* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/ .
+ * along with this program. If not, see https://www.gnu.org/licenses/ .
*
* Authors: Carl Worth <cworth@cworth.org>
* Keith Packard <keithp@keithp.com>
* Austin Clements <aclements@csail.mit.edu>
*/
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
#include "notmuch-client.h"
/* Context that gets inherited from the root node. */
typedef struct mime_node_context {
/* Per-message resources. These are allocated internally and must
* be destroyed. */
- FILE *file;
GMimeStream *stream;
GMimeParser *parser;
GMimeMessage *mime_message;
+ _notmuch_message_crypto_t *msg_crypto;
+
+ /* repaired/unmangled parts that will need to be cleaned up */
+ GSList *repaired_parts;
/* Context provided by the caller. */
-#ifdef GMIME_ATLEAST_26
- GMimeCryptoContext *cryptoctx;
-#else
- GMimeCipherContext *cryptoctx;
-#endif
- notmuch_bool_t decrypt;
+ _notmuch_crypto_t *crypto;
} mime_node_context_t;
static int
if (res->stream)
g_object_unref (res->stream);
- if (res->file)
- fclose (res->file);
+ if (res->repaired_parts)
+ g_slist_free_full (res->repaired_parts, g_object_unref);
return 0;
}
+/* keep track of objects that need to be destroyed when the mime node
+ * context goes away. */
+static void
+_mime_node_context_track_repaired_part (mime_node_context_t *ctx, GMimeObject *part)
+{
+ if (part)
+ ctx->repaired_parts = g_slist_prepend (ctx->repaired_parts, part);
+}
+
+const _notmuch_message_crypto_t *
+mime_node_get_message_crypto_status (mime_node_t *node)
+{
+ return node->ctx->msg_crypto;
+}
+
notmuch_status_t
mime_node_open (const void *ctx, notmuch_message_t *message,
-#ifdef GMIME_ATLEAST_26
- GMimeCryptoContext *cryptoctx,
-#else
- GMimeCipherContext *cryptoctx,
-#endif
- notmuch_bool_t decrypt, mime_node_t **root_out)
+ _notmuch_crypto_t *crypto, mime_node_t **root_out)
{
const char *filename = notmuch_message_get_filename (message);
mime_node_context_t *mctx;
mime_node_t *root;
notmuch_status_t status;
+ int fd;
root = talloc_zero (ctx, mime_node_t);
if (root == NULL) {
}
talloc_set_destructor (mctx, _mime_node_context_free);
- mctx->file = fopen (filename, "r");
- if (! mctx->file) {
- fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
- status = NOTMUCH_STATUS_FILE_ERROR;
- goto DONE;
+ /* Fast path */
+ fd = open (filename, O_RDONLY);
+ if (fd == -1) {
+ /* Slow path - for some reason the first file in the list is
+ * not available anymore. This is clearly a problem in the
+ * database, but we are not going to let this problem be a
+ * show stopper */
+ notmuch_filenames_t *filenames;
+ for (filenames = notmuch_message_get_filenames (message);
+ notmuch_filenames_valid (filenames);
+ notmuch_filenames_move_to_next (filenames)) {
+ filename = notmuch_filenames_get (filenames);
+ fd = open (filename, O_RDONLY);
+ if (fd != -1)
+ break;
+ }
+
+ talloc_free (filenames);
+ if (fd == -1) {
+ /* Give up */
+ fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
+ status = NOTMUCH_STATUS_FILE_ERROR;
+ goto DONE;
+ }
}
- mctx->stream = g_mime_stream_file_new (mctx->file);
- g_mime_stream_file_set_owner (GMIME_STREAM_FILE (mctx->stream), FALSE);
+ mctx->stream = g_mime_stream_gzfile_new (fd);
+ if (! mctx->stream) {
+ fprintf (stderr, "Out of memory.\n");
+ status = NOTMUCH_STATUS_OUT_OF_MEMORY;
+ goto DONE;
+ }
mctx->parser = g_mime_parser_new_with_stream (mctx->stream);
+ if (! mctx->parser) {
+ fprintf (stderr, "Out of memory.\n");
+ status = NOTMUCH_STATUS_OUT_OF_MEMORY;
+ goto DONE;
+ }
+
+ mctx->mime_message = g_mime_parser_construct_message (mctx->parser, NULL);
+ if (! mctx->mime_message) {
+ fprintf (stderr, "Failed to parse %s\n", filename);
+ status = NOTMUCH_STATUS_FILE_ERROR;
+ goto DONE;
+ }
- mctx->mime_message = g_mime_parser_construct_message (mctx->parser);
+ mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
- mctx->cryptoctx = cryptoctx;
- mctx->decrypt = decrypt;
+ mctx->crypto = crypto;
/* Create the root node */
root->part = GMIME_OBJECT (mctx->mime_message);
*root_out = root;
return NOTMUCH_STATUS_SUCCESS;
-DONE:
+ DONE:
talloc_free (root);
return status;
}
-#ifdef GMIME_ATLEAST_26
+/* Signature list destructor */
static int
_signature_list_free (GMimeSignatureList **proxy)
{
g_object_unref (*proxy);
return 0;
}
-#else
+
+/* Set up signature list destructor */
+static void
+set_signature_list_destructor (mime_node_t *node)
+{
+ GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
+
+ if (proxy) {
+ *proxy = node->sig_list;
+ talloc_set_destructor (proxy, _signature_list_free);
+ }
+}
+
+/* Unwrapped MIME part destructor */
static int
-_signature_validity_free (GMimeSignatureValidity **proxy)
+_unwrapped_child_free (GMimeObject **proxy)
{
- g_mime_signature_validity_free (*proxy);
+ g_object_unref (*proxy);
return 0;
}
-#endif
+
+/* Set up unwrapped MIME part destructor */
+static void
+set_unwrapped_child_destructor (mime_node_t *node)
+{
+ GMimeObject **proxy = talloc (node, GMimeObject *);
+
+ if (proxy) {
+ *proxy = node->unwrapped_child;
+ talloc_set_destructor (proxy, _unwrapped_child_free);
+ }
+}
+
+/* Verify a signed mime node */
+static void
+node_verify (mime_node_t *node, GMimeObject *part)
+{
+ GError *err = NULL;
+ notmuch_status_t status;
+
+ node->verify_attempted = true;
+ if (GMIME_IS_APPLICATION_PKCS7_MIME (part))
+ node->sig_list = g_mime_application_pkcs7_mime_verify (
+ GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err);
+ else
+ node->sig_list = g_mime_multipart_signed_verify (
+ GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
+
+ if (node->unwrapped_child) {
+ node->nchildren = 1;
+ set_unwrapped_child_destructor (node);
+ }
+
+ if (node->sig_list)
+ set_signature_list_destructor (node);
+ else
+ fprintf (stderr, "Failed to verify signed part: %s\n",
+ err ? err->message : "no error explanation given");
+
+ if (err)
+ g_error_free (err);
+
+ status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
+}
+
+/* Decrypt and optionally verify an encrypted mime node */
+static void
+node_decrypt_and_verify (mime_node_t *node, GMimeObject *part)
+{
+ GError *err = NULL;
+ GMimeDecryptResult *decrypt_result = NULL;
+ notmuch_status_t status;
+ notmuch_message_t *message = NULL;
+
+ if (! node->unwrapped_child) {
+ for (mime_node_t *parent = node; parent; parent = parent->parent)
+ if (parent->envelope_file) {
+ message = parent->envelope_file;
+ break;
+ }
+
+ node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
+ node->ctx->crypto->decrypt,
+ message,
+ part, &decrypt_result, &err);
+ if (node->unwrapped_child)
+ set_unwrapped_child_destructor (node);
+ }
+ if (! node->unwrapped_child) {
+ fprintf (stderr, "Failed to decrypt part: %s\n",
+ err ? err->message : "no error explanation given");
+ goto DONE;
+ }
+
+ node->decrypt_success = true;
+ status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
+
+ if (decrypt_result) {
+ /* This may be NULL if the part is not signed. */
+ node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
+ if (node->sig_list) {
+ node->verify_attempted = true;
+ g_object_ref (node->sig_list);
+ set_signature_list_destructor (node);
+ status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
+ }
+
+ if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
+ notmuch_database_t *db = notmuch_message_get_database (message);
+ const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
+ if (db && session_key)
+ print_status_message ("Failed to stash session key in the database",
+ message,
+ notmuch_message_add_property (message, "session-key",
+ session_key));
+ }
