indexing: record protected subject when indexing cleartext
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 27 May 2019 22:40:28 +0000 (18:40 -0400)
committerDavid Bremner <david@tethera.net>
Wed, 29 May 2019 11:14:44 +0000 (08:14 -0300)
When indexing the cleartext of an encrypted message, record any
protected subject in the database, which should make it findable and
visible in search.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
lib/index.cc
lib/message.cc
lib/notmuch-private.h
test/T356-protected-headers.sh

index f216ae5deb44becd81874bc5309cbb4ac4762e5b..1fd9e67ee96340b903773bfda59a2410b244a7a1 100644 (file)
@@ -367,13 +367,15 @@ _index_content_type (notmuch_message_t *message, GMimeObject *part)
 
 static void
 _index_encrypted_mime_part (notmuch_message_t *message, notmuch_indexopts_t *indexopts,
-                           GMimeMultipartEncrypted *part);
+                           GMimeMultipartEncrypted *part,
+                           _notmuch_message_crypto_t *msg_crypto);
 
 /* Callback to generate terms for each mime part of a message. */
 static void
 _index_mime_part (notmuch_message_t *message,
                  notmuch_indexopts_t *indexopts,
-                 GMimeObject *part)
+                 GMimeObject *part,
+                 _notmuch_message_crypto_t *msg_crypto)
 {
     GMimeStream *stream, *filter;
     GMimeFilter *discard_non_term_filter;
@@ -403,6 +405,8 @@ _index_mime_part (notmuch_message_t *message,
          _notmuch_message_add_term (message, "tag", "encrypted");
 
        for (i = 0; i < g_mime_multipart_get_count (multipart); i++) {
+           notmuch_status_t status;
+           GMimeObject *child;
            if (GMIME_IS_MULTIPART_SIGNED (multipart)) {
                /* Don't index the signature, but index its content type. */
                if (i == GMIME_MULTIPART_SIGNED_SIGNATURE) {
@@ -419,7 +423,8 @@ _index_mime_part (notmuch_message_t *message,
                                     g_mime_multipart_get_part (multipart, i));
                if (i == GMIME_MULTIPART_ENCRYPTED_CONTENT) {
                    _index_encrypted_mime_part(message, indexopts,
-                                              GMIME_MULTIPART_ENCRYPTED (part));
+                                              GMIME_MULTIPART_ENCRYPTED (part),
+                                              msg_crypto);
                } else {
                    if (i != GMIME_MULTIPART_ENCRYPTED_VERSION) {
                        _notmuch_database_log (notmuch_message_get_database (message),
@@ -428,8 +433,13 @@ _index_mime_part (notmuch_message_t *message,
                }
                continue;
            }
-           _index_mime_part (message, indexopts,
-                             g_mime_multipart_get_part (multipart, i));
+           child = g_mime_multipart_get_part (multipart, i);
+           status = _notmuch_message_crypto_potential_payload (msg_crypto, child, part, i);
+           if (status)
+               _notmuch_database_log (notmuch_message_get_database (message),
+                                      "Warning: failed to mark the potential cryptographic payload (%s).\n",
+                                      notmuch_status_to_string (status));
+           _index_mime_part (message, indexopts, child, msg_crypto);
        }
        return;
     }
@@ -439,7 +449,7 @@ _index_mime_part (notmuch_message_t *message,
 
        mime_message = g_mime_message_part_get_message (GMIME_MESSAGE_PART (part));
 
-       _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message));
+       _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message), msg_crypto);
 
