summaryrefslogtreecommitdiff
path: root/src/qmail-dksign.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/qmail-dksign.c')
-rw-r--r--src/qmail-dksign.c65
1 files changed, 40 insertions, 25 deletions
diff --git a/src/qmail-dksign.c b/src/qmail-dksign.c
index 06fee37..0258b29 100644
--- a/src/qmail-dksign.c
+++ b/src/qmail-dksign.c
@@ -32,28 +32,29 @@
#define DOMAINKEYS "ssl/domainkeys/"
-/** @file qmail-dksign.c -- generate signature and attach in DKIM header to outgoing message
-
- Steps:
- ------
- a) DKIM controls: get private key for sending domain
- b) Prepare two staging files at queue/dkim (before and after signing)
- c) Read input at fd0 and insert CR for every line and store at dkim/x/pre
- d) DKIM sign the message with provided private key and store at dkim/y/post
- e) Copy signed file from fd to 0
- f) Invoke qmail-remote (respecting the \r\n)
- g) Remove staging files (pre/post)
-
- Hack for hybrid signatures:
- ---------------------------
-
- a) selector is a link to RSA private key
- b) selector2 is a link to Ed25519 private key
- c) Both are provided in the 'selector' field of dkimdomains separated by colon
- d) The coupled selector information is provided to qmail-dkim as: -yselector ,-Yselector2
- e) The RSA privat key is given unaltered
- f) The Ed25519 private is supplied as additional argument
- */
+/**
+ @file qmail-dksign.c -- generate signature and attach in DKIM header to outgoing message
+
+ Steps:
+ ------
+ a) DKIM controls: get private key for sending domain
+ b) Prepare two staging files at queue/dkim (before and after signing)
+ c) Read input at fd0 and insert CR for every line and store at dkim/x/pre
+ d) DKIM sign the message with provided private key and store at dkim/y/post
+ e) Copy signed file from fd to 0
+ f) Invoke qmail-remote (respecting the \r\n)
+ g) Remove staging files (pre/post)
+
+ Hack for hybrid signatures:
+ ---------------------------
+
+ a) selector is a link to RSA private key
+ b) selector2 is a link to Ed25519 private key
+ c) Both are provided in the 'selector' field of dkimdomains separated by colon
+ d) The coupled selector information is provided to qmail-dkim as: -yselector ,-Yselector2
+ e) The RSA privat key is given unaltered
+ f) The Ed25519 private is supplied as additional argument
+*/
char bufin[1000]; // RFC 5322: 998 chars - why?
buffer bi = BUFFER_INIT(read, 0, bufin, sizeof(bufin));
@@ -64,23 +65,28 @@ void die(int e)
{
_exit(e);
}
+
void die_write(char *fn)
{
unlink(fn);
die(53);
}
+
void die_read()
{
die(54);
}
+
void out(char *s)
{
if (buffer_puts(&bo, s) == -1) _exit(111);
}
+
void zero()
{
if (buffer_put(&bo, "\0", 1) == -1) _exit(111);
}
+
void zerodie()
{
zero();
@@ -106,11 +112,13 @@ void temp_nomem()
out("ZOut of memory. (#4.3.0)\n");
zerodie();
}
+
void temp_chdir()
{
out("ZUnable to switch to target directory. (#4.3.0)\n");
zerodie();
}
+
void temp_create()
{
out("ZUnable to create DKIM stage file: ");
@@ -119,26 +127,31 @@ void temp_create()
out(". (#4.3.0)\n");
zerodie();
}
+
void temp_unlink()
{
out("ZUnable to unlink DKIM stage file. (#4.3.0)\n");
zerodie();
}
+
void temp_control()
{
out("ZUnable to read DKIM control files. (#4.3.0)\n");
zerodie();
}
+
void perm_usage()
{
out("Zqmail-dksign was invoked improperly. (#5.3.5)\n");
zerodie();
}
+
void temp_read()
{
out("DUnable to read message for DKIM signing. (#4.3.0)\n");
zerodie();
}
+
void temp_nosignkey()
{
out("DCan't read sign key: ");
@@ -175,12 +188,13 @@ int get_controls()
/* Parenting domains; senddomain 0-terminated; lowercase */
for (i = 0; i <= senddomain.len; ++i) {
- if ((i == 0) || (senddomain.s[i] == '.'))
+ if ((i == 0) || (senddomain.s[i] == '.')) {
if ((dkimparams = constmap(&mapdkimdomains, senddomain.s + i, senddomain.len - i - 1))) {
if (!stralloc_copys(&sender, senddomain.s + i)) temp_nomem();
if (!stralloc_0(&sender)) temp_nomem();
return 3;
}
+ }
}
/* We sign only senddomains we take responsibility for: rcpthosts */
@@ -275,7 +289,7 @@ stralloc length = {0}; // -l
qmail-dkim [-h|-v|-s] [tags] <msgfile> [<RSAkeyfile> <outfile> <Ed25519keyfile>]
--------------------------------------------------------------------------------
- tags:
+ tags:
----
-c<canonicalization> - r=relaxed [DEFAULT], s=simple, t=relaxed/simple, u=simple/relaxed
-d<sdid> - Signing Domain Identifier,if not provided it will be determined from the envelope originator/from header
@@ -564,8 +578,9 @@ int main(int argc, char **args)
fdin = open_read(fndkin.s); // DKIM key failed to sign
if (fdin == -1) die_read();
}
- } else
+ } else {
temp_nosignkey();
+ }
qmail_remote(qargs, fdin); // closes fdin
if (nkey) dkim_unlink();