+ g_object_unref (decrypt_result);
+ }
+
+ DONE:
+ if (err)
+ g_error_free (err);
+}
+
+static bool
+_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild);
static mime_node_t *
-_mime_node_create (mime_node_t *parent, GMimeObject *part)
+_mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
{
mime_node_t *node = talloc_zero (parent, mime_node_t);
- GError *err = NULL;
/* Set basic node properties */
- node->part = part;
node->ctx = parent->ctx;
- if (!talloc_reference (node, node->ctx)) {
+ if (! talloc_reference (node, node->ctx)) {
fprintf (stderr, "Out of memory.\n");
talloc_free (node);
return NULL;
node->part_num = node->next_part_num = -1;
node->next_child = 0;
+ if (_mime_node_set_up_part (node, part, numchild))
+ return node;
+ talloc_free (node);
+ return NULL;
+}
+
+/* associate a MIME part with a node. */
+static bool
+_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild)
+{
/* Deal with the different types of parts */
if (GMIME_IS_PART (part)) {
+ node->part = part;
node->nchildren = 0;
} else if (GMIME_IS_MULTIPART (part)) {
+ GMimeObject *repaired_part = _notmuch_repair_mixed_up_mangled (part);
+ if (repaired_part) {
+ /* This was likely "Mixed Up" in transit! We replace it
+ * with the more likely-to-be-correct variant. */
+ _mime_node_context_track_repaired_part (node->ctx, repaired_part);
+ part = repaired_part;
+ }
+ node->part = part;
node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part));
} else if (GMIME_IS_MESSAGE_PART (part)) {
/* Promote part to an envelope and open it */
} else {
fprintf (stderr, "Warning: Unknown mime part type: %s.\n",
g_type_name (G_OBJECT_TYPE (part)));
- talloc_free (node);
- return NULL;
+ return false;
}
- /* Handle PGP/MIME parts */
- if (GMIME_IS_MULTIPART_ENCRYPTED (part)
- && node->ctx->cryptoctx && node->ctx->decrypt) {
+ /* Handle PGP/MIME parts (by definition not cryptographic payload parts) */
+ if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
"message (must be exactly 2)\n",
node->nchildren);
} else {
- GMimeMultipartEncrypted *encrypteddata =
- GMIME_MULTIPART_ENCRYPTED (part);
- node->decrypt_attempted = TRUE;
-#ifdef GMIME_ATLEAST_26
- GMimeDecryptResult *decrypt_result = NULL;
- node->decrypted_child = g_mime_multipart_encrypted_decrypt
- (encrypteddata, node->ctx->cryptoctx, &decrypt_result, &err);
-#else
- node->decrypted_child = g_mime_multipart_encrypted_decrypt
- (encrypteddata, node->ctx->cryptoctx, &err);
-#endif
- if (node->decrypted_child) {
- node->decrypt_success = node->verify_attempted = TRUE;
-#ifdef GMIME_ATLEAST_26
- /* This may be NULL if the part is not signed. */
- node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
- if (node->sig_list)
- g_object_ref (node->sig_list);
- g_object_unref (decrypt_result);
-#else
- node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata);
-#endif
- } else {
- fprintf (stderr, "Failed to decrypt part: %s\n",
- (err ? err->message : "no error explanation given"));
- }
+ node_decrypt_and_verify (node, part);
}
- } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->cryptoctx) {
+ } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 5, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
"(must be exactly 2)\n",
node->nchildren);
} else {
-#ifdef GMIME_ATLEAST_26
- node->sig_list = g_mime_multipart_signed_verify
- (GMIME_MULTIPART_SIGNED (part), node->ctx->cryptoctx, &err);
- node->verify_attempted = TRUE;
-
- if (!node->sig_list)
- fprintf (stderr, "Failed to verify signed part: %s\n",
- (err ? err->message : "no error explanation given"));
-#else
- /* For some reason the GMimeSignatureValidity returned
- * here is not a const (inconsistent with that
- * returned by
- * g_mime_multipart_encrypted_get_signature_validity,
- * and therefore needs to be properly disposed of.