        return;
     }
@@ -516,7 +526,8 @@ _index_mime_part (notmuch_message_t *message,
 static void
 _index_encrypted_mime_part (notmuch_message_t *message,
                            notmuch_indexopts_t *indexopts,
-                           GMimeMultipartEncrypted *encrypted_data)
+                           GMimeMultipartEncrypted *encrypted_data,
+                           _notmuch_message_crypto_t *msg_crypto)
 {
     notmuch_status_t status;
     GError *err = NULL;
@@ -553,6 +564,10 @@ _index_encrypted_mime_part (notmuch_message_t *message,
        return;
     }
     if (decrypt_result) {
+       status = _notmuch_message_crypto_successful_decryption (msg_crypto);
+       if (status)
+           _notmuch_database_log_append (notmuch, "failed to mark the message as decrypted (%s)\n",
+                                         notmuch_status_to_string (status));
        if (get_sk) {
            status = notmuch_message_add_property (message, "session-key",
                                                   g_mime_decrypt_result_get_session_key (decrypt_result));
@@ -562,7 +577,8 @@ _index_encrypted_mime_part (notmuch_message_t *message,
        }
        g_object_unref (decrypt_result);
     }
-    _index_mime_part (message, indexopts, clear);
+    status = _notmuch_message_crypto_potential_payload (msg_crypto, clear, GMIME_OBJECT (encrypted_data), GMIME_MULTIPART_ENCRYPTED_CONTENT);
+    _index_mime_part (message, indexopts, clear, msg_crypto);
     g_object_unref (clear);
 
     status = notmuch_message_add_property (message, "index.decryption", "success");
@@ -606,6 +622,7 @@ _notmuch_message_index_file (notmuch_message_t *message,
     InternetAddressList *addresses;
     const char *subject;
     notmuch_status_t status;
+    _notmuch_message_crypto_t *msg_crypto;
 
     status = _notmuch_message_file_get_mime_message (message_file,
                                                     &mime_message);
@@ -628,7 +645,14 @@ _notmuch_message_index_file (notmuch_message_t *message,
 
     status = _notmuch_message_index_user_headers (message, mime_message);
 
-    _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message));
+    msg_crypto = _notmuch_message_crypto_new (NULL);
+    _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message), msg_crypto);
+    if (msg_crypto && msg_crypto->payload_subject) {
+       _notmuch_message_gen_terms (message, "subject", msg_crypto->payload_subject);
+       _notmuch_message_update_subject (message, msg_crypto->payload_subject);
+    }
+
+    talloc_free (msg_crypto);
 
     return NOTMUCH_STATUS_SUCCESS;
 }
index dc4a96ada6380c81cd129237870efa5d403422aa..9e1005a3058c8330334525943d03e8e7bee896a5 100644 (file)
@@ -1238,6 +1238,14 @@ _notmuch_message_set_header_values (notmuch_message_t *message,
     message->modified = true;
 }
 
+void
+_notmuch_message_update_subject (notmuch_message_t *message,
+                                const char *subject)
+{
+    message->doc.add_value (NOTMUCH_VALUE_SUBJECT, subject);
+    message->modified = true;
+}
+
 /* Upgrade a message to support NOTMUCH_FEATURE_LAST_MOD.  The caller
  * must call _notmuch_message_sync. */
 void
index e46df9a82d719ea4c0e6442dee4f3767203e6a19..6fc5b366c539712c6ddd2b2fd3778080b0b8958e 100644 (file)
@@ -325,6 +325,10 @@ _notmuch_message_set_header_values (notmuch_message_t *message,
                                    const char *from,
                                    const char *subject);
 
+void
+_notmuch_message_update_subject (notmuch_message_t *message,
+                                const char *subject);
+
 void
 _notmuch_message_upgrade_last_mod (notmuch_message_t *message);
 
index ff37f6bdc1fc883072d63f16bb4f5066478afdd1..fee3b043d5143a2af88660f30a917e2cc6781f2d 100755 (executable)
@@ -83,4 +83,20 @@ test_json_nodes <<<"$output" \
                 'subject:["original"]["headers"]["Subject"]="This is a protected header"' \
                 'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"'
 
+test_begin_subtest "protected subject is not indexed by default"
+output=$(notmuch search --output=messages 'subject:"This is a protected header"')
+test_expect_equal "$output" ''
+
+test_begin_subtest "reindex message with protected header"
+test_expect_success 'notmuch reindex --decrypt=true id:protected-header@crypto.notmuchmail.org'
+
+test_begin_subtest "protected subject is indexed when cleartext is indexed"
+output=$(notmuch search --output=messages 'subject:"This is a protected header"')
+test_expect_equal "$output" 'id:protected-header@crypto.notmuchmail.org'
+
+test_begin_subtest "indexed protected subject is visible in search"
+output=$(notmuch search --format=json 'id:protected-header@crypto.notmuchmail.org')
+test_json_nodes <<<"$output" \
+                'subject:[0]["subject"]="This is a protected header"'
+
 test_done