X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=lib-crypt%2Fcrypt.c;h=60349cf0752bf2d77ad73ef1267df7620ba11eff;hb=132d06d5920f9a496a8623acfbbabe9739618489;hp=f677789b5f10f94c620bd93cd600a58cf68a1391;hpb=8476307969a605bea67f6b702b0c1e7a52038bed;p=apps%2Fmadmutt.git diff --git a/lib-crypt/crypt.c b/lib-crypt/crypt.c index f677789..60349cf 100644 --- a/lib-crypt/crypt.c +++ b/lib-crypt/crypt.c @@ -1,28 +1,19 @@ /* * Copyright notice from original mutt: * Copyright (C) 1996,1997 Michael R. Elkins - * Copyright (C) 1999-2000 Thomas Roessler + * Copyright (C) 1998-2000 Thomas Roessler * Copyright (C) 2001 Thomas Roessler * Oliver Ehli * Copyright (C) 2003 Werner Koch - * Copyright (C) 2004 g10code GmbH - * - * This file is part of mutt-ng, see http://www.muttng.org/. - * It's licensed under the GNU General Public License, - * please see the file GPL in the top level source directory. + * Copyright (C) 2002, 2003, 2004 g10 Code GmbH + */ +/* + * Copyright © 2006 Pierre Habouzit */ #include -#ifdef HAVE_LOCALE_H -# include -#endif -#ifdef HAVE_SYS_RESOURCE_H -# include -#endif - #include - #include #include @@ -30,108 +21,23 @@ #include "handler.h" #include "copy.h" #include "crypt.h" -#include "pgp.h" - -/* print the current time to avoid spoofing of the signature output */ -void crypt_current_time (STATE * s, const char *app_name) -{ - time_t t; - char p[STRING], tmp[STRING]; - - if (option (OPTCRYPTTIMESTAMP)) { - t = time (NULL); - setlocale (LC_TIME, ""); - strftime (p, sizeof (p), _(" (current time: %c)"), localtime (&t)); - setlocale (LC_TIME, "C"); - } - else - *p = '\0'; - - snprintf (tmp, sizeof (tmp), _("[-- %s output follows%s --]\n"), - NONULL (app_name), p); - state_attach_puts (tmp, s); -} - - - -void crypt_forget_passphrase (void) -{ - crypt_pgp_void_passphrase (); - crypt_smime_void_passphrase (); - mutt_message _("Passphrase(s) forgotten."); -} - -#if defined(HAVE_SETRLIMIT) - -static void disable_coredumps (void) -{ - struct rlimit rl = { 0, 0 }; - static short done = 0; - - if (!done) { - setrlimit (RLIMIT_CORE, &rl); - done = 1; - } -} - -#endif /* HAVE_SETRLIMIT */ - - -int crypt_valid_passphrase (int flags) +void crypt_invoke_message (int type) { - int ret = 0; - -# if defined(HAVE_SETRLIMIT) - disable_coredumps (); -# endif - - if (flags & APPLICATION_PGP) - ret = crypt_pgp_valid_passphrase (); - - if (flags & APPLICATION_SMIME) - ret = crypt_smime_valid_passphrase (); - - return ret; + if (type & APPLICATION_PGP) { + mutt_message _("Invoking PGP..."); + } + else if (type & APPLICATION_SMIME) { + mutt_message _("Invoking S/MIME..."); + } } - - int mutt_protect (HEADER * msg, char *keylist) { BODY *pbody = NULL, *tmp_pbody = NULL; BODY *tmp_smime_pbody = NULL; BODY *tmp_pgp_pbody = NULL; int flags = msg->security; - int i; - - if ((msg->security & SIGN) && !crypt_valid_passphrase (msg->security)) - return (-1); - - if ((msg->security & PGPINLINE) == PGPINLINE) { - /* they really want to send it inline... go for it */ - if (!isendwin ()) - mutt_endwin _("Invoking PGP..."); - - pbody = crypt_pgp_traditional_encryptsign (msg->content, flags, keylist); - if (pbody) { - msg->content = pbody; - return 0; - } - - /* otherwise inline won't work...ask for revert */ - if ((i = - query_quadoption (OPT_PGPMIMEAUTO, - _ - ("Message can't be sent inline. Revert to using PGP/MIME?"))) - != M_YES) { - mutt_error _("Mail not sent."); - - return -1; - } - - /* go ahead with PGP/MIME */ - } if (!isendwin ()) mutt_endwin (NULL); @@ -247,7 +153,7 @@ int crypt_query (BODY * m) BODY *p; int u, v, w; - u = m->parts ? 