[9front] dkim patches

9front - general discussion about 9front
 help / color / mirror / Atom feed

* [9front] dkim patches
@ 2023-04-24 20:29 ooga
  0 siblings, 0 replies; only message in thread
From: ooga @ 2023-04-24 20:29 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 509 bytes --]

I'm not sure how to send these patches, but here they are, attached: one to use custom headers, one to prevent headers from being inserted and one to silence upas/qer.

The first one is fresh, but dkim didn't crashed :) with a couple of message I've test it. I'm not sure I use the right function to parse the command line argument. I used to have a hardcoded list in dkim.c, but it wasn't enough.

The messages pass the validation from Google and FairMail (android app), with or without the trailing ":".




[-- Attachment #2: dkim-custom-headers.diff --]
[-- Type: text/plain, Size: 1756 bytes --]

upas/dkim: allow custom headers to be signed

The list of headers someone wants to sign is larger that the default
list used by upas/dkim.  For example, many servers add 'cc',
'reply-to', 'sender' and 'mime-version', the top of the recommended
list[1].

In addition to this, there are times when you want to sign
specific headers on some messages. For example, Google
signs tls-report-submitter and tls-report-domain with smpt-tls-reporting
messages.

[1]: https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields
---
diff 2c6484d1804bd719ae89b9ee36e90b61dd9f6fbb 742fd9b6fa574793f709fa69b791196438ad1ee8
--- a/sys/man/1/filter
+++ b/sys/man/1/filter
@@ -204,6 +204,11 @@
 flag specifies the selector. If the selector is not
 specified, it defaults to
 .IR dkim .
+.I -h
+flag specifies a list of headers to sign. If this flag is not
+specified, it defaults to
+.IR from:,to:,subject:,date:,message-id:
+.
 The keyspec searched for the signing key is:
 .IP
 .EX
--- a/sys/src/cmd/upas/dkim/dkim.c
+++ b/sys/src/cmd/upas/dkim/dkim.c
@@ -6,7 +6,7 @@
 #include <authsrv.h>
 #include <pool.h>
 
-char *signhdr[] = {
+char *defsignhdr[] = {
 	"from:",
 	"to:",
 	"subject:",
@@ -14,6 +14,8 @@
 	"message-id:",
 	nil
 };
+char **signhdr = defsignhdr;
+char *usersignhdr[20];
 
 char *keyspec;
 char *domain;
@@ -93,7 +95,7 @@
 void
 usage(void)
 {
-	fprint(2, "usage: %s [-s sel] -d dom\n", argv0);
+	fprint(2, "usage: %s [-s sel] [-h headers] -d dom\n", argv0);
 	exits("usage");
 }
 
@@ -109,6 +111,10 @@
 	ARGBEGIN{
 	case 'd':
 		domain = EARGF(usage());
+		break;
+	case 'h':
+		usersignhdr[getfields(EARGF(usage()), usersignhdr, nelem(usersignhdr)-1, 1, ",")] = nil;
+		signhdr = usersignhdr;
 		break;
 	case 's':
 		selector = EARGF(usage());

[-- Attachment #3: dkim-seal.diff --]
[-- Type: text/plain, Size: 985 bytes --]

upas/dkim: seal the signed header fields

"Signers MAY claim to have signed header fields that do not exist
...
A header field name need only be listed once more
than the actual number of that header field in a message
at the time of signing in order to prevent any further additions."

https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields
---
diff 742fd9b6fa574793f709fa69b791196438ad1ee8 c24531318db27a706d0af70f69ae7f524ba1754a
--- a/sys/src/cmd/upas/dkim/dkim.c
+++ b/sys/src/cmd/upas/dkim/dkim.c
@@ -33,6 +33,18 @@
 	return e - p;
 }		
 
+void
+addallhdrs(char **hs)
+{
+	char **p;
+
+	for(p = signhdr; *p; p++){
+		if((*hs = realloc(*hs, strlen(*hs) + strlen(*p) + 1)) == nil)
+			sysfatal("realloc: %r");
+		strcat(*hs, *p);
+	}
+}
+
 int
 usehdr(char *ln, char **hs)
 {
@@ -165,6 +177,7 @@
 		}
 		append(&hdr, &nhdr, &hdrsz, ln, n);
 	}
+	addallhdrs(&hdrset); /* https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields */
 
 	sb = nil;
 	ntail = 0;

[-- Attachment #4: qer.diff --]
[-- Type: text/plain, Size: 670 bytes --]

upas/qer: don't log if mail starts with DKIM-Signature:

Without this, when we use upas/dkim in /mail/lib/qmail:

	upas/dkim ... | upas/qer ...

we'll have a warning in our logs for every message we send.
---
diff f9aa809cbf2d1c17d989bd777c97d4bd4944a8e3 2c6484d1804bd719ae89b9ee36e90b61dd9f6fbb
--- a/sys/src/cmd/upas/q/qer.c
+++ b/sys/src/cmd/upas/q/qer.c
@@ -129,7 +129,7 @@
 	 */
 	i = 0;
 	while((n = read(0, buf, sizeof(buf)-1)) > 0){
-		if(i++ == 0 && strncmp(buf, "From", 4) != 0){
+		if(i++ == 0 && strncmp(buf, "From", 4) != 0 && strncmp(buf, "DKIM-Signature:", 15) != 0){
 			buf[n] = 0;
 			syslog(0, "smtp", "qer usys data starts with %-40.40s", buf);
 		}

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-04-24 20:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-24 20:29 [9front] dkim patches ooga

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).