[svn] Reintegrating and closing branch sympa-dkim. this is the end of the side...

[svn] Reintegrating and closing branch sympa-dkim. this is the end of the side development of the DKIM feature for Sympa. DON'T FORGET TO INCLUDE THE COMMIT LOGS FROM THAT BRACNH TO THE NEWS FILE BEFORE RELEASING THE NEXT VERSION. git-svn-id: https://subversion.renater.fr/sympa/trunk@6187 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce

[svn] Reintegrating and closing branch sympa-dkim. this is the end of the side...
[svn] Reintegrating and closing branch sympa-dkim. this is the end of the side development of the DKIM feature for Sympa. DON'T FORGET TO INCLUDE THE COMMIT LOGS FROM THAT BRACNH TO THE NEWS FILE BEFORE RELEASING THE NEXT VERSION. git-svn-id: https://subversion.renater.fr/sympa/trunk@6187 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
05ef62fc · david.verdin · a55a84ce · 05ef62fc · 05ef62fc · 05ef62fc
Commit 05ef62fc authored Sep 07, 2009 by david.verdin
--- a/mail_tt2/command_report.tt2
+++ b/mail_tt2/command_report.tt2
@@ -15,9 +15,13 @@ X-Loop: [% conf.sympa %]
 [%- FOREACH notice = notices -%]
 > [% notice.cmd -%]

+> [% notice.entry %]
 [% IF notice.entry == 'smime' -%]
 [%|loc%]Your message signature was successfully verified using S/MIME.[%END%]

+[% IF notice.entry == 'dkim' -%]
+[%|loc%]Your message contain a DKIM signature. It was succesfully verified[%END%]
+
 [% ELSIF notice.entry == 'req_forward' -%]
 [%|loc%]Your request to subscribe/unsubscribe has been forwarded to the list's
 owners for approval. You will receive a notification when you have

--- a/src/bulk.pl.in
+++ b/src/bulk.pl.in
@@ -169,6 +169,7 @@ $Conf::Conf{'maxsmtp'} = int($Conf::Conf{'maxsmtp'}/$Conf::Conf{'bulk_max_count'
 while (!$end) {
    &List::init_list_cache();
    my $bulk;
+    my $message_from_spool ;
 	
    unless ($main::options{'foreground'}) {
        ## 
@@ -222,14 +223,15 @@ while (!$end) {
 	if ($bulk->{'messagekey'} ne $messagekey) {
 	    # current packet is no related to the same message as the previous packet
            # so it is needed to fetch the new message from message_table 
-	    $messageasstring_init = &Bulk::messageasstring($bulk->{'messagekey'});
+	    $message_from_spool = &Bulk::message_from_spool($bulk->{'messagekey'});
+
+	    $messageasstring_init = $message_from_spool->{'messageasstring'};
+	    
 	    unless ( $messageasstring_init ) {
-		&do_log('err',"internal error : current packet 'messagekey= %s contain a ref to a null message",$bulk->{'messagekey'});
+		&do_log('err',"internal error : current packet (messagekey= %s) contain a ref to a null message",$bulk->{'messagekey'});
 	    }
 	}
-	#--------------------------------------------------
-	#------------- BEGIN VERP AND MERGE ---------------
-        #--------------------------------------------------
+
 	my $data; #HASH which will contain the attributes of the subscriber
 	
 	# Initialization of the HASH : $data. It will be used by parse_tt2 to personalized messages.
@@ -243,6 +245,14 @@ while (!$end) {
 	## Use an intermediate handler to encode to filesystem_encoding
 	my $user;
 	
+	# message transformation must be done in the folowing order 
+        #  -1 headers modifications (done in sympa.pl)
+        #  -2 merge
+        #  -3 smime sign
+        #  -4 smime encrypt
+        #  -5 dkim sign
+        # 
+ 
 	if (($bulk->{'verp'})||($bulk->{'merge'})){ # message needs personalization
 	    
 	    foreach $rcpt (@rcpts) {
@@ -262,17 +272,31 @@ while (!$end) {
 			&do_log('err', 'Erreur d appel &Bulk::merge_msg');
 		    }

