diff options
Diffstat (limited to 'src/qmail-dksign.c')
-rw-r--r-- | src/qmail-dksign.c | 65 |
1 files changed, 40 insertions, 25 deletions
diff --git a/src/qmail-dksign.c b/src/qmail-dksign.c index 06fee37..0258b29 100644 --- a/src/qmail-dksign.c +++ b/src/qmail-dksign.c @@ -32,28 +32,29 @@ #define DOMAINKEYS "ssl/domainkeys/" -/** @file qmail-dksign.c -- generate signature and attach in DKIM header to outgoing message - - Steps: - ------ - a) DKIM controls: get private key for sending domain - b) Prepare two staging files at queue/dkim (before and after signing) - c) Read input at fd0 and insert CR for every line and store at dkim/x/pre - d) DKIM sign the message with provided private key and store at dkim/y/post - e) Copy signed file from fd to 0 - f) Invoke qmail-remote (respecting the \r\n) - g) Remove staging files (pre/post) - - Hack for hybrid signatures: - --------------------------- - - a) selector is a link to RSA private key - b) selector2 is a link to Ed25519 private key - c) Both are provided in the 'selector' field of dkimdomains separated by colon - d) The coupled selector information is provided to qmail-dkim as: -yselector ,-Yselector2 - e) The RSA privat key is given unaltered - f) The Ed25519 private is supplied as additional argument - */ +/** + @file qmail-dksign.c -- generate signature and attach in DKIM header to outgoing message + + Steps: + ------ + a) DKIM controls: get private key for sending domain + b) Prepare two staging files at queue/dkim (before and after signing) + c) Read input at fd0 and insert CR for every line and store at dkim/x/pre + d) DKIM sign the message with provided private key and store at dkim/y/post + e) Copy signed file from fd to 0 + f) Invoke qmail-remote (respecting the \r\n) + g) Remove staging files (pre/post) + + Hack for hybrid signatures: + --------------------------- + + a) selector is a link to RSA private key + b) selector2 is a link to Ed25519 private key + c) Both are provided in the 'selector' field of dkimdomains separated by colon + d) The coupled selector information is provided to qmail-dkim as: -yselector ,-Yselector2 + e) The RSA privat key is given unaltered + f) The Ed25519 private is supplied as additional argument +*/ char bufin[1000]; // RFC 5322: 998 chars - why? buffer bi = BUFFER_INIT(read, 0, bufin, sizeof(bufin)); @@ -64,23 +65,28 @@ void die(int e) { _exit(e); } + void die_write(char *fn) { unlink(fn); die(53); } + void die_read() { die(54); } + void out(char *s) { if (buffer_puts(&bo, s) == -1) _exit(111); } + void zero() { if (buffer_put(&bo, "\0", 1) == -1) _exit(111); } + void zerodie() { zero(); @@ -106,11 +112,13 @@ void temp_nomem() out("ZOut of memory. (#4.3.0)\n"); zerodie(); } + void temp_chdir() { out("ZUnable to switch to target directory. (#4.3.0)\n"); zerodie(); } + void temp_create() { out("ZUnable to create DKIM stage file: "); @@ -119,26 +127,31 @@ void temp_create() out(". (#4.3.0)\n"); zerodie(); } + void temp_unlink() { out("ZUnable to unlink DKIM stage file. (#4.3.0)\n"); zerodie(); } + void temp_control() { out("ZUnable to read DKIM control files. (#4.3.0)\n"); zerodie(); } + void perm_usage() { out("Zqmail-dksign was invoked improperly. (#5.3.5)\n"); zerodie(); } + void temp_read() { out("DUnable to read message for DKIM signing. (#4.3.0)\n"); zerodie(); } + void temp_nosignkey() { out("DCan't read sign key: "); @@ -175,12 +188,13 @@ int get_controls() /* Parenting domains; senddomain 0-terminated; lowercase */ for (i = 0; i <= senddomain.len; ++i) { - if ((i == 0) || (senddomain.s[i] == '.')) + if ((i == 0) || (senddomain.s[i] == '.')) { if ((dkimparams = constmap(&mapdkimdomains, senddomain.s + i, senddomain.len - i - 1))) { if (!stralloc_copys(&sender, senddomain.s + i)) temp_nomem(); if (!stralloc_0(&sender)) temp_nomem(); return 3; } + } } /* We sign only senddomains we take responsibility for: rcpthosts */ @@ -275,7 +289,7 @@ stralloc length = {0}; // -l qmail-dkim [-h|-v|-s] [tags] <msgfile> [<RSAkeyfile> <outfile> <Ed25519keyfile>] -------------------------------------------------------------------------------- - tags: + tags: ---- -c<canonicalization> - r=relaxed [DEFAULT], s=simple, t=relaxed/simple, u=simple/relaxed -d<sdid> - Signing Domain Identifier,if not provided it will be determined from the envelope originator/from header @@ -564,8 +578,9 @@ int main(int argc, char **args) fdin = open_read(fndkin.s); // DKIM key failed to sign if (fdin == -1) die_read(); } - } else + } else { temp_nosignkey(); + } qmail_remote(qargs, fdin); // closes fdin if (nkey) dkim_unlink(); |