bad; dkim_private_key_expanded[0] = '\0'; pdkim_set_optional(ctx, CS dkim_sign_headers_expanded, @@ -624,7 +633,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, goto bad; } - if ((pdkim_rc = pdkim_feed_finish(ctx, &signature)) != PDKIM_OK) + if ((pdkim_rc = pdkim_feed_finish(ctx, &signature, errstr)) != PDKIM_OK) goto pk_bad; sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2,