summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
b62045a)
Future patches in this series will introduce new policies; this merely
readies the way for them.
We also convert --try-decrypt to a keyword argument instead of a boolean.
notmuch_database_t * notmuch = NULL;
GMimeObject *clear = NULL;
notmuch_database_t * notmuch = NULL;
GMimeObject *clear = NULL;
- if (!indexopts || !notmuch_indexopts_get_decrypt_policy (indexopts))
+ if (!indexopts || (notmuch_indexopts_get_decrypt_policy (indexopts) == NOTMUCH_DECRYPT_FALSE))
return;
notmuch = _notmuch_message_database (message);
return;
notmuch = _notmuch_message_database (message);
notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t);
if (!ret)
return ret;
notmuch_indexopts_t *ret = talloc_zero (db, notmuch_indexopts_t);
if (!ret)
return ret;
+ ret->crypto.decrypt = NOTMUCH_DECRYPT_FALSE;
- char * decrypt;
- notmuch_status_t err = notmuch_database_get_config (db, "index.decrypt", &decrypt);
+ char * decrypt_policy;
+ notmuch_status_t err = notmuch_database_get_config (db, "index.decrypt", &decrypt_policy);
- if (decrypt &&
- ((!(strcasecmp(decrypt, "true"))) ||
- (!(strcasecmp(decrypt, "yes"))) ||
- (!(strcasecmp(decrypt, "1")))))
- notmuch_indexopts_set_decrypt_policy (ret, true);
+ if (decrypt_policy &&
+ ((!(strcasecmp(decrypt_policy, "true"))) ||
+ (!(strcasecmp(decrypt_policy, "yes"))) ||
+ (!(strcasecmp(decrypt_policy, "1")))))
+ notmuch_indexopts_set_decrypt_policy (ret, NOTMUCH_DECRYPT_TRUE);
return ret;
}
notmuch_status_t
notmuch_indexopts_set_decrypt_policy (notmuch_indexopts_t *indexopts,
return ret;
}
notmuch_status_t
notmuch_indexopts_set_decrypt_policy (notmuch_indexopts_t *indexopts,
- notmuch_bool_t decrypt_policy)
+ notmuch_decryption_policy_t decrypt_policy)
{
if (!indexopts)
return NOTMUCH_STATUS_NULL_POINTER;
{
if (!indexopts)
return NOTMUCH_STATUS_NULL_POINTER;
return NOTMUCH_STATUS_SUCCESS;
}
return NOTMUCH_STATUS_SUCCESS;
}
+notmuch_decryption_policy_t
notmuch_indexopts_get_decrypt_policy (const notmuch_indexopts_t *indexopts)
{
if (!indexopts)
notmuch_indexopts_get_decrypt_policy (const notmuch_indexopts_t *indexopts)
{
if (!indexopts)
notmuch_indexopts_t *
notmuch_database_get_default_indexopts (notmuch_database_t *db);
notmuch_indexopts_t *
notmuch_database_get_default_indexopts (notmuch_database_t *db);
+/**
+ * Stating a policy about how to decrypt messages.
+ *
+ * See index.decrypt in notmuch-config(1) for more details.
+ */
+typedef enum {
+ NOTMUCH_DECRYPT_FALSE,
+ NOTMUCH_DECRYPT_TRUE,
+} notmuch_decryption_policy_t;
+
/**
* Specify whether to decrypt encrypted parts while indexing.
*
/**
* Specify whether to decrypt encrypted parts while indexing.
*
*/
notmuch_status_t
notmuch_indexopts_set_decrypt_policy (notmuch_indexopts_t *indexopts,
*/
notmuch_status_t
notmuch_indexopts_set_decrypt_policy (notmuch_indexopts_t *indexopts,
- notmuch_bool_t decrypt_policy);
+ notmuch_decryption_policy_t decrypt_policy);
/**
* Return whether to decrypt encrypted parts while indexing.
/**
* Return whether to decrypt encrypted parts while indexing.
*
* @since libnotmuch 5.1 (notmuch 0.26)
*/
*
* @since libnotmuch 5.1 (notmuch 0.26)
*/
+notmuch_decryption_policy_t
notmuch_indexopts_get_decrypt_policy (const notmuch_indexopts_t *indexopts);
/**
notmuch_indexopts_get_decrypt_policy (const notmuch_indexopts_t *indexopts);
/**
}
#if (GMIME_MAJOR_VERSION < 3)
}
#if (GMIME_MAJOR_VERSION < 3)
- if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt)
+ if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE))
|| (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
GMimeContentType *content_type = g_mime_object_get_content_type (part);
const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
|| (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
GMimeContentType *content_type = g_mime_object_get_content_type (part);
const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
#endif
/* Handle PGP/MIME parts */
#endif
/* Handle PGP/MIME parts */
- if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) {
+ if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE)) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
/* Construct a new MIME node pointing to the root message part of
* message. If crypto->verify is true, signed child parts will be
/* Construct a new MIME node pointing to the root message part of
* message. If crypto->verify is true, signed child parts will be
- * verified. If crypto->decrypt is true, encrypted child parts will be
- * decrypted. If the crypto contexts (crypto->gpgctx or
- * crypto->pkcs7) are NULL, they will be lazily initialized.
