X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=blobdiff_plain;f=mime-node.c;h=f552e03a780f56e0b6926550e52c649bc3f1b792;hp=839737a8b354df36cec7f0bcea9ca05188618fcb;hb=HEAD;hpb=b6b08e40b38b098e796c2846c150befc8cc2c350 diff --git a/mime-node.c b/mime-node.c index 839737a8..1c5d619b 100644 --- a/mime-node.c +++ b/mime-node.c @@ -14,26 +14,33 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see http://www.gnu.org/licenses/ . + * along with this program. If not, see https://www.gnu.org/licenses/ . * * Authors: Carl Worth * Keith Packard * Austin Clements */ +#include +#include +#include + #include "notmuch-client.h" /* Context that gets inherited from the root node. */ typedef struct mime_node_context { /* Per-message resources. These are allocated internally and must * be destroyed. */ - FILE *file; GMimeStream *stream; GMimeParser *parser; GMimeMessage *mime_message; + _notmuch_message_crypto_t *msg_crypto; + + /* repaired/unmangled parts that will need to be cleaned up */ + GSList *repaired_parts; /* Context provided by the caller. */ - notmuch_crypto_t *crypto; + _notmuch_crypto_t *crypto; } mime_node_context_t; static int @@ -48,20 +55,37 @@ _mime_node_context_free (mime_node_context_t *res) if (res->stream) g_object_unref (res->stream); - if (res->file) - fclose (res->file); + if (res->repaired_parts) + g_slist_free_full (res->repaired_parts, g_object_unref); return 0; } +/* keep track of objects that need to be destroyed when the mime node + * context goes away. */ +static void +_mime_node_context_track_repaired_part (mime_node_context_t *ctx, GMimeObject *part) +{ + if (part) + ctx->repaired_parts = g_slist_prepend (ctx->repaired_parts, part); +} + +const _notmuch_message_crypto_t * +mime_node_get_message_crypto_status (mime_node_t *node) +{ + return node->ctx->msg_crypto; +} + notmuch_status_t mime_node_open (const void *ctx, notmuch_message_t *message, - notmuch_crypto_t *crypto, mime_node_t **root_out) + int duplicate, + _notmuch_crypto_t *crypto, mime_node_t **root_out) { const char *filename = notmuch_message_get_filename (message); mime_node_context_t *mctx; mime_node_t *root; notmuch_status_t status; + int fd = -1; root = talloc_zero (ctx, mime_node_t); if (root == NULL) { @@ -79,35 +103,68 @@ mime_node_open (const void *ctx, notmuch_message_t *message, } talloc_set_destructor (mctx, _mime_node_context_free); - mctx->file = fopen (filename, "r"); - if (! mctx->file) { - fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno)); - status = NOTMUCH_STATUS_FILE_ERROR; - goto DONE; + /* Fast path */ + if (duplicate <= 0) + fd = open (filename, O_RDONLY); + if (fd == -1) { + /* Slow path - Either we are trying to open a specific file, or + * for some reason the first file in the list is + * not available anymore. The latter is clearly a problem in the + * database, but we are not going to let this problem be a + * show stopper */ + notmuch_filenames_t *filenames; + int i = 1; + + for (filenames = notmuch_message_get_filenames (message); + notmuch_filenames_valid (filenames); + notmuch_filenames_move_to_next (filenames), i++) { + if (i >= duplicate) { + filename = notmuch_filenames_get (filenames); + fd = open (filename, O_RDONLY); + if (fd != -1) { + break; + } else { + if (duplicate > 0) { + fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno)); + status = NOTMUCH_STATUS_FILE_ERROR; + goto DONE; + } + } + } + } + + talloc_free (filenames); + if (fd == -1) { + /* Give up */ + fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno)); + status = NOTMUCH_STATUS_FILE_ERROR; + goto DONE; + } } - mctx->stream = g_mime_stream_file_new (mctx->file); - if (!mctx->stream) { + mctx->stream = g_mime_stream_gzfile_new (fd); + if (! mctx->stream) { fprintf (stderr, "Out of memory.\n"); status = NOTMUCH_STATUS_OUT_OF_MEMORY; goto DONE; } - g_mime_stream_file_set_owner (GMIME_STREAM_FILE (mctx->stream), FALSE); mctx->parser = g_mime_parser_new_with_stream (mctx->stream); - if (!mctx->parser) { + if (! mctx->parser) { fprintf (stderr, "Out of memory.\n"); status = NOTMUCH_STATUS_OUT_OF_MEMORY; goto DONE; } - mctx->mime_message = g_mime_parser_construct_message (mctx->parser); - if (!mctx->mime_message) { + mctx->mime_message = g_mime_parser_construct_message (mctx->parser, NULL); + if (! mctx->mime_message) { fprintf (stderr, "Failed to parse %s\n", filename); status = NOTMUCH_STATUS_FILE_ERROR; goto DONE; } + mctx->msg_crypto = _notmuch_message_crypto_new (mctx); + mctx->crypto = crypto; /* Create the root node */ @@ -124,38 +181,163 @@ mime_node_open (const void *ctx, notmuch_message_t *message, *root_out = root; return NOTMUCH_STATUS_SUCCESS; -DONE: + DONE: talloc_free (root); return status; } -#ifdef GMIME_ATLEAST_26 +/* Signature list destructor */ static int _signature_list_free (GMimeSignatureList **proxy) { g_object_unref (*proxy); return 0; } -#else + +/* Set up signature list destructor */ +static void +set_signature_list_destructor (mime_node_t *node) +{ + GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *); + + if (proxy) { + *proxy = node->sig_list; + talloc_set_destructor (proxy, _signature_list_free); + } +} + +/* Unwrapped MIME part destructor */ static int -_signature_validity_free (GMimeSignatureValidity **proxy) +_unwrapped_child_free (GMimeObject **proxy) { - g_mime_signature_validity_free (*proxy); + g_object_unref (*proxy); return 0; } -#endif + +/* Set up unwrapped MIME part destructor */ +static void +set_unwrapped_child_destructor (mime_node_t *node) +{ + GMimeObject **proxy = talloc (node, GMimeObject *); + + if (proxy) { + *proxy = node->unwrapped_child; + talloc_set_destructor (proxy, _unwrapped_child_free); + } +} + +/* Verify a signed mime node */ +static void +node_verify (mime_node_t *node, GMimeObject *part) +{ + GError *err = NULL; + notmuch_status_t status; + + node->verify_attempted = true; + if (GMIME_IS_APPLICATION_PKCS7_MIME (part)) + node->sig_list = g_mime_application_pkcs7_mime_verify ( + GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err); + else + node->sig_list = g_mime_multipart_signed_verify ( + GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err); + + if (node->unwrapped_child) { + node->nchildren = 1; + set_unwrapped_child_destructor (node); + } + + if (node->sig_list) + set_signature_list_destructor (node); + else + fprintf (stderr, "Failed to verify signed part: %s\n", + err ? err->message : "no error explanation given"); + + if (err) + g_error_free (err); + + status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list); + if (status) /* this is a warning, not an error */ + fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string ( + status)); +} + +/* Decrypt and optionally verify an encrypted mime node */ +static void +node_decrypt_and_verify (mime_node_t *node, GMimeObject *part) +{ + GError *err = NULL; + GMimeDecryptResult *decrypt_result = NULL; + notmuch_status_t status; + notmuch_message_t *message = NULL; + + if (! node->unwrapped_child) { + for (mime_node_t *parent = node; parent; parent = parent->parent) + if (parent->envelope_file) { + message = parent->envelope_file; + break; + } + + node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted, + node->ctx->crypto->decrypt, + message, + part, &decrypt_result, &err); + if (node->unwrapped_child) + set_unwrapped_child_destructor (node); + } + if (! node->unwrapped_child) { + fprintf (stderr, "Failed to decrypt part: %s\n", + err ? err->message : "no error explanation given"); + goto DONE; + } + + node->decrypt_success = true; + status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto); + if (status) /* this is a warning, not an error */ + fprintf (stderr, "Warning: failed to note decryption status: %s.\n", + notmuch_status_to_string (status)); + + if (decrypt_result) { + /* This may be NULL if the part is not signed. */ + node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result); + if (node->sig_list) { + node->verify_attempted = true; + g_object_ref (node->sig_list); + set_signature_list_destructor (node); + status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, + node->sig_list); + if (status) /* this is a warning, not an error */ + fprintf (stderr, "Warning: failed to note signature status: %s.\n", + notmuch_status_to_string (status)); + } + + if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) { + notmuch_database_t *db = notmuch_message_get_database (message); + const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result); + if (db && session_key) + print_status_message ("Failed to stash session key in the database", + message, + notmuch_message_add_property (message, "session-key", + session_key)); + } + g_object_unref (decrypt_result); + } + + DONE: + if (err) + g_error_free (err); +} + +static bool +_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild); static mime_node_t * -_mime_node_create (mime_node_t *parent, GMimeObject *part) +_mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild) { mime_node_t *node = talloc_zero (parent, mime_node_t); - GError *err = NULL; - notmuch_crypto_context_t *cryptoctx = NULL; /* Set basic node properties */ - node->part = part; node->ctx = parent->ctx; - if (!talloc_reference (node, node->ctx)) { + if (! talloc_reference (node, node->ctx)) { fprintf (stderr, "Out of memory.