icfs 0.1.3 → 0.2.0

data/lib/icfs/email/from.rb

@@ -0,0 +1,52 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+require_relative 'core'
+
+module ICFS
+module Email
+
+##########################################################################
+# Receive email user based on FROM: header
+#
+# @note Only use this in conjunction with some form of email spoofing
+#   prevention.
+#
+class From
+
+
+  ###############################################
+  # New instance
+  #
+  # @param map [Object] Maps email address to username
+  #
+  def initialize(map)
+    @map = map
+  end # def initialize()
+
+
+  ###############################################
+  # Extract the user based on the FROM: email.
+  #
+  def receive(env)
+    email = env[:msg].from.first
+    unam = @map[email]
+    env[:user] = unam if unam
+    return :continue
+  end # def receive()
+
+
+end # class ICFS::Email::From
+
+end # module ICFS::Email
+end # module ICFS

data/lib/icfs/email/imap.rb

@@ -0,0 +1,148 @@
+
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+require 'net/imap'
+require 'mail'
+
+module ICFS
+module Email
+
+##########################################################################
+# Get email using IMAP
+#
+class Imap
+
+  ###############################################
+  # New instance
+  #
+  # @param core [Email::Core] The core email processor
+  # @param log [Logger] The log
+  # @param opts [Hash] configuration options
+  # @option opts [String] :address The server address
+  # @option opts [Integer] :port The server port
+  # @option opts [Boolean] :enable_ssl Use SSL or not
+  # @option opts [String] :username The login username
+  # @option opts [String] :password The login password
+  # @option opts [String] :mailbox The mailbox to read
+  # @option opts [Array,String] :keys keys to pass to {::Net::IMAP#uid_search}
+  # @option opts [Integer] :idle_time Seconds to wait IDLE before polling
+  # @option opts [Integer] :reconnect Seconds after which we can reconnect
+  #
+  def initialize(core, log, opts={})
+    @core = core
+    @log = log
+    @cfg = {
+      :port => 993,
+      :enable_ssl => true,
+      :keys => 'ALL',
+      :idle_time => 60*5,
+      :reconnect => 60*15,
+    }.merge!(opts)
+  end # def initialize()
+
+
+  ###############################################
+  # Handles reconnects when dropped
+  #
+  def reconnect()
+
+    while true
+      start = Time.now
+      begin
+        fetch()
+      rescue EOFError
+        if( (Time.now - start) > @cfg[:reconnect] )
+          @log.info('IMAP: lost connection, reconnecting')
+          next
+        else
+          @log.error('IMAP: disconnected under the reconnect limit')
+          break
+        end
+      end
+    end
+
+  end # def reconnect()
+
+
+  ###############################################
+  # Fetch messages
+  #
+  def fetch()
+
+    # open & login
+    imap = ::Net::IMAP.new(@cfg[:address], @cfg[:port],
+        @cfg[:enable_ssl], nil, false)
+    imap.login(@cfg[:username], @cfg[:password])
+    @log.info('IMAP: open and login')
+
+    # mailbox
+    if @cfg[:mailbox]
+      imap.select(::Net::IMAP.encode_utf7(@cfg[:mailbox]))
+      @log.info('IMAP: mailbox selected: %s' % @cfg[:mailbox])
+    else
+      @log.error('IMAP: no mailbox specified')
+      mbxs = imap.list('', '*')
+      @log.info('IMAP: mailbox list: %s' % mbxs.map{|mb| mb.name }.join(', '))
+      return
+    end
+
+    while true
+      # fetch messages
+      uids = imap.uid_search(@cfg[:keys])
+      @log.debug('IMAP: %d messages found' % uids.size)
+      uids.each do |uid|
+        fd = imap.uid_fetch(uid, ['RFC822'])[0]
+        @log.debug('IMAP: message fetched')
+        msg = ::Mail.new(fd.attr['RFC822'])
+        @core.receive(msg)
+        if @cfg[:delete]
+          imap.uid_store(uid, "+FLAGS", [:Deleted])
+          @log.debug('IMAP: message deleted')
+        end
+      end
+      if @cfg[:delete]
+        imap.expunge
+        @log.debug('IMAP: expunged')
+      end
+
+      # wait IDLE until new mail
+      if @cfg[:idle_time]
+        @log.debug('IMAP: starting IDLE')
+        imap.idle(@cfg[:idle_time]) do |resp|
+          if resp.is_a?(::Net::IMAP::UntaggedResponse) && resp.name == "EXISTS"
+            @log.debug('IMAP: new mail, IDLE done')
+            imap.idle_done
+          end
+        end
+        @log.debug('IMAP: exited IDLE')
+
+      # or we just run once
+      else
+        @log.debug('IMAP: fetch completed')
+        break
+      end
+    end
+
+  ensure
+    if defined?(imap) && imap && !imap.disconnected?
+      imap.disconnect
+      @log.info('IMAP: disconnected')
+    end
+  end # def fetch()
+
+
+end # class ICFS::Email::Imap
+
+end # module ICFS::Email
+end # module ICFS