- *
- * In GMime 2.6, they're both non-const, so we'll be able
- * to clean up this asymmetry. */
- GMimeSignatureValidity *sig_validity = g_mime_multipart_signed_verify
- (GMIME_MULTIPART_SIGNED (part), node->ctx->cryptoctx, &err);
- node->verify_attempted = TRUE;
- node->sig_validity = sig_validity;
- if (sig_validity) {
- GMimeSignatureValidity **proxy =
- talloc (node, GMimeSignatureValidity *);
- *proxy = sig_validity;
- talloc_set_destructor (proxy, _signature_validity_free);
+ node_verify (node, part);
+ }
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
+ GMIME_SECURE_MIME_TYPE_SIGNED_DATA == g_mime_application_pkcs7_mime_get_smime_type (GMIME_APPLICATION_PKCS7_MIME (part))) {
+ /* If node->ctx->crypto->verify is false, it would be better
+ * to just unwrap (instead of verifying), but
+ * https://github.com/jstedfast/gmime/issues/67 */
+ node_verify (node, part);
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
+ GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA == g_mime_application_pkcs7_mime_get_smime_type (GMIME_APPLICATION_PKCS7_MIME (part)) &&
+ (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
+ node_decrypt_and_verify (node, part);
+ if (node->unwrapped_child && node->nchildren == 0)
+ node->nchildren = 1;
+ } else {
+ if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ? node->parent->part : NULL, numchild) &&
+ node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
+ GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part);
+ if (clean_payload != part) {
+ /* only one layer of recursion is possible here
+ * because there can be only a single cryptographic
+ * payload: */
+ return _mime_node_set_up_part (node, clean_payload, numchild);
}
-#endif
}
}
-#ifdef GMIME_ATLEAST_26
- /* sig_list may be created in both above cases, so we need to
- * cleanly handle it here. */
- if (node->sig_list) {
- GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
- *proxy = node->sig_list;
- talloc_set_destructor (proxy, _signature_list_free);
- }
-#endif
-
-#ifndef GMIME_ATLEAST_26
- if (node->verify_attempted && !node->sig_validity)
- fprintf (stderr, "Failed to verify signed part: %s\n",
- (err ? err->message : "no error explanation given"));
-#endif
-
- if (err)
- g_error_free (err);
-
- return node;
+ return true;
}
mime_node_t *
GMimeObject *sub;
mime_node_t *node;
- if (!parent || child < 0 || child >= parent->nchildren)
+ if (! parent || ! parent->part || child < 0 || child >= parent->nchildren)
return NULL;
if (GMIME_IS_MULTIPART (parent->part)) {
- if (child == 1 && parent->decrypted_child)
- sub = parent->decrypted_child;
+ if (child == GMIME_MULTIPART_ENCRYPTED_CONTENT && parent->unwrapped_child)
+ sub = parent->unwrapped_child;
else
- sub = g_mime_multipart_get_part
- (GMIME_MULTIPART (parent->part), child);
+ sub = g_mime_multipart_get_part (
+ GMIME_MULTIPART (parent->part), child);
} else if (GMIME_IS_MESSAGE (parent->part)) {
sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
+ } else if (GMIME_IS_APPLICATION_PKCS7_MIME (parent->part) &&
+ parent->unwrapped_child &&
+ child == 0) {
+ sub = parent->unwrapped_child;
} else {
- /* This should have been caught by message_part_create */
+ /* This should have been caught by _mime_node_set_up_part */
INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
g_type_name (G_OBJECT_TYPE (parent->part)));
}
- node = _mime_node_create (parent, sub);
+ node = _mime_node_create (parent, sub, child);
if (child == parent->next_child && parent->next_part_num != -1) {
/* We're traversing in depth-first order. Record the child's
static mime_node_t *
_mime_node_seek_dfs_walk (mime_node_t *node, int *n)
{
- mime_node_t *ret = NULL;
int i;
if (*n == 0)
return node;
*n -= 1;
- for (i = 0; i < node->nchildren && !ret; i++) {
+ for (i = 0; i < node->nchildren; i++) {
mime_node_t *child = mime_node_child (node, i);
- ret = _mime_node_seek_dfs_walk (child, n);
- if (!ret)
- talloc_free (child);
+ mime_node_t *ret = _mime_node_seek_dfs_walk (child, n);
+ if (ret)
+ return ret;
+
+ talloc_free (child);
}
- return ret;
+ return NULL;
}
mime_node_t *