0xffffffff : 0; /* Bits set in all parts */ + u = m->parts ? ~0 : 0; /* Bits set in all parts */ w = 0; /* Bits set in any part */ for (p = m->parts; p; p = p->next) { @@ -265,42 +171,31 @@ int crypt_query (BODY * m) } -int crypt_write_signed (BODY * a, STATE * s, const char *tempfile) +static void crypt_write_signed(BODY * a, STATE * s, FILE *fp) { - FILE *fp; - int c; - short hadcr; - size_t bytes; - - if (!(fp = safe_fopen (tempfile, "w"))) { - mutt_perror (tempfile); - return -1; - } - - fseeko (s->fpin, a->hdr_offset, 0); - bytes = a->length + a->offset - a->hdr_offset; - hadcr = 0; - while (bytes > 0) { - if ((c = fgetc (s->fpin)) == EOF) - break; - - bytes--; - - if (c == '\r') - hadcr = 1; - else { - if (c == '\n' && !hadcr) - fputc ('\r', fp); - - hadcr = 0; + int c; + short hadcr; + size_t bytes; + + fseeko (s->fpin, a->hdr_offset, 0); + bytes = a->length + a->offset - a->hdr_offset; + hadcr = 0; + while (bytes > 0) { + if ((c = fgetc (s->fpin)) == EOF) + break; + + bytes--; + + if (c == '\r') + hadcr = 1; + else { + if (c == '\n' && !hadcr) + fputc ('\r', fp); + + hadcr = 0; + } + fputc (c, fp); } - - fputc (c, fp); - - } - fclose (fp); - - return 0; } @@ -312,9 +207,9 @@ void convert_to_7bit (BODY * a) if (a->encoding != ENC7BIT) { a->encoding = ENC7BIT; convert_to_7bit (a->parts); - } - else if (option (OPTPGPSTRICTENC)) + } else { convert_to_7bit (a->parts); + } } else if (a->type == TYPEMESSAGE && m_strcasecmp(a->subtype, "delivery-status")) { @@ -326,143 +221,64 @@ void convert_to_7bit (BODY * a) else if (a->encoding == ENCBINARY) a->encoding = ENCBASE64; else if (a->content && a->encoding != ENCBASE64 && - (a->content->from || (a->content->space && - option (OPTPGPSTRICTENC)))) + (a->content->from || a->content->space)) a->encoding = ENCQUOTEDPRINTABLE; a = a->next; } } -void crypt_extract_keys_from_messages (HEADER * h) +static void extract_keys_aux(FILE *fpout, HEADER *h) { - int i; - char tempfname[_POSIX_PATH_MAX], *mbox; - address_t *tmp = NULL; - FILE *fpout; - - mutt_mktemp (tempfname); - if (!(fpout = safe_fopen (tempfname, "w"))) { - mutt_perror (tempfname); - return; - } - - set_option (OPTDONTHANDLEPGPKEYS); - - if (!h) { - for (i = 0; i < Context->vcount; i++) { - if (Context->hdrs[Context->v2r[i]]->tagged) { - mutt_parse_mime_message (Context, Context->hdrs[Context->v2r[i]]); - if (Context->hdrs[Context->v2r[i]]->security & ENCRYPT && - !crypt_valid_passphrase (Context->hdrs[Context->v2r[i]]-> - security)) { - fclose (fpout); - break; - } - - if (Context->hdrs[Context->v2r[i]]->security & APPLICATION_PGP) { - mutt_copy_message (fpout, Context, Context->hdrs[Context->v2r[i]], - M_CM_DECODE | M_CM_CHARCONV, 0); - fflush (fpout); - - mutt_endwin (_("Trying to extract PGP keys...\n")); - crypt_pgp_invoke_import (tempfname); - } - - if (Context->hdrs[Context->v2r[i]]->security & APPLICATION_SMIME) { - if (Context->hdrs[Context->v2r[i]]->security & ENCRYPT) - mutt_copy_message (fpout, Context, Context->hdrs[Context->v2r[i]], - M_CM_NOHEADER | M_CM_DECODE_CRYPT - | M_CM_DECODE_SMIME, 0); - else - mutt_copy_message (fpout, Context, - Context->hdrs[Context->v2r[i]], 0, 0); - fflush (fpout); - - if (Context->hdrs[Context->v2r[i]]->env->from) - tmp = mutt_expand_aliases (h->env->from); - else if (Context->hdrs[Context->v2r[i]]->env->sender) - tmp = mutt_expand_aliases (Context->hdrs[Context->v2r[i]] - ->env->sender); - mbox = tmp ? tmp->mailbox : NULL; - if (mbox) { - mutt_endwin (_("Trying to extract S/MIME certificates...\n")); - crypt_smime_invoke_import (tempfname, mbox); - tmp = NULL; - } - } - - rewind (fpout); - } - } - } - else { mutt_parse_mime_message (Context, h); - if (!(h->security & ENCRYPT && !crypt_valid_passphrase (h->security))) { - if (h->security & APPLICATION_PGP) { - mutt_copy_message (fpout, Context, h, M_CM_DECODE | M_CM_CHARCONV, 0); + + rewind(fpout); + if (h->security & APPLICATION_PGP) { + mutt_copy_message(fpout, Context, h, M_CM_DECODE | M_CM_CHARCONV, 0); fflush (fpout); + mutt_endwin (_("Trying to extract PGP keys...\n")); - crypt_pgp_invoke_import (tempfname); - } + } - if (h->security & APPLICATION_SMIME) { + if (h->security & APPLICATION_SMIME) { if (h->security & ENCRYPT) - mutt_copy_message (fpout, Context, h, M_CM_NOHEADER - | M_CM_DECODE_CRYPT | M_CM_DECODE_SMIME, 0); + mutt_copy_message (fpout, Context, h, M_CM_NOHEADER + | M_CM_DECODE_CRYPT | M_CM_DECODE_SMIME, 0); else - mutt_copy_message (fpout, Context, h, 0, 0); - + mutt_copy_message(fpout, Context, h, 0, 0); fflush (fpout); - if (h->env->from) - tmp = mutt_expand_aliases (h->env->from); - else if (h->env->sender) - tmp = mutt_expand_aliases (h->env->sender); - mbox = tmp ? tmp->mailbox : NULL; - if (mbox) { /* else ? */ - mutt_message (_("Trying to extract S/MIME certificates...\n")); - crypt_smime_invoke_import (tempfname, mbox); - } - } - } - } - fclose (fpout); - if (isendwin ()) - mutt_any_key_to_continue (NULL); - - mutt_unlink (tempfname); + mutt_message (_("Trying to extract S/MIME certificates...\n")); + } - unset_option (OPTDONTHANDLEPGPKEYS); + rewind(fpout); + crypt_invoke_import(fpout, h->security & APPLICATION_SMIME); } - - -int crypt_get_keys (HEADER * msg, char **keylist) +void crypt_extract_keys_from_messages(HEADER * h) { - /* Do a quick check to make sure that we can find all of the encryption - * keys if the user has requested this service. - */ - - set_option (OPTPGPCHECKTRUST); - - *keylist = NULL; - - if (msg->security & ENCRYPT) { - if (msg->security & APPLICATION_PGP) { - if ((*keylist = crypt_pgp_findkeys (msg->env->to, msg->env->cc, - msg->env->bcc)) == NULL) - return (-1); - unset_option (OPTPGPCHECKTRUST); + FILE *tmpfp = tmpfile(); + if (!tmpfp) { + mutt_error(_("Could not create temporary file")); + return; } - if (msg->security & APPLICATION_SMIME) { - if ((*keylist = crypt_smime_findkeys (msg->env->to, msg->env->cc, - msg->env->bcc)) == NULL) - return (-1); + + set_option(OPTDONTHANDLEPGPKEYS); + if (!h) { + int i; + for (i = 0; i < Context->vcount; i++) { + if (!Context->hdrs[Context->v2r[i]]->tagged) + continue; + extract_keys_aux(tmpfp, Context->hdrs[Context->v2r[i]]); + } + } else { + extract_keys_aux(tmpfp, h); } - } + unset_option(OPTDONTHANDLEPGPKEYS); + m_fclose(&tmpfp); - return (0); + if (isendwin()) + mutt_any_key_to_continue(NULL); } @@ -488,108 +304,97 @@ static void crypt_fetch_signatures (BODY ***signatures, BODY * a, int *n) int mutt_signed_handler (BODY * a, STATE * s) { - char tempfile[_POSIX_PATH_MAX]; + unsigned major, minor; char *protocol; - int protocol_major = TYPEOTHER; - char *protocol_minor = NULL; - + int rc, i, goodsig = 1, sigcnt = 0; BODY *b = a; - BODY **signatures = NULL; - int sigcnt = 0; - int i; - short goodsig = 1; - int rc = 0; protocol = parameter_getval(a->parameter, "protocol"); a = a->parts; - /* extract the protocol information */ - - if (protocol) { - char major[STRING]; - char *t; - - if ((protocol_minor = strchr (protocol, '/'))) - protocol_minor++; - - m_strcpy(major, sizeof(major), protocol); - if ((t = strchr (major, '/'))) - *t = '\0'; + switch (mime_which_token(protocol, -1)) { + case MIME_APPLICATION_PGP_SIGNATURE: + major = TYPEAPPLICATION; + minor = MIME_PGP_SIGNATURE; + break; + case MIME_APPLICATION_X_PKCS7_SIGNATURE: + major = TYPEAPPLICATION; + minor = MIME_X_PKCS7_SIGNATURE; + break; + case MIME_APPLICATION_PKCS7_SIGNATURE: + major = TYPEAPPLICATION; + minor = MIME_PKCS7_SIGNATURE; + break; + case MIME_MULTIPART_MIXED: + major = TYPEMULTIPART; + minor = MIME_MIXED; + break; - protocol_major = mutt_check_mime_type (major); + default: + state_printf(s, _("[-- Error: " + "Unknown multipart/signed protocol %s! --]\n\n"), + protocol); + return mutt_body_handler (a, s); } /* consistency check */ - - if (!(a && a->next && a->next->type == protocol_major && - !m_strcasecmp(a->next->subtype, protocol_minor))) { - state_attach_puts (_("[-- Error: " - "Inconsistent multipart/signed structure! --]\n\n"), - s); - return mutt_body_handler (a, s); - } - - - if (protocol_major == TYPEAPPLICATION - && !m_strcasecmp(protocol_minor, "pgp-signature")); - else if (protocol_major == TYPEAPPLICATION - && !(m_strcasecmp(protocol_minor, "x-pkcs7-signature") - && m_strcasecmp(protocol_minor, "pkcs7-signature"))); - else if (protocol_major == TYPEMULTIPART - && !m_strcasecmp(protocol_minor, "mixed")); - else { - state_printf (s, _("[-- Error: " - "Unknown multipart/signed protocol %s! --]\n\n"), - protocol); + if (!(a && a->next && a->next->type == major && + mime_which_token(a->next->subtype, -1) == minor)) + { + state_attach_puts(_("[-- Error: " + "Inconsistent multipart/signed structure! --]\n\n"), + s); return mutt_body_handler (a, s); } if (s->flags & M_DISPLAY) { + BODY **sigs = NULL; - crypt_fetch_signatures (&signatures, a->next, &sigcnt); - + crypt_fetch_signatures (&sigs, a->next, &sigcnt); if (sigcnt) { - mutt_mktemp (tempfile); - if (crypt_write_signed (a, s, tempfile) == 0) { - for (i = 0; i < sigcnt; i++) { - if (signatures[i]->type == TYPEAPPLICATION - && !m_strcasecmp(signatures[i]->subtype, "pgp-signature")) { - if (crypt_pgp_verify_one (signatures[i], s, tempfile) != 0) - goodsig = 0; - - continue; - } - - if (signatures[i]->type == TYPEAPPLICATION - && (!m_strcasecmp(signatures[i]->subtype, "x-pkcs7-signature") - || !m_strcasecmp(signatures[i]->subtype, "pkcs7-signature"))) - { - if (crypt_smime_verify_one (signatures[i], s, tempfile) != 0) - goodsig = 0; + FILE *tmpfp = tmpfile(); - continue; + if (!tmpfp) { + mutt_error(_("Could not create temporary file")); + } else { + crypt_write_signed(a, s, tmpfp); + rewind(tmpfp); + for (i = 0; i < sigcnt; i++) { + if (sigs[i]->type == TYPEAPPLICATION) { + int subtype; + + switch ((subtype = mime_which_token(sigs[i]->subtype, -1))) { + case MIME_PGP_SIGNATURE: + case MIME_X_PKCS7_SIGNATURE: + case MIME_PKCS7_SIGNATURE: + if (crypt_verify_one(sigs[i], s, tmpfp, subtype != MIME_PGP_SIGNATURE) != 0) + goodsig = 0; + + m_fclose(&tmpfp); + continue; + + default: + break; + } } - state_printf (s, _("[-- Warning: " - "We can't verify %s/%s signatures. --]\n\n"), - TYPE (signatures[i]), signatures[i]->subtype); + state_printf(s, _("[-- Warning: " + "We can't verify %s/%s signatures. --]\n\n"), + TYPE (sigs[i]), sigs[i]->subtype); } } - mutt_unlink (tempfile); - b->goodsig = goodsig; - b->badsig = !goodsig; + b->badsig = !goodsig; /* Now display the signed body */ - state_attach_puts (_("[-- The following data is signed --]\n\n"), s); - + state_attach_puts(_("[-- The following data is signed --]\n\n"), s); - p_delete(&signatures); + p_delete(&sigs); + } else { + state_attach_puts(_("[-- Warning: Can't find any signatures. --]\n\n"), + s); } - else - state_attach_puts (_("[-- Warning: Can't find any signatures. --]\n\n"), - s); } rc = mutt_body_handler (a, s);