DKIM: call ACL once for each signature matching the identity from dkim_verify_signers. Bug 2189

6 files changed, 74 insertions, 37 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 1a7a7baa6..cfee04ccd 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -38708,6 +38708,11 @@ dkim_verify_signers = $sender_address_domain:$dkim_signers
 If a domain or identity is listed several times in the (expanded) value of
 &%dkim_verify_signers%&, the ACL is only called once for that domain or identity.
 
+.new
+If multiple signatures match a domain (or identity), the ACL is called once
+for each matching signature.
+.wen
+
 
 Inside the &%acl_smtp_dkim%&, the following expansion variables are
 available (from most to least important):
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4b3d64e0c..fd188a00a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -182,6 +182,10 @@ JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error.
       Previously only that bufferd was discarded, resulting in SYMTP command
       desynchronisation.
 
+JH/32 DKIM: when a message has multiple signatures matching an identity given
+      in dkim_verify_signers, run the dkim acl once for each.  Previously only
+      one run was done.  Bug 2189.
+
 
 Exim version 4.89
 -----------------
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 528ce82c4..396e5b905 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -235,14 +235,6 @@ return;
 }
 
 
-/* Log a line for "the current" signature */
-void
-dkim_exim_verify_log_item(void)
-{
-dkim_exim_verify_log_sig(dkim_cur_sig);
-}
-
-
 /* Log a line for each signature */
 void
 dkim_exim_verify_log_all(void)
@@ -303,37 +295,72 @@ store_pool = dkim_verify_oldpool;
 }
 
 
-void
-dkim_exim_acl_setup(uschar * id)
+
+/* Args as per dkim_exim_acl_run() below */
+static int
+dkim_acl_call(uschar * id, gstring ** res_ptr,
+  uschar ** user_msgptr, uschar ** log_msgptr)
+{
+int rc;
+DEBUG(D_receive)
+  debug_printf("calling acl_smtp_dkim for dkim_cur_signer='%s'\n", id);
+
+rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim, user_msgptr, log_msgptr);
+dkim_exim_verify_log_sig(dkim_cur_sig);
+*res_ptr = string_append_listele(*res_ptr, ':', dkim_verify_status);
+return rc;
+}
+
+
+
+/* For the given identity, run the DKIM ACL once for each matching signature.
+
+Arguments
+ id		Identity to look for in dkim signatures
+ res_ptr	ptr to growable string-list of status results,
+		appended to per ACL run
+ user_msgptr	where to put a user error (for SMTP response)
+ log_msgptr	where to put a logging message (not for SMTP response)
+
+Returns:       OK         access is granted by an ACCEPT verb
+               DISCARD    access is granted by a DISCARD verb
+               FAIL       access is denied
+               FAIL_DROP  access is denied; drop the connection
+               DEFER      can't tell at the moment
+               ERROR      disaster
+*/
+
+int
+dkim_exim_acl_run(uschar * id, gstring ** res_ptr,
+  uschar ** user_msgptr, uschar ** log_msgptr)
 {
 pdkim_signature * sig;
 uschar * cmp_val;
+int rc = -1;
 
 dkim_verify_status = US"none";
 dkim_verify_reason = US"";
-dkim_cur_sig = NULL;
 dkim_cur_signer = id;
 
 if (dkim_disable_verify || !id || !dkim_verify_ctx)
-  return;
+  return OK;
 
-/* Find signature to run ACL on */
+/* Find signatures to run ACL on */
 
 for (sig = dkim_signatures; sig; sig = sig->next)
   if (  (cmp_val = Ustrchr(id, '@') != NULL ? US sig->identity : US sig->domain)
      && strcmpic(cmp_val, id) == 0
      )
     {
-    dkim_cur_sig = sig;
-
     /* The "dkim_domain" and "dkim_selector" expansion variables have
-       related globals, since they are used in the signing code too.
-       Instead of inventing separate names for verification, we set
-       them here. This is easy since a domain and selector is guaranteed
-       to be in a signature. The other dkim_* expansion items are
-       dynamically fetched from dkim_cur_sig at expansion time (see
-       function below). */
+    related globals, since they are used in the signing code too.
+    Instead of inventing separate names for verification, we set
+    them here. This is easy since a domain and selector is guaranteed
+    to be in a signature. The other dkim_* expansion items are
+    dynamically fetched from dkim_cur_sig at expansion time (see
+    function below). */
 
+    dkim_cur_sig = sig;
     dkim_signing_domain = US sig->domain;
     dkim_signing_selector = US sig->selector;
     dkim_key_length = sig->sighash.len * 8;
@@ -343,8 +370,18 @@ for (sig = dkim_signatures; sig; sig = sig->next)
 
     dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS);
     dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON);
-    return;
+    
+    if ((rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK)
+      return rc;
     }
+
+if (rc != -1)
+  return rc;
+
+/* No matching sig found.  Call ACL once anyway. */
+
+dkim_cur_sig = NULL;
+return dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr);
 }
 
 
diff --git a/src/src/dkim.h b/src/src/dkim.h
index f32aa6635..c48241ce2 100644
--- a/src/src/dkim.h
+++ b/src/src/dkim.h
@@ -10,9 +10,8 @@ gstring * dkim_exim_sign(int, off_t, uschar *, struct ob_dkim *, const uschar **
 void    dkim_exim_verify_init(BOOL);
 void    dkim_exim_verify_feed(uschar *, int);
 void    dkim_exim_verify_finish(void);
-void    dkim_exim_verify_log_item(void);
 void    dkim_exim_verify_log_all(void);
-void    dkim_exim_acl_setup(uschar *);
+int     dkim_exim_acl_run(uschar *, gstring **, uschar **, uschar **);
 uschar *dkim_exim_expand_query(int);
 
 #define DKIM_ALGO               1
diff --git a/src/src/receive.c b/src/src/receive.c
index 8aa890bd0..e7e518a92 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3444,19 +3444,9 @@ else
 
 	    seen_items = string_catn(seen_items, ":", 1);
 	    }
-
 	  seen_items = string_cat(seen_items, item);
 
-	  dkim_exim_acl_setup(item);
-	  DEBUG(D_receive)
-	    debug_printf("calling acl_smtp_dkim for dkim_cur_signer='%s'\n",
-	      item);
-
-	  rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim,
-		&user_msg, &log_msg);
-	  dkim_exim_verify_log_item();
-	  results = string_append_listele(results, ':', dkim_verify_status);
-
+	  rc = dkim_exim_acl_run(item, &results, &user_msg, &log_msg);
 	  if (rc != OK)
 	    {
 	    DEBUG(D_receive)
diff --git a/test/log/4524 b/test/log/4524
index 917646132..1eaac2f1b 100644
--- a/test/log/4524
+++ b/test/log/4524
@@ -7,8 +7,10 @@
 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
 1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 512 h=From:To:Subject
 1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=ses c=relaxed/relaxed a=rsa-sha256 b=512 [verification succeeded]
-1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.dkim.dom.ain bits: 512 h=
-1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass:none
+1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From:To:Subject
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.dkim.dom.ain bits: 1024 h=
+1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass:pass:none
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <c@test.ex> R=server_dump
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed