X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=lib-crypt%2Fcrypt.c;h=f2e0178a549d2d796513f5d679af7cf20adf1ab2;hp=194c48fca66df4400e525fce5f12d80e10e42751;hb=d795d156dff537b76d8e59df5653f199ad06e5b4;hpb=711f787502b6a1a1c150b948a5ed9156c8ef9ba1 diff --git a/lib-crypt/crypt.c b/lib-crypt/crypt.c index 194c48f..f2e0178 100644 --- a/lib-crypt/crypt.c +++ b/lib-crypt/crypt.c @@ -12,109 +12,16 @@ * please see the file GPL in the top level source directory. */ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_LOCALE_H -# include -#endif -#ifdef HAVE_SYS_TIME_H -# include -#endif -#ifdef HAVE_SYS_RESOURCE_H -# include -#endif - -#include -#include -#include -#include -#include +#include #include - #include +#include -#include "mutt.h" #include "alias.h" #include "handler.h" #include "copy.h" #include "crypt.h" -#include "pgp.h" - -/* print the current time to avoid spoofing of the signature output */ -void crypt_current_time (STATE * s, const char *app_name) -{ - time_t t; - char p[STRING], tmp[STRING]; - - if (option (OPTCRYPTTIMESTAMP)) { - t = time (NULL); - setlocale (LC_TIME, ""); - strftime (p, sizeof (p), _(" (current time: %c)"), localtime (&t)); - setlocale (LC_TIME, "C"); - } - else - *p = '\0'; - - snprintf (tmp, sizeof (tmp), _("[-- %s output follows%s --]\n"), - NONULL (app_name), p); - state_attach_puts (tmp, s); -} - - - -void crypt_forget_passphrase (void) -{ - crypt_pgp_void_passphrase (); - crypt_smime_void_passphrase (); - mutt_message _("Passphrase(s) forgotten."); -} - - -#if defined(HAVE_SETRLIMIT) && (!defined(DEBUG)) - -static void disable_coredumps (void) -{ - struct rlimit rl = { 0, 0 }; - static short done = 0; - - if (!done) { - setrlimit (RLIMIT_CORE, &rl); - done = 1; - } -} - -#endif /* HAVE_SETRLIMIT */ - - -int crypt_valid_passphrase (int flags) -{ - int ret = 0; - -# if defined(HAVE_SETRLIMIT) &&(!defined(DEBUG)) - disable_coredumps (); -# endif - - if (flags & APPLICATION_PGP) - ret = crypt_pgp_valid_passphrase (); - - if (flags & APPLICATION_SMIME) - ret = crypt_smime_valid_passphrase (); - - return ret; -} - - int mutt_protect (HEADER * msg, char *keylist) { @@ -122,35 +29,6 @@ int mutt_protect (HEADER * msg, char *keylist) BODY *tmp_smime_pbody = NULL; BODY *tmp_pgp_pbody = NULL; int flags = msg->security; - int i; - - if ((msg->security & SIGN) && !crypt_valid_passphrase (msg->security)) - return (-1); - - if ((msg->security & PGPINLINE) == PGPINLINE) { - /* they really want to send it inline... go for it */ - if (!isendwin ()) - mutt_endwin _("Invoking PGP..."); - - pbody = crypt_pgp_traditional_encryptsign (msg->content, flags, keylist); - if (pbody) { - msg->content = pbody; - return 0; - } - - /* otherwise inline won't work...ask for revert */ - if ((i = - query_quadoption (OPT_PGPMIMEAUTO, - _ - ("Message can't be sent inline. Revert to using PGP/MIME?"))) - != M_YES) { - mutt_error _("Mail not sent."); - - return -1; - } - - /* go ahead with PGP/MIME */ - } if (!isendwin ()) mutt_endwin (NULL); @@ -194,7 +72,7 @@ int mutt_protect (HEADER * msg, char *keylist) which tmp_smime_pbody->parts after signing. */ tmp_smime_pbody->parts = tmp_smime_pbody->parts->next; msg->content->next = NULL; - mutt_free_body (&tmp_smime_pbody); + body_list_wipe(&tmp_smime_pbody); } pbody = tmp_pbody; } @@ -208,7 +86,7 @@ int mutt_protect (HEADER * msg, char *keylist) /* remove the outer multipart layer */ tmp_pgp_pbody = mutt_remove_multipart (tmp_pgp_pbody); /* get rid of the signature */ - mutt_free_body (&tmp_pgp_pbody->next); + body_list_wipe(&tmp_pgp_pbody->next); } return (-1); @@ -220,7 +98,7 @@ int mutt_protect (HEADER * msg, char *keylist) */ if (flags != msg->security) { tmp_pgp_pbody = mutt_remove_multipart (tmp_pgp_pbody); - mutt_free_body (&tmp_pgp_pbody->next); + body_list_wipe(&tmp_pgp_pbody->next); } } } @@ -232,162 +110,6 @@ int mutt_protect (HEADER * msg, char *keylist) } - - -int mutt_is_multipart_signed (BODY * b) -{ - char *p; - - if (!b || !(b->type == TYPEMULTIPART) || - !b->subtype || ascii_strcasecmp (b->subtype, "signed")) - return 0; - - if (!(p = mutt_get_parameter ("protocol", b->parameter))) - return 0; - - if (!(ascii_strcasecmp (p, "multipart/mixed"))) - return SIGN; - - if (!(ascii_strcasecmp (p, "application/pgp-signature"))) - return PGPSIGN; - - if (!(ascii_strcasecmp (p, "application/x-pkcs7-signature"))) - return SMIMESIGN; - if (!(ascii_strcasecmp (p, "application/pkcs7-signature"))) - return SMIMESIGN; - - return 0; -} - - -int mutt_is_multipart_encrypted (BODY * b) -{ - char *p; - - if (!b || b->type != TYPEMULTIPART || - !b->subtype || ascii_strcasecmp (b->subtype, "encrypted") || - !(p = mutt_get_parameter ("protocol", b->parameter)) || - ascii_strcasecmp (p, "application/pgp-encrypted")) - return 0; - - return PGPENCRYPT; -} - - -int mutt_is_application_pgp (BODY * m) -{ - int t = 0; - char *p; - - if (m->type == TYPEAPPLICATION) { - if (!ascii_strcasecmp (m->subtype, "pgp") - || !ascii_strcasecmp (m->subtype, "x-pgp-message")) { - if ((p = mutt_get_parameter ("x-action", m->parameter)) - && (!ascii_strcasecmp (p, "sign") - || !ascii_strcasecmp (p, "signclear"))) - t |= PGPSIGN; - - if ((p = mutt_get_parameter ("format", m->parameter)) && - !ascii_strcasecmp (p, "keys-only")) - t |= PGPKEY; - - if (!t) - t |= PGPENCRYPT; /* not necessarily correct, but... */ - } - - if (!ascii_strcasecmp (m->subtype, "pgp-signed")) - t |= PGPSIGN; - - if (!ascii_strcasecmp (m->subtype, "pgp-keys")) - t |= PGPKEY; - } - else if (m->type == TYPETEXT && ascii_strcasecmp ("plain", m->subtype) == 0) { - if (((p = mutt_get_parameter ("x-mutt-action", m->parameter)) - || (p = mutt_get_parameter ("x-action", m->parameter)) - || (p = mutt_get_parameter ("action", m->parameter))) - && !ascii_strncasecmp ("pgp-sign", p, 8)) - t |= PGPSIGN; - else if (p && !ascii_strncasecmp ("pgp-encrypt", p, 11)) - t |= PGPENCRYPT; - else if (p && !ascii_strncasecmp ("pgp-keys", p, 7)) - t |= PGPKEY; - } - if (t) - t |= PGPINLINE; - - return t; -} - -int mutt_is_application_smime (BODY * m) -{ - char *t = NULL; - int len, complain = 0; - - if (!m) - return 0; - - if ((m->type & TYPEAPPLICATION) && m->subtype) { - /* S/MIME MIME types don't need x- anymore, see RFC2311 */ - if (!ascii_strcasecmp (m->subtype, "x-pkcs7-mime") || - !ascii_strcasecmp (m->subtype, "pkcs7-mime")) { - if ((t = mutt_get_parameter ("smime-type", m->parameter))) { - if (!ascii_strcasecmp (t, "enveloped-data")) - return SMIMEENCRYPT; - else if (!ascii_strcasecmp (t, "signed-data")) - return (SMIMESIGN | SMIMEOPAQUE); - else - return 0; - } - /* Netscape 4.7 uses - * Content-Description: S/MIME Encrypted Message - * instead of Content-Type parameter - */ - if (!ascii_strcasecmp (m->description, "S/MIME Encrypted Message")) - return SMIMEENCRYPT; - complain = 1; - } - else if (ascii_strcasecmp (m->subtype, "octet-stream")) - return 0; - - t = mutt_get_parameter ("name", m->parameter); - - if (!t) - t = m->d_filename; - if (!t) - t = m->filename; - if (!t) { - if (complain) - mutt_message (_ - ("S/MIME messages with no hints on content are unsupported.")); - return 0; - } - - /* no .p7c, .p10 support yet. */ - - len = m_strlen(t) - 4; - if (len > 0 && *(t + len) == '.') { - len++; - if (!ascii_strcasecmp ((t + len), "p7m")) -#if 0 - return SMIMEENCRYPT; -#else - /* Not sure if this is the correct thing to do, but - it's required for compatibility with Outlook */ - return (SMIMESIGN | SMIMEOPAQUE); -#endif - else if (!ascii_strcasecmp ((t + len), "p7s")) - return (SMIMESIGN | SMIMEOPAQUE); - } - } - - return 0; -} - - - - - - int crypt_query (BODY * m) { int t = 0; @@ -440,44 +162,31 @@ int crypt_query (BODY * m) } - - -int crypt_write_signed (BODY * a, STATE * s, const char *tempfile) +static void crypt_write_signed(BODY * a, STATE * s, FILE *fp) { - FILE *fp; - int c; - short hadcr; - size_t bytes; - - if (!(fp = safe_fopen (tempfile, "w"))) { - mutt_perror (tempfile); - return -1; - } - - fseeko (s->fpin, a->hdr_offset, 0); - bytes = a->length + a->offset - a->hdr_offset; - hadcr = 0; - while (bytes > 0) { - if ((c = fgetc (s->fpin)) == EOF) - break; - - bytes--; - - if (c == '\r') - hadcr = 1; - else { - if (c == '\n' && !hadcr) - fputc ('\r', fp); - - hadcr = 0; + int c; + short hadcr; + size_t bytes; + + fseeko (s->fpin, a->hdr_offset, 0); + bytes = a->length + a->offset - a->hdr_offset; + hadcr = 0; + while (bytes > 0) { + if ((c = fgetc (s->fpin)) == EOF) + break; + + bytes--; + + if (c == '\r') + hadcr = 1; + else { + if (c == '\n' && !hadcr) + fputc ('\r', fp); + + hadcr = 0; + } + fputc (c, fp); } - - fputc (c, fp); - - } - fclose (fp); - - return 0; } @@ -489,9 +198,9 @@ void convert_to_7bit (BODY * a) if (a->encoding != ENC7BIT) { a->encoding = ENC7BIT; convert_to_7bit (a->parts); - } - else if (option (OPTPGPSTRICTENC)) + } else { convert_to_7bit (a->parts); + } } else if (a->type == TYPEMESSAGE && m_strcasecmp(a->subtype, "delivery-status")) { @@ -503,116 +212,64 @@ void convert_to_7bit (BODY * a) else if (a->encoding == ENCBINARY) a->encoding = ENCBASE64; else if (a->content && a->encoding != ENCBASE64 && - (a->content->from || (a->content->space && - option (OPTPGPSTRICTENC)))) + (a->content->from || a->content->space)) a->encoding = ENCQUOTEDPRINTABLE; a = a->next; } } - - -void crypt_extract_keys_from_messages (HEADER * h) +static void extract_keys_aux(FILE *fpout, HEADER *h) { - int i; - char tempfname[_POSIX_PATH_MAX], *mbox; - address_t *tmp = NULL; - FILE *fpout; - - mutt_mktemp (tempfname); - if (!(fpout = safe_fopen (tempfname, "w"))) { - mutt_perror (tempfname); - return; - } - - set_option (OPTDONTHANDLEPGPKEYS); - - if (!h) { - for (i = 0; i < Context->vcount; i++) { - if (Context->hdrs[Context->v2r[i]]->tagged) { - mutt_parse_mime_message (Context, Context->hdrs[Context->v2r[i]]); - if (Context->hdrs[Context->v2r[i]]->security & ENCRYPT && - !crypt_valid_passphrase (Context->hdrs[Context->v2r[i]]-> - security)) { - fclose (fpout); - break; - } - - if (Context->hdrs[Context->v2r[i]]->security & APPLICATION_PGP) { - mutt_copy_message (fpout, Context, Context->hdrs[Context->v2r[i]], - M_CM_DECODE | M_CM_CHARCONV, 0); - fflush (fpout); - - mutt_endwin (_("Trying to extract PGP keys...\n")); - crypt_pgp_invoke_import (tempfname); - } - - if (Context->hdrs[Context->v2r[i]]->security & APPLICATION_SMIME) { - if (Context->hdrs[Context->v2r[i]]->security & ENCRYPT) - mutt_copy_message (fpout, Context, Context->hdrs[Context->v2r[i]], - M_CM_NOHEADER | M_CM_DECODE_CRYPT - | M_CM_DECODE_SMIME, 0); - else - mutt_copy_message (fpout, Context, - Context->hdrs[Context->v2r[i]], 0, 0); - fflush (fpout); - - if (Context->hdrs[Context->v2r[i]]->env->from) - tmp = mutt_expand_aliases (h->env->from); - else if (Context->hdrs[Context->v2r[i]]->env->sender) - tmp = mutt_expand_aliases (Context->hdrs[Context->v2r[i]] - ->env->sender); - mbox = tmp ? tmp->mailbox : NULL; - if (mbox) { - mutt_endwin (_("Trying to extract S/MIME certificates...