-		    $messageasstring = $entity->as_string;
+		    $messageasstring = $entity->as_string;		    
 		}
-		
+		if ($message_from_spool->{'dkim_d'}){ # apply dkim signature AFTER any other message transformation.
+		    $messageasstring = &tools::dkim_sign($messageasstring,{'dkim_d'=>           $message_from_spool->{'dkim_d'},
+									   'dkim_i'=>           $message_from_spool->{'dkim_i'},
+									   'dkim_selector'=>    $message_from_spool->{'dkim_selector'},
+									   'dkim_privatekey' => $message_from_spool->{'dkim_privatekey'},
+									   'dkim_header_list' =>$message_from_spool->{'dkim_header_list'} } );
+		}		
 		*SMTP = &mail::smtpto($return_path, \$rcpt, $bulk->{'robot'});
 		# Message with customized data
 		print SMTP $messageasstring;
 		close SMTP;
 	    }
 	}else{ # message dont needs personalization, they can be sent by packet
-	    *SMTP = &mail::smtpto($bulk->{'returnpath'}, \@rcpts, $bulk->{'robot'});
+	    
 	    # Initial message
+	    if ($message_from_spool->{'dkim_d'}){
+		$messageasstring_init = &tools::dkim_sign($messageasstring_init,{'dkim_d'=>           $message_from_spool->{'dkim_d'},
+										 'dkim_i'=>           $message_from_spool->{'dkim_i'},
+										 'dkim_selector'=>    $message_from_spool->{'dkim_selector'},
+										 'dkim_privatekey' => $message_from_spool->{'dkim_privatekey'},
+										 'dkim_header_list' =>$message_from_spool->{'dkim_header_list'} } );
+	    }
+	    *SMTP = &mail::smtpto($bulk->{'returnpath'}, \@rcpts, $bulk->{'robot'});		
 	    print SMTP $messageasstring_init;
 	    close SMTP;
 	}

--- a/src/etc/edit_list.conf
+++ b/src/etc/edit_list.conf
@@ -120,6 +120,15 @@ remove_outgoing_headers		owner,privileged_owner		hidden

 default_user_options 		owner,privileged_owner 		hidden

+dkim_feature			listmaster			write
+dkim_feature			owner,privileged_owner		hidden
+
+dkim_parameters			listmaster	 		write
+dkim_parameters			owner,privileged_owner 		hidden
+
+dkim_signature_apply_on		listmaster	 		write
+dkim_signature_apply_on		owner,privileged_owner 		hidden
+
 create_list_request.tt2		owner,privileged_owner 		hidden

 list_created.tt2 		owner,privileged_owner 		hidden

--- a/src/etc/scenari/add.auth
+++ b/src/etc/scenari/add.auth
 title.gettext restricted to owner with authentication

-is_owner([listname],[sender]) smtp -> request_auth
-is_listmaster([sender])	      smtp -> request_auth
+is_owner([listname],[sender]) smtp,dkim -> request_auth
+is_listmaster([sender])	      smtp,dkim -> request_auth
 is_owner([listname],[sender]) md5,smime -> do_it
 is_listmaster([sender])       md5,smime -> do_it
-true()                        smtp,md5,smime -> reject(reason='add_owner')
+true()                        smtp,dkim,md5,smime -> reject(reason='add_owner')
--- a/src/etc/scenari/add.authdkim
+++ b/src/etc/scenari/add.authdkim
+title.gettext restricted to owner without authentication if DKIM signature is OK.
+
+is_owner([listname],[sender]) smtp -> request_auth
+is_listmaster([sender])	      smtp -> request_auth
+is_owner([listname],[sender]) dkim,md5,smime -> do_it
+is_listmaster([sender])       dkim,md5,smime -> do_it
+true()                        smtp,dkim,md5,smime -> reject(reason='add_owner')
--- a/src/etc/scenari/add.closed
+++ b/src/etc/scenari/add.closed
 title.gettext add impossible