data/lib/icfs/email/smime.rb

@@ -0,0 +1,139 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+require 'openssl'
+
+require_relative 'core'
+
+module ICFS
+module Email
+
+##########################################################################
+# Receive S/MIME email
+#
+# This processes the most common S/MIME implementation:
+#   * Signed: multipart/signed; protocol="application/pkcs7-signature" with
+#        application/pkcs7-signature as the second part
+#   * Encrypted: application/pkcs7-mime containing eenvelope data
+#   * Both: application/pkcs7-mime containing encrypted data, which contains
+#        multipart/signed message
+#
+#  In all cases, it will generate an email containing just the content.  If
+#  the message is signed and verifies, it will try a lookup of the DN to
+#  determine the user.
+#
+class Smime
+
+
+  ###############################################
+  # New instance
+  #
+  # @param key [::OpenSSL::PKey] The key for the ICFS gateway
+  # @param cert [::OpenSSL::X509::Certificate] the ICFS gateway certificate
+  # @param ca [::OpenSSL::X509::Store] Trusted CA certs
+  # @param map [Object] Maps DN to user name
+  #
+  def initialize(key, cert, ca, map)
+    @key = key
+    @cert = cert
+    @ca = ca
+    @map = map
+  end # end def initialize()
+
+
+  ###############################################
+  #  Process for S/MIME encryption or signatures
+  #
+  def receive(env)
+
+    # start with the main message
+    part = env[:msg]
+    replace = false
+
+    # process all PKCS7
+    while true
+
+      case part.header[:content_type].string
+
+      # encrypted
+      when 'application/pkcs7-mime', 'application/x-pkcs7-mime'
+
+        # decrypt
+        enc_raw = part.body.decoded
+        enc_p7 = ::OpenSSL::PKCS7.new(enc_raw)
+        dec_raw = enc_p7.decrypt(@key, @cert)
+
+        # new part is whatever we decrypted
+        part = ::Mail::Part.new(dec_raw)
+        replace = true
+
+      # signed
+      when 'multipart/signed'
+
+        # check sig
+        multi = part.body.parts
+        msg = multi[0].raw_source.dup.force_encoding('ASCII-8BIT')
+        msg = msg[2..-1] if msg[0,2] == "\r\n" # extra cr/lf
+        sig_raw = multi[1].body.decoded
+        sig_p7 = ::OpenSSL::PKCS7.new(sig_raw)
+        val = sig_p7.verify([], @ca, msg)
+        break unless val
+
+        # get cert that signed first
+        si = sig_p7.signers.first
+        cert = sig_p7.certificates.select do |c|
+          (c.issuer == si.issuer) && (c.serial == si.serial)
+        end
+        break if cert.empty?
+
+        # get user
+        unam = @map[cert.first.subject.to_s(::OpenSSL::X509::Name::RFC2253)]
+        break unless unam
+
+        # values
+        env[:user] = unam
+        env[:time] = si.signed_time.to_i
+
+        # new part is body
+        part = multi[0]
+        replace = true
+
+      # not PKCS7
+      else
+        break
+      end
+    end
+
+    return :continue unless replace
+
+    # create new message
+    msg = ::Mail::Message.new
+    msg.body = part.body.encoded
+    oh = env[:msg].header
+    hd = msg.header
+    Core::CopyFields.each do |fn|
+      fi = oh[fn]
+      hd[fn] = fi.value if fi
+    end
+    part.header.fields.each{|fd| hd[fd.name] = fd.value }
+
+    # Mail acts wierd about parts unless we run it thru text...
+    env[:msg] = ::Mail::Message.new(msg.encoded)
+
+    return :continue
+  end # def receive()
+
+end # class ICFS::Email::Smime
+
+end # module ICFS::Email
+end # module ICFS

data/lib/icfs/items.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'json'
 
 
@@ -34,12 +36,12 @@ module Items
     #
     def self.parse(json, name, val)
       if json.nil?
-        raise(Error::NotFound, '%s not found'.freeze % name)
+        raise(Error::NotFound, '%s not found' % name)
       end
       begin
         itm = JSON.parse(json)
       rescue
-        raise(Error::Value, 'JSON parsing failed'.freeze)
+        raise(Error::Value, 'JSON parsing failed')
       end
       Items.validate(itm, name, val)
       return itm
@@ -74,7 +76,7 @@ module Items
     def self.validate(obj, name, val)
       err = Validate.check(obj, val)
       if err
-        raise(Error::Value, '%s has bad values: %s'.freeze %
+        raise(Error::Value, '%s has bad values: %s' %
           [name, err.inspect])
       end
     end

data/lib/icfs/store.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 #
 module ICFS
 
