RubyGems - schleuder - Versions diffs - 2.2.4 → 3.2.2 - Mend

schleuder 2.2.4 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

checksums.yaml +5 -5
data/README.md +138 -0
data/Rakefile +136 -0
data/bin/pinentry-clearpassphrase +72 -0
data/bin/schleuder +9 -89
data/bin/schleuder-api-daemon +4 -0
data/db/migrate/20140501103532_create_lists.rb +39 -0
data/db/migrate/20140501112859_create_subscriptions.rb +21 -0
data/db/migrate/201508092100_add_language_to_lists.rb +11 -0
data/db/migrate/20150812165700_change_keywords_admin_only_defaults.rb +8 -0
data/db/migrate/20150813235800_add_forward_all_incoming_to_admins.rb +11 -0
data/db/migrate/201508141727_change_send_encrypted_only_default.rb +8 -0
data/db/migrate/201508222143_add_logfiles_to_keep_to_lists.rb +11 -0
data/db/migrate/201508261723_rename_delivery_disabled_to_delivery_enabled_and_change_default.rb +14 -0
data/db/migrate/201508261815_strip_gpg_passphrase.rb +11 -0
data/db/migrate/201508261827_remove_default_mime.rb +9 -0
data/db/migrate/20160501172700_fix_headers_to_meta_defaults.rb +8 -0
data/db/migrate/20170713215059_add_internal_footer_to_list.rb +11 -0
data/db/schema.rb +62 -0
data/etc/init.d/schleuder-api-daemon +87 -0
data/etc/list-defaults.yml +123 -0
data/etc/postfix/schleuder_sqlite.cf +28 -0
data/etc/schleuder-api-daemon.service +10 -0
data/etc/schleuder.cron.weekly +6 -0
data/etc/schleuder.yml +61 -0
data/lib/schleuder-api-daemon.rb +420 -0
data/lib/schleuder.rb +81 -47
data/lib/schleuder/cli.rb +334 -0
data/lib/schleuder/cli/cert.rb +24 -0
data/lib/schleuder/cli/schleuder_cert_manager.rb +84 -0
data/lib/schleuder/cli/subcommand_fix.rb +11 -0
data/lib/schleuder/conf.rb +131 -0
data/lib/schleuder/errors/active_model_error.rb +15 -0
data/lib/schleuder/errors/base.rb +17 -0
data/lib/schleuder/errors/decryption_failed.rb +16 -0
data/lib/schleuder/errors/fatal_error.rb +13 -0
data/lib/schleuder/errors/file_not_found.rb +14 -0
data/lib/schleuder/errors/invalid_listname.rb +13 -0
data/lib/schleuder/errors/key_adduid_failed.rb +13 -0
data/lib/schleuder/errors/key_generation_failed.rb +16 -0
data/lib/schleuder/errors/keyword_admin_only.rb +13 -0
data/lib/schleuder/errors/list_exists.rb +13 -0
data/lib/schleuder/errors/list_not_found.rb +14 -0
data/lib/schleuder/errors/list_property_missing.rb +14 -0
data/lib/schleuder/errors/listdir_problem.rb +16 -0
data/lib/schleuder/errors/loading_list_settings_failed.rb +14 -0
data/lib/schleuder/errors/message_empty.rb +14 -0
data/lib/schleuder/errors/message_not_from_admin.rb +13 -0
data/lib/schleuder/errors/message_sender_not_subscribed.rb +13 -0
data/lib/schleuder/errors/message_too_big.rb +14 -0
data/lib/schleuder/errors/message_unauthenticated.rb +13 -0
data/lib/schleuder/errors/message_unencrypted.rb +13 -0
data/lib/schleuder/errors/message_unsigned.rb +13 -0
data/lib/schleuder/errors/standard_error.rb +5 -0
data/lib/schleuder/errors/too_many_keys.rb +17 -0
data/lib/schleuder/errors/unknown_list_option.rb +14 -0
data/lib/schleuder/filters/auth_filter.rb +39 -0
data/lib/schleuder/filters/bounces_filter.rb +12 -0
data/lib/schleuder/filters/forward_filter.rb +17 -0
data/lib/schleuder/filters/forward_incoming.rb +13 -0
data/lib/schleuder/filters/hotmail_message_filter.rb +25 -0
data/lib/schleuder/filters/max_message_size.rb +14 -0
