DMARC: add results to generic authres string; remove $dmarc_ar_header

8 files changed, 36 insertions, 63 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index eb0e1a346..1dff01fb5 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -160,6 +160,9 @@ JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
       (propating to people being dropped from mailing lists).
       Discovered and pinpointed by David Carter.
 
+JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+      replaced by the ${authresults } expansion.
+
 
 Exim version 4.90
 -----------------
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 839200c6c..2cac9e90d 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -548,9 +548,8 @@ expansion variables are available:
     are "none", "reject" and "quarantine".  It is blank when there
     is any error, including no DMARC record.
 
-  o $dmarc_ar_header
-    This is the entire Authentication-Results header which you can
-    add using an add_header modifier.
+A now-redundant variable $dmarc_ar_header has now been withdrawn.
+Use the ${authresults } expansion instead.
 
 
 5. How to enable DMARC advanced operation:
diff --git a/src/src/dmarc.c b/src/src/dmarc.c
index 0032afe87..0b45e100a 100644
--- a/src/src/dmarc.c
+++ b/src/src/dmarc.c
@@ -93,7 +93,6 @@ dmarc_status       = US"none";
 dmarc_abort        = FALSE;
 dmarc_pass_fail    = US"skipped";
 dmarc_used_domain  = US"";
-dmarc_ar_header    = NULL;
 dmarc_has_been_checked = FALSE;
 header_from_sender = NULL;
 spf_sender_domain  = NULL;
@@ -140,13 +139,15 @@ return OK;
 
 
 /* dmarc_store_data stores the header data so that subsequent
- * dmarc_process can access the data */
+dmarc_process can access the data */
 
-int dmarc_store_data(header_line *hdr) {
-  /* No debug output because would change every test debug output */
-  if (dmarc_disable_verify != TRUE)
-    from_header = hdr;
-  return OK;
+int
+dmarc_store_data(header_line *hdr)
+{
+/* No debug output because would change every test debug output */
+if (!dmarc_disable_verify)
+  from_header = hdr;
+return OK;
 }
 
 
@@ -208,8 +209,8 @@ if (  dmarc_policy == DMARC_POLICY_REJECT     && action == DMARC_RESULT_REJECT
 }
 
 /* dmarc_process adds the envelope sender address to the existing
-   context (if any), retrieves the result, sets up expansion
-   strings and evaluates the condition outcome. */
+context (if any), retrieves the result, sets up expansion
+strings and evaluates the condition outcome. */
 
 int
 dmarc_process()
@@ -223,10 +224,7 @@ u_char **ruf; /* forensic report addressees, if called for */
 
 /* ACLs have "control=dmarc_disable_verify" */
 if (dmarc_disable_verify)
-  {
-  dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
   return OK;
-  }
 
 /* Store the header From: sender domain for this part of DMARC.
  * If there is no from_header struct, then it's likely this message
@@ -464,7 +462,7 @@ if (!dmarc_abort && !sender_host_authenticated)
     log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
 			     opendmarc_policy_status_to_str(libdm_status));
 
-  if (has_dmarc_record == TRUE)
+  if (has_dmarc_record)
     {
     log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
 			   "spf_align=%s dkim_align=%s enforcement='%s'",
@@ -479,13 +477,10 @@ if (!dmarc_abort && !sender_host_authenticated)
     }
   }
 
-/* set some global variables here */
-dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
-
 /* shut down libopendmarc */
-if ( dmarc_pctx != NULL )
+if (dmarc_pctx)
   (void) opendmarc_policy_connect_shutdown(dmarc_pctx);
-if ( dmarc_disable_verify == FALSE )
+if (!dmarc_disable_verify)
   (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
 
 return OK;
@@ -595,41 +590,14 @@ if (what == DMARC_VERIFY_STATUS)
 return US"";
 }
 
-uschar *
-dmarc_auth_results_header(header_line *from_header, uschar *hostname)
-{
-uschar *hdr_tmp    = US"";
-
-/* Allow a server hostname to be passed to this function, but is
- * currently unused */
-if (!hostname)
-  hostname = primary_hostname;
-hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname);
-
-#if 0
-/* I don't think this belongs here, but left it here commented out
- * because it was a lot of work to get working right. */
-if (spf_response != NULL) {
-  uschar *dmarc_ar_spf = US"";
-  int sr               = 0;
-  sr = spf_response->result;
-  dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL)  ? US"neutral" :
-		 (sr == SPF_RESULT_PASS)     ? US"pass" :
-		 (sr == SPF_RESULT_FAIL)     ? US"fail" :
-		 (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" :
-		 US"none";
-  hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
-			   hdr_tmp, dmarc_ar_spf_result,
-			   spf_response->header_comment,
-			   expand_string(US"$sender_address") );
-}
-#endif
 
-hdr_tmp = string_sprintf("%s dmarc=%s", hdr_tmp, dmarc_pass_fail);
+gstring *
+authres_dmarc(gstring * g)
+{
+g = string_append(g, 2, US";\n\tdmarc=", dmarc_pass_fail);
 if (header_from_sender)
-  hdr_tmp = string_sprintf("%s header.from=%s",
-			   hdr_tmp, header_from_sender);
-return hdr_tmp;
+  g = string_append(g, 2, US"header.from=", header_from_sender);
+return g;
 }
 
 # endif /* SUPPORT_SPF */
diff --git a/src/src/expand.c b/src/src/expand.c
index 6f67ab138..f1c8544c9 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -518,7 +518,6 @@ static var_entry var_table[] = {
   { "dkim_verify_status",  vtype_stringptr,   &dkim_verify_status },
 #endif
 #ifdef EXPERIMENTAL_DMARC
-  { "dmarc_ar_header",     vtype_stringptr,   &dmarc_ar_header },
   { "dmarc_domain_policy", vtype_stringptr,   &dmarc_domain_policy },
   { "dmarc_status",        vtype_stringptr,   &dmarc_status },
   { "dmarc_status_text",   vtype_stringptr,   &dmarc_status_text },
@@ -4149,6 +4148,9 @@ while (*s != 0)
 #ifndef DISABLE_DKIM
       yield = authres_dkim(yield);
 #endif
+#ifdef EXPERIMENTAL_DMARC
+      yield = authres_dmarc(yield);
+#endif
 #ifdef EXPERIMENTAL_ARC
       yield = authres_arc(yield);
 #endif
diff --git a/src/src/functions.h b/src/src/functions.h
index 0b261177c..1b7aff083 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -112,15 +112,18 @@ extern void    auth_show_supported(FILE *);
 extern uschar *auth_xtextencode(uschar *, int);
 extern int     auth_xtextdecode(uschar *, uschar **);
 
-extern gstring *authres_smtpauth(gstring *);
-#ifdef SUPPORT_SPF
-extern gstring *authres_spf(gstring *);
+#ifdef EXPERIMENTAL_ARC
+extern gstring *authres_arc(gstring *);
 #endif
 #ifndef DISABLE_DKIM
 extern gstring *authres_dkim(gstring *);
 #endif
-#ifdef EXPERIMENTAL_ARC
-extern gstring *authres_arc(gstring *);
+#ifdef EXPERIMENTAL_DMARC
+extern gstring *authres_dmarc(gstring *);
+#endif
+extern gstring *authres_smtpauth(gstring *);
+#ifdef SUPPORT_SPF
+extern gstring *authres_spf(gstring *);
 #endif
 
 extern uschar *b64encode(uschar *, int);
diff --git a/src/src/globals.c b/src/src/globals.c
index b2aeb861f..55154646c 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -682,7 +682,6 @@ uschar *dkim_verify_reason	 = NULL;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 BOOL    dmarc_has_been_checked  = FALSE;
-uschar *dmarc_ar_header         = NULL;
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 63e0e424c..7bd681fe9 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -405,7 +405,6 @@ extern uschar *dkim_verify_reason;     /* result for this signature */
 #endif
 #ifdef EXPERIMENTAL_DMARC
 extern BOOL    dmarc_has_been_checked; /* Global variable to check if test has been called yet */
-extern uschar *dmarc_ar_header;        /* Expansion variable, suggested header for dmarc auth results */
 extern uschar *dmarc_domain_policy;    /* Expansion for declared policy of used domain */
 extern uschar *dmarc_forensic_sender;  /* Set sender address for forensic reports */
 extern uschar *dmarc_history_file;     /* Expansion variable, file to store dmarc results */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index d4ffb3ce7..17801838d 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2009,7 +2009,7 @@ spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 dmarc_has_been_checked = dmarc_disable_verify = dmarc_enable_forensic = FALSE;
-dmarc_ar_header = dmarc_domain_policy = dmarc_forensic_sender =
+dmarc_domain_policy = dmarc_forensic_sender =
 dmarc_history_file = dmarc_status = dmarc_status_text =
 dmarc_tld_file = dmarc_used_domain = NULL;
 #endif