+ * verified. If crypto->decrypt is NOTMUCH_DECRYPT_TRUE, encrypted
+ * child parts will be decrypted. If the crypto contexts
+ * (crypto->gpgctx or crypto->pkcs7) are NULL, they will be lazily
+ * initialized.
/* the state chosen by the user invoking one of the notmuch
* subcommands that does indexing */
struct _notmuch_client_indexing_cli_choices {
/* the state chosen by the user invoking one of the notmuch
* subcommands that does indexing */
struct _notmuch_client_indexing_cli_choices {
bool decrypt_policy_set;
notmuch_indexopts_t * opts;
};
bool decrypt_policy_set;
notmuch_indexopts_t * opts;
};
int opt_index;
notmuch_show_params_t params = {
.part = -1,
int opt_index;
notmuch_show_params_t params = {
.part = -1,
+ .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE },
};
int format = FORMAT_DEFAULT;
int reply_all = true;
};
int format = FORMAT_DEFAULT;
int reply_all = true;
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
(notmuch_keyword_t []){ { "all", true },
{ "sender", false },
{ 0, 0 } } },
(notmuch_keyword_t []){ { "all", true },
{ "sender", false },
{ 0, 0 } } },
- { .opt_bool = ¶ms.crypto.decrypt, .name = "decrypt" },
+ { .opt_bool = &decrypt, .name = "decrypt" },
{ .opt_inherit = notmuch_shared_options },
{ }
};
{ .opt_inherit = notmuch_shared_options },
{ }
};
return EXIT_FAILURE;
notmuch_process_shared_options (argv[0]);
return EXIT_FAILURE;
notmuch_process_shared_options (argv[0]);
+ if (decrypt)
+ params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
notmuch_exit_if_unsupported_format ();
notmuch_exit_if_unsupported_format ();
.part = -1,
.omit_excluded = true,
.output_body = true,
.part = -1,
.omit_excluded = true,
.output_body = true,
+ .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE },
};
int format = NOTMUCH_FORMAT_NOT_SPECIFIED;
bool exclude = true;
bool entire_thread_set = false;
bool single_message;
};
int format = NOTMUCH_FORMAT_NOT_SPECIFIED;
bool exclude = true;
bool entire_thread_set = false;
bool single_message;
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
{ .opt_bool = ¶ms.entire_thread, .name = "entire-thread",
.present = &entire_thread_set },
{ .opt_int = ¶ms.part, .name = "part" },
{ .opt_bool = ¶ms.entire_thread, .name = "entire-thread",
.present = &entire_thread_set },
{ .opt_int = ¶ms.part, .name = "part" },
- { .opt_bool = ¶ms.crypto.decrypt, .name = "decrypt" },
+ { .opt_bool = &decrypt, .name = "decrypt" },
{ .opt_bool = ¶ms.crypto.verify, .name = "verify" },
{ .opt_bool = ¶ms.output_body, .name = "body" },
{ .opt_bool = ¶ms.include_html, .name = "include-html" },
{ .opt_bool = ¶ms.crypto.verify, .name = "verify" },
{ .opt_bool = ¶ms.output_body, .name = "body" },
{ .opt_bool = ¶ms.include_html, .name = "include-html" },
notmuch_process_shared_options (argv[0]);
notmuch_process_shared_options (argv[0]);
- /* decryption implies verification */
- if (params.crypto.decrypt)
+ if (decrypt) {
+ params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
+ /* decryption implies verification */
params.crypto.verify = true;
params.crypto.verify = true;
/* specifying a part implies single message display */
single_message = params.part >= 0;
/* specifying a part implies single message display */
single_message = params.part >= 0;
struct _notmuch_client_indexing_cli_choices indexing_cli_choices = { };
const notmuch_opt_desc_t notmuch_shared_indexing_options [] = {
struct _notmuch_client_indexing_cli_choices indexing_cli_choices = { };
const notmuch_opt_desc_t notmuch_shared_indexing_options [] = {
- { .opt_bool = &indexing_cli_choices.decrypt_policy,
- .present = &indexing_cli_choices.decrypt_policy_set,
+ { .opt_keyword = &indexing_cli_choices.decrypt_policy,
+ .present = &indexing_cli_choices.decrypt_policy_set, .keywords =
+ (notmuch_keyword_t []){ { "false", NOTMUCH_DECRYPT_FALSE },
+ { "true", NOTMUCH_DECRYPT_TRUE },
+ { 0, 0 } },
.name = "decrypt" },
{ }
};
.name = "decrypt" },
{ }
};
return NOTMUCH_STATUS_OUT_OF_MEMORY;
status = notmuch_indexopts_set_decrypt_policy (indexing_cli_choices.opts, indexing_cli_choices.decrypt_policy);
if (status != NOTMUCH_STATUS_SUCCESS) {
return NOTMUCH_STATUS_OUT_OF_MEMORY;
status = notmuch_indexopts_set_decrypt_policy (indexing_cli_choices.opts, indexing_cli_choices.decrypt_policy);