\n"); talloc_free (node); return NULL; @@ -164,10 +346,29 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) node->part_num = node->next_part_num = -1; node->next_child = 0; + if (_mime_node_set_up_part (node, part, numchild)) + return node; + talloc_free (node); + return NULL; +} + +/* associate a MIME part with a node. */ +static bool +_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild) +{ /* Deal with the different types of parts */ if (GMIME_IS_PART (part)) { + node->part = part; node->nchildren = 0; } else if (GMIME_IS_MULTIPART (part)) { + GMimeObject *repaired_part = _notmuch_repair_mixed_up_mangled (part); + if (repaired_part) { + /* This was likely "Mixed Up" in transit! We replace it + * with the more likely-to-be-correct variant. */ + _mime_node_context_track_repaired_part (node->ctx, repaired_part); + part = repaired_part; + } + node->part = part; node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part)); } else if (GMIME_IS_MESSAGE_PART (part)) { /* Promote part to an envelope and open it */ @@ -179,110 +380,58 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) } else { fprintf (stderr, "Warning: Unknown mime part type: %s.\n", g_type_name (G_OBJECT_TYPE (part))); - talloc_free (node); - return NULL; + return false; } - if ((GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) - || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { - GMimeContentType *content_type = g_mime_object_get_content_type (part); - const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); - cryptoctx = notmuch_crypto_get_context (node->ctx->crypto, protocol); - } - - /* Handle PGP/MIME parts */ - if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt && cryptoctx) { + /* Handle PGP/MIME parts (by definition not cryptographic payload parts) */ + if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt != + NOTMUCH_DECRYPT_FALSE)) { if (node->nchildren != 2) { /* this violates RFC 3156 section 4, so we won't bother with it. */ fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " "message (must be exactly 2)\n", node->nchildren); } else { - GMimeMultipartEncrypted *encrypteddata = - GMIME_MULTIPART_ENCRYPTED (part); - node->decrypt_attempted = TRUE; -#ifdef GMIME_ATLEAST_26 - GMimeDecryptResult *decrypt_result = NULL; - node->decrypted_child = g_mime_multipart_encrypted_decrypt - (encrypteddata, cryptoctx, &decrypt_result, &err); -#else - node->decrypted_child = g_mime_multipart_encrypted_decrypt - (encrypteddata, cryptoctx, &err); -#endif - if (node->decrypted_child) { - node->decrypt_success = node->verify_attempted = TRUE; -#ifdef GMIME_ATLEAST_26 - /* This may be NULL if the part is not signed. */ - node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result); - if (node->sig_list) - g_object_ref (node->sig_list); - g_object_unref (decrypt_result); -#else - node->sig_validity = g_mime_multipart_encrypted_get_signature_validity (encrypteddata); -#endif - } else { - fprintf (stderr, "Failed to decrypt part: %s\n", - (err ? err->message : "no error explanation given")); - } + node_decrypt_and_verify (node, part); } - } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify && cryptoctx) { + } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) { if (node->nchildren != 2) { /* this violates RFC 3156 section 5, so we won't bother with it. */ fprintf (stderr, "Error: %d part(s) for a multipart/signed message " "(must be exactly 2)\n", node->nchildren); } else { -#ifdef GMIME_ATLEAST_26 - node->sig_list = g_mime_multipart_signed_verify - (GMIME_MULTIPART_SIGNED (part), cryptoctx, &err); - node->verify_attempted = TRUE; - - if (!node->sig_list) - fprintf (stderr, "Failed to verify signed part: %s\n", - (err ? err->message : "no error explanation given")); -#else - /* For some reason the GMimeSignatureValidity returned - * here is not a const (inconsistent with that - * returned by - * g_mime_multipart_encrypted_get_signature_validity, - * and therefore needs to be properly disposed of. - * - * In GMime 2.6, they're both non-const, so we'll be able - * to clean up this asymmetry. */ - GMimeSignatureValidity *sig_validity = g_mime_multipart_signed_verify - (GMIME_MULTIPART_SIGNED (part), cryptoctx, &err); - node->verify_attempted = TRUE; - node->sig_validity = sig_validity; - if (sig_validity) { - GMimeSignatureValidity **proxy = - talloc (node, GMimeSignatureValidity *); - *proxy = sig_validity; - talloc_set_destructor (proxy, _signature_validity_free); + node_verify (node, part); + } + } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) && + GMIME_SECURE_MIME_TYPE_SIGNED_DATA == g_mime_application_pkcs7_mime_get_smime_type ( + GMIME_APPLICATION_PKCS7_MIME (part))) { + /* If node->ctx->crypto->verify is false, it would be better + * to just unwrap (instead of verifying), but + * https://github.com/jstedfast/gmime/issues/67 */ + node_verify (node, part); + } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) && + GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA == g_mime_application_pkcs7_mime_get_smime_type ( + GMIME_APPLICATION_PKCS7_MIME (part)) && + (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) { + node_decrypt_and_verify (node, part); + if (node->unwrapped_child && node->nchildren == 0) + node->nchildren = 1; + } else { + if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ? + node->parent->part : NULL, numchild) && + node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) { + GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part); + if (clean_payload != part) { + /* only one layer of recursion is possible here + * because there can be only a single cryptographic + * payload: */ + return _mime_node_set_up_part (node, clean_payload, numchild); } -#endif } } -#ifdef GMIME_ATLEAST_26 - /* sig_list may be created in both above cases, so we need to - * cleanly handle it here. */ - if (node->sig_list) { - GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *); - *proxy = node->sig_list; - talloc_set_destructor (proxy, _signature_list_free); - } -#endif - -#ifndef GMIME_ATLEAST_26 - if (node->verify_attempted && !node->sig_validity) - fprintf (stderr, "Failed to verify signed part: %s\n", - (err ? err->message : "no error explanation given")); -#endif - - if (err) - g_error_free (err); - - return node; + return true; } mime_node_t * @@ -291,23 +440,27 @@ mime_node_child (mime_node_t *parent, int child) GMimeObject *sub; mime_node_t *node; - if (!parent || !parent->part || child < 0 || child >= parent->nchildren) + if (! parent || ! parent->part || child < 0 || child >= parent->nchildren) return NULL; if (GMIME_IS_MULTIPART (parent->part)) { - if (child == 1 && parent->decrypted_child) - sub = parent->decrypted_child; + if (child == GMIME_MULTIPART_ENCRYPTED_CONTENT && parent->unwrapped_child) + sub = parent->unwrapped_child; else - sub = g_mime_multipart_get_part - (GMIME_MULTIPART (parent->part), child); + sub = g_mime_multipart_get_part ( + GMIME_MULTIPART (parent->part), child); } else if (GMIME_IS_MESSAGE (parent->part)) { sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part)); + } else if (GMIME_IS_APPLICATION_PKCS7_MIME (parent->part) && + parent->unwrapped_child && + child == 0) { + sub = parent->unwrapped_child; } else { - /* This should have been caught by message_part_create */ + /* This should have been caught by _mime_node_set_up_part */ INTERNAL_ERROR ("Unexpected GMimeObject type: %s", g_type_name (G_OBJECT_TYPE (parent->part))); } - node = _mime_node_create (parent, sub); + node = _mime_node_create (parent, sub, child); if (child == parent->next_child && parent->next_part_num != -1) { /* We're traversing in depth-first order. Record the child's @@ -336,20 +489,21 @@ mime_node_child (mime_node_t *parent, int child) static mime_node_t * _mime_node_seek_dfs_walk (mime_node_t *node, int *n) { - mime_node_t *ret = NULL; int i; if (*n == 0) return node; *n -= 1; - for (i = 0; i < node->nchildren && !ret; i++) { + for (i = 0; i < node->nchildren; i++) { mime_node_t *child = mime_node_child (node, i); - ret = _mime_node_seek_dfs_walk (child, n); - if (!ret) - talloc_free (child); + mime_node_t *ret = _mime_node_seek_dfs_walk (child, n); + if (ret) + return ret; + + talloc_free (child); } - return ret; + return NULL; } mime_node_t *