@@ -222,9 +224,9 @@ class Store
   def _case(cid, lnum)
     @base + [
       cid,
-      'c'.freeze,
-      '%d.json'.freeze % lnum
-    ].join('/'.freeze)
+      'c',
+      '%d.json' % lnum
+    ].join('/')
   end
 
 
@@ -234,9 +236,9 @@ class Store
   def _log(cid, lnum)
     @base + [
       cid,
-      'l'.freeze,
-      '%d.json'.freeze % lnum
-    ].join('/'.freeze)
+      'l',
+      '%d.json' % lnum
+    ].join('/')
   end
 
 
@@ -246,10 +248,10 @@ class Store
   def _entry(cid, enum, lnum)
     @base + [
       cid,
-      'e'.freeze,
+      'e',
       enum.to_s,
-      '%d.json'.freeze % lnum
-    ].join('/'.freeze)
+      '%d.json' % lnum
+    ].join('/')
   end
 
 
@@ -259,10 +261,10 @@ class Store
   def _file(cid, enum, lnum, fnum)
     @base + [
       cid,
-      'e'.freeze,
+      'e',
       enum.to_s,
-      '%d-%d.bin'.freeze % [lnum, fnum]
-    ].join('/'.freeze)
+      '%d-%d.bin' % [lnum, fnum]
+    ].join('/')
   end
 
 
@@ -272,10 +274,10 @@ class Store
   def _action(cid, anum, lnum)
     @base + [
       cid,
-      'a'.freeze,
+      'a',
       anum.to_s,
-      lnum.to_s + '.json'.freeze
-    ].join('/'.freeze)
+      lnum.to_s + '.json'
+    ].join('/')
   end
 
 
@@ -285,10 +287,10 @@ class Store
   def _index(cid, xnum, lnum)
     @base + [
       cid,
-      'i'.freeze,
+      'i',
       xnum.to_s,
-      lnum.to_s + '.json'.freeze
-    ].join('/'.freeze)
+      lnum.to_s + '.json'
+    ].join('/')
   end
 
 

data/lib/icfs/store_fs.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'fileutils'
 require 'tempfile'
 
@@ -29,7 +31,7 @@ class StoreFs < Store
   # @param base [String] the base directory
   #
   def initialize(base)
-    if base[-1] == '/'.freeze
+    if base[-1] == '/'
       @base = base.freeze
     else
       @base = (base + '/').freeze
@@ -75,7 +77,7 @@ class StoreFs < Store
   # (see Store#tempfile)
   #
   def tempfile
-    Tempfile.new('tmp'.freeze, @base, :encoding => 'ascii-8bit'.freeze)
+    Tempfile.new('tmp', @base, :encoding => 'ascii-8bit')
   end
 
 
@@ -86,7 +88,7 @@ class StoreFs < Store
   # Read an item
   #
   def _read(fnam)
-    return File.read(fnam, encoding: 'utf-8'.freeze)
+    return File.read(fnam, encoding: 'utf-8')
   rescue Errno::ENOENT
     return nil
   end
@@ -96,12 +98,12 @@ class StoreFs < Store
   # Write an item
   #
   def _write(fnam, item)
-    File.open(fnam, 'w'.freeze, encoding: 'utf-8'.freeze) do |fi|
+    File.open(fnam, 'w', encoding: 'utf-8') do |fi|
       fi.write(item)
     end
   rescue Errno::ENOENT
     FileUtils.mkdir_p(File.dirname(fnam))
-    File.open(fnam, 'w'.freeze, encoding: 'utf-8'.freeze) do |fi|
+    File.open(fnam, 'w', encoding: 'utf-8') do |fi|
       fi.write(item)
     end
   end

data/lib/icfs/store_s3.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'aws-sdk-s3'
 require 'tempfile'
 
@@ -30,7 +32,7 @@ class StoreS3 < Store
   def initialize(client, bucket, prefix=nil)
     @s3 = client
     @bck = bucket
-    @base = prefix || ''.freeze
+    @base = prefix || ''
   end # def initialize()
 
 
@@ -79,7 +81,7 @@ class StoreS3 < Store
   # (see Store#tempfile)
   #
   def tempfile
-    Tempfile.new('tmp'.freeze, encoding: 'ascii-8bit'.freeze)
+    Tempfile.new('tmp', encoding: 'ascii-8bit')
   end
 