data/lib/schleuder/filters/request_filter.rb +26 -0
data/lib/schleuder/filters/send_key_filter.rb +20 -0
data/lib/schleuder/filters/strip_alternative_filter.rb +21 -0
data/lib/schleuder/filters_runner.rb +83 -0
data/lib/schleuder/gpgme/ctx.rb +274 -0
data/lib/schleuder/gpgme/import_status.rb +27 -0
data/lib/schleuder/gpgme/key.rb +212 -0
data/lib/schleuder/gpgme/sub_key.rb +13 -0
data/lib/schleuder/gpgme/user_id.rb +22 -0
data/lib/schleuder/list.rb +318 -127
data/lib/schleuder/list_builder.rb +139 -0
data/lib/schleuder/listlogger.rb +31 -0
data/lib/schleuder/logger.rb +23 -0
data/lib/schleuder/logger_notifications.rb +69 -0
data/lib/schleuder/mail/message.rb +482 -0
data/lib/schleuder/mail/parts_list.rb +9 -0
data/lib/schleuder/plugin_runners/base.rb +91 -0
data/lib/schleuder/plugin_runners/list_plugins_runner.rb +24 -0
data/lib/schleuder/plugin_runners/request_plugins_runner.rb +27 -0
data/lib/schleuder/plugins/attach_listkey.rb +17 -0
data/lib/schleuder/plugins/get_version.rb +7 -0
data/lib/schleuder/plugins/key_management.rb +113 -0
data/lib/schleuder/plugins/list_management.rb +15 -0
data/lib/schleuder/plugins/resend.rb +196 -0
data/lib/schleuder/plugins/sign_this.rb +46 -0
data/lib/schleuder/plugins/subscription_management.rb +140 -0
data/lib/schleuder/runner.rb +130 -0
data/lib/schleuder/subscription.rb +98 -0
data/lib/schleuder/validators/boolean_validator.rb +7 -0
data/lib/schleuder/validators/email_validator.rb +7 -0
data/lib/schleuder/validators/fingerprint_validator.rb +7 -0
data/lib/schleuder/validators/greater_than_zero_validator.rb +7 -0
data/lib/schleuder/validators/no_line_breaks_validator.rb +7 -0
data/lib/schleuder/version.rb +1 -1
data/locales/de.yml +179 -0
data/locales/en.yml +179 -0
metadata +305 -108
checksums.yaml.gz.sig +0 -3
data.tar.gz.sig +0 -2
data/LICENSE +0 -339
data/README +0 -32
data/bin/schleuder-fix-gem-dependencies +0 -37
data/bin/schleuder-init-setup +0 -37
data/bin/schleuder-migrate-v2.1-to-v2.2 +0 -225
data/bin/schleuder-newlist +0 -413
data/contrib/check-expired-keys.rb +0 -60
data/contrib/mutt-schleuder-colors.rc +0 -10
data/contrib/mutt-schleuder-resend.vim +0 -24
data/contrib/smtpserver.rb +0 -76
data/ext/default-list.conf +0 -149
data/ext/default-members.conf +0 -7
data/ext/list.conf.example +0 -14
data/ext/schleuder.conf +0 -64
data/lib/schleuder/archiver.rb +0 -46
data/lib/schleuder/crypt.rb +0 -210
data/lib/schleuder/errors.rb +0 -5
data/lib/schleuder/list_config.rb +0 -146
data/lib/schleuder/log/listlogger.rb +0 -57
data/lib/schleuder/log/outputter/emailoutputter.rb +0 -120
data/lib/schleuder/log/outputter/metaemailoutputter.rb +0 -50
data/lib/schleuder/log/schleuderlogger.rb +0 -34
data/lib/schleuder/mail.rb +0 -873
data/lib/schleuder/mailer.rb +0 -26
data/lib/schleuder/member.rb +0 -69
data/lib/schleuder/plugin.rb +0 -54
data/lib/schleuder/processor.rb +0 -363
data/lib/schleuder/schleuder_config.rb +0 -75
data/lib/schleuder/storage.rb +0 -84
data/lib/schleuder/utils.rb +0 -80
data/man/schleuder-newlist.8 +0 -174
data/man/schleuder.8 +0 -416
data/plugins/README +0 -20
data/plugins/manage_keys_plugin.rb +0 -113
data/plugins/manage_members_plugin.rb +0 -156
data/plugins/manage_self_plugin.rb +0 -26
data/plugins/resend_plugin.rb +0 -35
data/plugins/sign_this_plugin.rb +0 -14
data/plugins/version_plugin.rb +0 -12
metadata.gz.sig +0 -0

data/lib/schleuder/mail/parts_list.rb ADDED

@@ -0,0 +1,9 @@
+module Mail
+  class PartsList
+    # Disable sorting of mime-parts completely.
+    # Can't be done during runtime on the body-instance (`body#set_sort_order`)
+    # because MailGpg exchanges the body-instances when encrypting/signing.
+    def sort!(*args)
+    end
+  end
+end

data/lib/schleuder/plugin_runners/base.rb ADDED

@@ -0,0 +1,91 @@
+module Schleuder
+  module PluginRunners
+    module Base
+      def run(list, mail)
+        list.logger.debug "Starting #{self}"
+        @list = list
+        @mail = mail
+        setup
+        output = mail.keywords.map do |keyword, arguments|
+          run_plugin(keyword, arguments)
+        end
+        output.flatten.compact
+      end
+      private
+      def run_plugin(keyword, arguments)
+        @list.logger.debug "Running keyword '#{keyword}'"
+        error = check_admin_only(keyword)
+        return error if error
+        command = keyword.gsub('-', '_')
+        if ['list_name', 'listname'].include? (command)
+          return nil
+        elsif ! @plugin_module.respond_to?(command)
+          return I18n.t('plugins.unknown_keyword', keyword: keyword)
+        else
+          response = run_command(command, arguments)
+          if @list.keywords_admin_notify.include?(keyword)
+            notify_admins(keyword, arguments, response)
+          end
+          return response
+        end
+      rescue => exc
+        # Log to system, this information is probably more useful for
+        # system-admins than for list-admins.
+        Schleuder.logger.error(exc.message_with_backtrace)
+        I18n.t("plugins.plugin_failed", keyword: keyword)
+      end
+      def run_command(command, arguments)
+        out = @plugin_module.send(command, arguments, @list, @mail)
+        Array(out).flatten
+      end
+      def check_admin_only(keyword)
+        if @list.admin_only?(keyword) && ! @list.from_admin?(@mail)
+          @list.logger.debug "Error: Keyword is admin-only, sent by non-admin"
+          Schleuder::Errors::KeywordAdminOnly.new(keyword).to_s
+        else
+          false
+        end
+      end
+      def setup
+        check_listname_keyword
+        load_plugin_files
+        @plugin_module = self.name.demodulize.gsub("Runner", "").constantize
+      end
+      def check_listname_keyword
+        return nil if @mail.keywords.blank?
+        listname_kw = @mail.keywords.assoc('list-name') || @mail.keywords.assoc('listname')
+        if listname_kw.blank?
+          @mail.reply_to_signer I18n.t(:missing_listname_keyword_error)
+          exit
+        else
+          listname_args = listname_kw.last
+          if ! [@list.email, @list.request_address].include?(listname_args.first)
+            @mail.reply_to_signer I18n.t(:wrong_listname_keyword_error)
+            exit
+          end
+        end
+      end
+      def load_plugin_files
+        @list.logger.debug "Loading plugins"
+        Dir["#{Schleuder::Conf.plugins_dir}/*.rb"].each do |file|
+          require file
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/plugin_runners/list_plugins_runner.rb ADDED