\n")); - crypt_smime_invoke_import (tempfname, mbox); - tmp = NULL; - } - } - - rewind (fpout); - } - } - } - else { mutt_parse_mime_message (Context, h); - if (!(h->security & ENCRYPT && !crypt_valid_passphrase (h->security))) { - if (h->security & APPLICATION_PGP) { - mutt_copy_message (fpout, Context, h, M_CM_DECODE | M_CM_CHARCONV, 0); + + rewind(fpout); + if (h->security & APPLICATION_PGP) { + mutt_copy_message(fpout, Context, h, M_CM_DECODE | M_CM_CHARCONV, 0); fflush (fpout); + mutt_endwin (_("Trying to extract PGP keys...\n")); - crypt_pgp_invoke_import (tempfname); - } + } - if (h->security & APPLICATION_SMIME) { + if (h->security & APPLICATION_SMIME) { if (h->security & ENCRYPT) - mutt_copy_message (fpout, Context, h, M_CM_NOHEADER - | M_CM_DECODE_CRYPT | M_CM_DECODE_SMIME, 0); + mutt_copy_message (fpout, Context, h, M_CM_NOHEADER + | M_CM_DECODE_CRYPT | M_CM_DECODE_SMIME, 0); else - mutt_copy_message (fpout, Context, h, 0, 0); - + mutt_copy_message(fpout, Context, h, 0, 0); fflush (fpout); - if (h->env->from) - tmp = mutt_expand_aliases (h->env->from); - else if (h->env->sender) - tmp = mutt_expand_aliases (h->env->sender); - mbox = tmp ? tmp->mailbox : NULL; - if (mbox) { /* else ? */ - mutt_message (_("Trying to extract S/MIME certificates...\n")); - crypt_smime_invoke_import (tempfname, mbox); - } - } + + mutt_message (_("Trying to extract S/MIME certificates...\n")); } - } - fclose (fpout); - if (isendwin ()) - mutt_any_key_to_continue (NULL); + rewind(fpout); + crypt_invoke_import(fpout, h->security & APPLICATION_SMIME); +} - mutt_unlink (tempfname); +void crypt_extract_keys_from_messages(HEADER * h) +{ + FILE *tmpfp = tmpfile(); + if (!tmpfp) { + mutt_error(_("Could not create temporary file")); + return; + } + + set_option(OPTDONTHANDLEPGPKEYS); + if (!h) { + int i; + for (i = 0; i < Context->vcount; i++) { + if (!Context->hdrs[Context->v2r[i]]->tagged) + continue; + extract_keys_aux(tmpfp, Context->hdrs[Context->v2r[i]]); + } + } else { + extract_keys_aux(tmpfp, h); + } + unset_option(OPTDONTHANDLEPGPKEYS); + m_fclose(&tmpfp); - unset_option (OPTDONTHANDLEPGPKEYS); + if (isendwin()) + mutt_any_key_to_continue(NULL); } @@ -668,6 +325,7 @@ static void crypt_fetch_signatures (BODY ***signatures, BODY * a, int *n) int mutt_signed_handler (BODY * a, STATE * s) { char tempfile[_POSIX_PATH_MAX]; + FILE * tempfp; char *protocol; int protocol_major = TYPEOTHER; char *protocol_minor = NULL; @@ -679,7 +337,7 @@ int mutt_signed_handler (BODY * a, STATE * s) short goodsig = 1; int rc = 0; - protocol = mutt_get_parameter ("protocol", a->parameter); + protocol = parameter_getval(a->parameter, "protocol"); a = a->parts; /* extract the protocol information */ @@ -728,8 +386,12 @@ int mutt_signed_handler (BODY * a, STATE * s) crypt_fetch_signatures (&signatures, a->next, &sigcnt); if (sigcnt) { - mutt_mktemp (tempfile); - if (crypt_write_signed (a, s, tempfile) == 0) { + tempfp = m_tempfile(tempfile, sizeof(tempfile), NONULL(MCore.tmpdir), NULL); + if (!tempfp) { + mutt_error(_("Could not create temporary file")); + } else { + crypt_write_signed(a, s, tempfp); + m_fclose(&tempfp); for (i = 0; i < sigcnt; i++) { if (signatures[i]->type == TYPEAPPLICATION && !m_strcasecmp(signatures[i]->subtype, "pgp-signature")) {