-true()   smtp,md5,smime -> reject('add_closed')
+true()   smtp,dkim,md5,smime -> reject('add_closed')




--- a/src/etc/scenari/add.owner
+++ b/src/etc/scenari/add.owner
 title.gettext add performed by list owner does not need authentication

-is_owner([listname],[sender])  smtp,md5,smime -> do_it
-is_listmaster([sender])        smtp -> request_auth
+is_owner([listname],[sender])  smtp,dkim,md5,smime -> do_it
+is_listmaster([sender])        smtp,dkim -> request_auth
 is_listmaster([sender])        md5,smime -> do_it
-true()                         smtp,md5,smime -> reject(reason='add_owner')	
+true()                         smtp,dkim,md5,smime -> reject(reason='add_owner')	
--- a/src/etc/scenari/add.owner_notify
+++ b/src/etc/scenari/add.owner_notify
 title.gettext add performed by owner does not need authentication (notification)

-is_owner([listname],[sender])  smtp,md5,smime -> do_it,notify
+is_owner([listname],[sender])  smtp,dkim,md5,smime -> do_it,notify
 is_listmaster([sender])        smtp           -> request_auth
-is_listmaster([sender])        md5,smime      -> do_it,notify
-true()                         smtp,md5,smime -> reject(reason='add_owner')	
+is_listmaster([sender])        dkim,md5,smime      -> do_it,notify
+true()                         smtp,dkim,md5,smime -> reject(reason='add_owner')	

--- a/src/etc/scenari/add.ownerdkim
+++ b/src/etc/scenari/add.ownerdkim
+title.gettext add performed by list owner does not need authentication if DKIM signature OK
+
+is_owner([listname],[sender])  smtp -> request_auth
+is_owner([listname],[sender])  dkim,md5,smime -> do_it
+is_listmaster([sender])        smtp -> request_auth
+is_listmaster([sender])        dkim,md5,smime -> do_it
+true()                         smtp,dkim,md5,smime -> reject(reason='add_owner')	
--- a/src/etc/scenari/automatic_list_creation.listmaster
+++ b/src/etc/scenari/automatic_list_creation.listmaster
 title.gettext restricted to listmaster

-is_listmaster([sender])                 smime -> do_it
-true()                    		smtp,md5,smime -> reject
+is_listmaster([sender])                 smime,md5 -> do_it
+true()                    		smtp,dkim,md5,smime -> reject
--- a/src/etc/scenari/automatic_list_creation.public
+++ b/src/etc/scenari/automatic_list_creation.public
 title.gettext anybody. Be sure you know what you are doing

-true()                    smtp,smime -> do_it
+true()                    smtp,dkim,md5,smime -> do_it
--- a/src/etc/scenari/del.auth
+++ b/src/etc/scenari/del.auth
 title.gettext deletion performed only by list owners, need authentication

-is_owner([listname],[sender])  smtp       -> request_auth
-is_listmaster([sender])        smtp       -> request_auth
-is_owner([listname],[sender]) md5,smime -> do_it
-is_listmaster([sender])       md5,smime -> do_it
-true()                        smtp,md5,smime -> reject(reason='del_owner')
+is_owner([listname],[sender])  smtp,dkim      -> request_auth
+is_listmaster([sender])        smtp,dkim       -> request_auth
+is_owner([listname],[sender])  md5,smime -> do_it
+is_listmaster([sender])        md5,smime -> do_it
+true()                         smtp,dkim,md5,smime -> reject(reason='del_owner')
--- a/src/etc/scenari/del.authdkim
+++ b/src/etc/scenari/del.authdkim
+title.gettext deletion performed only by list owners, need authentication unless DKIM signature is OK
+
+is_owner([listname],[sender])  smtp       -> request_auth
+is_listmaster([sender])        smtp       -> request_auth
+is_owner([listname],[sender])  dkim,md5,smime -> do_it
+is_listmaster([sender])        dkim,md5,smime -> do_it
+true()                         smtp,dkim,md5,smime -> reject(reason='del_owner')
--- a/src/etc/scenari/del.closed
+++ b/src/etc/scenari/del.closed
 title.gettext remove subscriber impossible

-true()   smtp,md5,smime -> reject(reason='del_closed')
+true()   smtp,dkim,md5,smime -> reject(reason='del_closed')
--- a/src/etc/scenari/del.owner
+++ b/src/etc/scenari/del.owner
 title.gettext by owner without authentication

-is_owner([listname],[sender])  smtp,md5,smime -> do_it
-is_listmaster([sender])        smtp       -> request_auth
-is_listmaster([sender])        md5,smime -> do_it
+is_owner([listname],[sender])  smtp,dkim,md5,smime -> do_it
+is_listmaster([sender])        smtp,dkim       -> request_auth
+is_listmaster([sender])        md5,smime       -> do_it
 true()                         smtp,md5,smime -> reject(reason='del_owner')	

--- a/src/etc/scenari/del.owner_notify
+++ b/src/etc/scenari/del.owner_notify
 title.gettext list owners, authentication not needed (notification)

-is_owner([listname],[sender])  smtp,smime,md5 -> do_it,notify
-is_listmaster([sender])        smtp           -> request_auth
+is_owner([listname],[sender])  smtp,dkim,smime,md5 -> do_it,notify
+is_listmaster([sender])        smtp,dkim           -> request_auth
 is_listmaster([sender])        md5,smime      -> do_it,notify
-true()                         smtp,md5,smime -> reject(reason='del_owner')	
+true()                         smtp,dkim,md5,smime -> reject(reason='del_owner')	

--- a/src/etc/scenari/global_remind.listmaster
+++ b/src/etc/scenari/global_remind.listmaster
 title.gettext just for listmaster

-is_listmaster([sender])     smtp -> request_auth
+is_listmaster([sender])     smtp,dkim -> request_auth
 is_listmaster([sender])     md5,smime -> do_it
-true()                      smtp,md5,smime -> reject(reason='global_remind_listmaster')	
+true()                      smtp,dkim,md5,smime -> reject(reason='global_remind_listmaster')	
--- a/src/etc/scenari/invite.closed
+++ b/src/etc/scenari/invite.closed
 title.gettext closed

-true() smtp,md5,smime -> reject(reason='invite_closed')
+true() smtp,dkim,md5,smime -> reject(reason='invite_closed')
--- a/src/etc/scenari/invite.owner
+++ b/src/etc/scenari/invite.owner
 title.gettext invite perform by list owner do not need authentication

-is_owner([listname],[sender])  smtp,md5,smime -> do_it
-is_listmaster([sender])        smtp -> request_auth
+is_owner([listname],[sender])  smtp,dkim,md5,smime -> do_it
+is_listmaster([sender])        smtp,dkim -> request_auth
 is_listmaster([sender])        md5,smime -> do_it
-true()                         smtp,md5,smime -> reject(reason='invite_owner')	
+true()                         smtp,dkim,md5,smime -> reject(reason='invite_owner')	

--- a/src/etc/scenari/invite.private
+++ b/src/etc/scenari/invite.private
 title.gettext restricted to subscribers

-is_subscriber([listname],[sender])      smtp,md5,smime  -> do_it
-is_owner([listname],[sender])           smtp,md5,smime  -> do_it
-is_editor([listname],[sender])          smtp,md5,smime  -> do_it
-is_listmaster([sender])                 smtp,md5,smime  -> do_it
-true()                                  smtp,md5,smime -> reject(reason='invite_subscriber')	
+is_subscriber([listname],[sender])      smtp,dkim,md5,smime  -> do_it
+is_owner([listname],[sender])           smtp,dkim,md5,smime  -> do_it
+is_editor([listname],[sender])          smtp,dkim,md5,smime  -> do_it
+is_listmaster([sender])                 smtp,dkim,md5,smime  -> do_it
+true()                                  smtp,dkim,md5,smime  -> reject(reason='invite_subscriber')