if (status != NOTMUCH_STATUS_SUCCESS) {
- fprintf (stderr, "Error: Failed to set index decryption policy to %s. (%s)\n",
- indexing_cli_choices.decrypt_policy ? "True" : "False", notmuch_status_to_string (status));
+ fprintf (stderr, "Error: Failed to set index decryption policy to %d. (%s)\n",
+ indexing_cli_choices.decrypt_policy, notmuch_status_to_string (status));
notmuch_indexopts_destroy (indexing_cli_choices.opts);
indexing_cli_choices.opts = NULL;
return status;
}
}
#if (GMIME_MAJOR_VERSION < 3)
notmuch_indexopts_destroy (indexing_cli_choices.opts);
indexing_cli_choices.opts = NULL;
return status;
}
}
#if (GMIME_MAJOR_VERSION < 3)
- if (indexing_cli_choices.opts && notmuch_indexopts_get_decrypt_policy (indexing_cli_choices.opts)) {
+ if (indexing_cli_choices.opts && notmuch_indexopts_get_decrypt_policy (indexing_cli_choices.opts) == NOTMUCH_DECRYPT_TRUE) {
const char* gpg_path = notmuch_config_get_crypto_gpg_path (config);
if (gpg_path && strcmp(gpg_path, "gpg"))
fprintf (stderr, "Warning: deprecated crypto.gpg_path is set to '%s'\n"
const char* gpg_path = notmuch_config_get_crypto_gpg_path (config);
if (gpg_path && strcmp(gpg_path, "gpg"))
fprintf (stderr, "Warning: deprecated crypto.gpg_path is set to '%s'\n"
# try reinserting it with decryption, should appear again, but now we
# have two copies of the message:
# try reinserting it with decryption, should appear again, but now we
# have two copies of the message:
-test_begin_subtest "message cleartext is present after reinserting with --decrypt"
-notmuch insert --folder=sent --decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present after reinserting with --decrypt=true"
+notmuch insert --folder=sent --decrypt=true <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
output=$(notmuch search wumpus)
expected='thread:0000000000000003 2000-01-01 [1/1(2)] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
# try inserting it with decryption, should appear as a single copy
# (note: i think thread id skips 4 because of duplicate message-id
# insertion, above)
# try inserting it with decryption, should appear as a single copy
# (note: i think thread id skips 4 because of duplicate message-id
# insertion, above)
-test_begin_subtest "message cleartext is present with insert --decrypt"
-notmuch insert --folder=sent --decrypt <<<"$contents"
+test_begin_subtest "message cleartext is present with insert --decrypt=true"
+notmuch insert --folder=sent --decrypt=true <<<"$contents"
output=$(notmuch search wumpus)
expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
output=$(notmuch search wumpus)
expected='thread:0000000000000005 2000-01-01 [1/1] Notmuch Test Suite; test encrypted message for cleartext index 002 (encrypted inbox unread)'
test_expect_equal \
add_email_corpus crypto
test_begin_subtest "indexing message fails when secret key not available"
add_email_corpus crypto
test_begin_subtest "indexing message fails when secret key not available"
-notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt=true id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch dump )
expected='#notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch dump )
expected='#notmuch-dump batch-tag:3 config,properties,tags
+encrypted +inbox +unread -- id:simple-encrypted@crypto.notmuchmail.org
#notmuch-dump batch-tag:3 config,properties,tags
#= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
EOF
#notmuch-dump batch-tag:3 config,properties,tags
#= simple-encrypted@crypto.notmuchmail.org session-key=9%3AFC09987F5F927CC0CC0EE80A96E4C5BBF4A499818FB591207705DFDDD6112CF9
EOF
-notmuch reindex --decrypt id:simple-encrypted@crypto.notmuchmail.org
+notmuch reindex --decrypt=true id:simple-encrypted@crypto.notmuchmail.org
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
output=$(notmuch search sekrit)
expected='thread:0000000000000001 2016-12-22 [1/1] Daniel Kahn Gillmor; encrypted message (encrypted inbox unread)'
if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
typedef struct _notmuch_crypto {
bool verify;
typedef struct _notmuch_crypto {
bool verify;
+ notmuch_decryption_policy_t decrypt;
#if (GMIME_MAJOR_VERSION < 3)
GMimeCryptoContext* gpgctx;
GMimeCryptoContext* pkcs7ctx;
#if (GMIME_MAJOR_VERSION < 3)
GMimeCryptoContext* gpgctx;
GMimeCryptoContext* pkcs7ctx;