 

data/lib/icfs/users.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'set'
 
 module ICFS
@@ -30,9 +32,9 @@ class Users
       'type' => {
         method: :string,
         allowed: Set[
-          'user'.freeze,
-          'role'.freeze,
-          'group'.freeze,
+          'user',
+          'role',
+          'group',
         ].freeze
       }.freeze
     }.freeze,

data/lib/icfs/users_fs.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'tempfile'
 require 'fileutils'
 require 'json'
@@ -37,7 +39,7 @@ class UsersFs < Users
   # Path to store the file
   #
   def _path(urg)
-    File.join(@path, urg + '.json'.freeze)
+    File.join(@path, urg + '.json')
   end
   private :_path
 
@@ -52,11 +54,11 @@ class UsersFs < Users
   # (see Users#read)
   #
   def read(urg)
-    Items.validate(urg, 'User/Role/Group name'.freeze, Items::FieldUsergrp)
+    Items.validate(urg, 'User/Role/Group name', Items::FieldUsergrp)
     json = File.read(_path(urg))
-    obj = Items.parse(json, 'User/Role/Group'.freeze, Users::ValUser)
+    obj = Items.parse(json, 'User/Role/Group', Users::ValUser)
     if obj['name'] != urg
-      raise(Error::Values, 'UsersFs user %s name mismatch'.freeze % fn)
+      raise(Error::Values, 'UsersFs user %s name mismatch' % fn)
     end
     return obj
   rescue Errno::ENOENT
@@ -68,11 +70,11 @@ class UsersFs < Users
   # (see Users#write)
   #
   def write(obj)
-    Items.validate(obj, 'User/Role/Group'.freeze, Users::ValUser)
+    Items.validate(obj, 'User/Role/Group', Users::ValUser)
     json = JSON.pretty_generate(obj)
 
     # write to temp file
-    tmp = Tempfile.new('_tmp'.freeze, @path, :encoding => 'ascii-8bit'.freeze)
+    tmp = Tempfile.new('_tmp', @path, :encoding => 'ascii-8bit')
     tmp.write(json)
     tmp.close
 

data/lib/icfs/users_redis.rb

@@ -9,6 +9,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'redis'
 
 module ICFS
@@ -31,7 +33,7 @@ class UsersRedis < Users
   def initialize(redis, base, opts={})
     @redis = redis
     @base = base
-    @pre = opts[:prefix] || ''.freeze
+    @pre = opts[:prefix] || ''
     @exp = opts[:expires] || 1*60*60 # 1 hour default
     @log = opts[:log]
   end
@@ -50,8 +52,8 @@ class UsersRedis < Users
   # (see Users#flush)
   #
   def flush(urg)
-    Items.validate(urg, 'User/role/group name'.freeze, Items::FieldUsergrp)
-    @log.info('User/role/group cache flush: %s'.freeze % urg) if @log
+    Items.validate(urg, 'User/role/group name', Items::FieldUsergrp)
+    @log.info('User/role/group cache flush: %s' % urg) if @log
     @redis.del(_key(urg))
     return true
   end # def flush()
@@ -61,21 +63,21 @@ class UsersRedis < Users
   # (see Users#read)
   #
   def read(urg)
-    Items.validate(urg, 'User/role/group name'.freeze, Items::FieldUsergrp)
+    Items.validate(urg, 'User/role/group name', Items::FieldUsergrp)
     key = _key(urg)
-    @log.debug('User/role/group read: %s'.freeze % urg) if @log
+    @log.debug('User/role/group read: %s' % urg) if @log
 
     # try cache
     json = @redis.get(key)
     if json
-      @log.debug('User/role/group cache hit: %s'.freeze % urg) if @log
+      @log.debug('User/role/group cache hit: %s' % urg) if @log
       return JSON.parse(json)
     end
 
     # get base object from base store
     bse = @base.read(urg)
     if !bse
-      @log.warn('User/role/group not found: %s'.freeze % urg) if @log
+      @log.warn('User/role/group not found: %s' % urg) if @log
       return nil
     end
 
@@ -128,7 +130,7 @@ class UsersRedis < Users
     # save to cache
     @redis.set(key, json)
     @redis.expire(key, @exp)
-    @log.info('User/role/group cached: %s %s'.freeze % [urg, json]) if @log
+    @log.info('User/role/group cached: %s %s' % [urg, json]) if @log
     return bse
   end # def read()
 
@@ -137,9 +139,9 @@ class UsersRedis < Users
   # (see Users#write)
   #
   def write(obj)
-    json = Items.generate(obj, 'User/Role/Group'.freeze, Users::ValUser)
+    json = Items.generate(obj, 'User/Role/Group', Users::ValUser)
     key = _key(obj['name'])
-    @log.info('User/role/group write: %s'.freeze % urg) if @log
+    @log.info('User/role/group write: %s' % urg) if @log
     @redis.del(key)
     @base.write(obj)
   end # def write()