@@ -0,0 +1,24 @@
+module Schleuder
+  module PluginRunners
+    module ListPluginsRunner
+      extend Base
+      def self.notify_admins(keyword, arguments, response)
+        if arguments.blank?
+          msg = I18n.t('plugins.keyword_admin_notify_lists_without_arguments',
+                                signer: @mail.signer,
+                                keyword: keyword
+                            )
+        else
+          msg = I18n.t('plugins.keyword_admin_notify_lists',
+                                signer: @mail.signer,
+                                keyword: keyword,
+                                arguments: arguments.join(' ')
+                            )
+        end
+        @list.logger.notify_admin(msg, nil, 'Notice')
+      end
+    end
+  end
+end

data/lib/schleuder/plugin_runners/request_plugins_runner.rb ADDED

@@ -0,0 +1,27 @@
+module Schleuder
+  module PluginRunners
+    module RequestPluginsRunner
+      extend Base
+      def self.notify_admins(keyword, arguments, response)
+        if arguments.blank?
+          explanation = I18n.t('plugins.keyword_admin_notify_request_without_arguments',
+                                signer: @mail.signer,
+                                keyword: keyword
+                            )
+        else
+          explanation = I18n.t('plugins.keyword_admin_notify_request',
+                                signer: @mail.signer,
+                                keyword: keyword,
+                                arguments: arguments.join(' ')
+                            )
+        end
+        response = response.join("\n\n")
+        msg = "#{explanation}\n\n#{response}"
+        @list.logger.notify_admin(msg, nil, 'Notice')
+      end
+    end
+  end
+end

data/lib/schleuder/plugins/attach_listkey.rb ADDED

@@ -0,0 +1,17 @@
+module Schleuder
+  module ListPlugins
+    def self.attach_listkey(arguments, list, mail)
+      filename = "#{list.fingerprint}.pgpkey"
+      # "Mail" only really converts to multipart if the content-type is blank.
+      mail.content_type = nil
+      mail.add_file({
+        filename: filename,
+        content: list.export_key
+      })
+      mail.attachments[filename].content_type = 'application/pgp-keys'
+      mail.attachments[filename].content_description = "OpenPGP public key of #{list.email}"
+      mail.attachments[filename].content_disposition = "attachment; filename=#{filename}"
+      nil
+    end
+  end
+end

data/lib/schleuder/plugins/get_version.rb ADDED

@@ -0,0 +1,7 @@
+module Schleuder
+  module RequestPlugins
+    def self.get_version(arguments, list, mail)
+      Schleuder::VERSION
+    end
+  end
+end

data/lib/schleuder/plugins/key_management.rb ADDED

@@ -0,0 +1,113 @@
+module Schleuder
+  module RequestPlugins
+    def self.add_key(arguments, list, mail)
+      out = [I18n.t('plugins.key_management.import_result')]
+      if mail.has_attachments?
+        results = self.import_keys_from_attachments(list, mail)
+      else
+        results = [self.import_key_from_body(list, mail)]
+      end
+      out << results.compact.collect(&:imports).flatten.map do |import_status|
+        str = I18n.t("plugins.key_management.key_import_status.#{import_status.action}")
+        "#{import_status.fpr}: #{str}"
+      end
+      out.join("\n")
+    end
+    def self.delete_key(arguments, list, mail)
+      arguments.map do |argument|
+        keys = list.keys(argument)
+        case keys.size
+        when 0
+          I18n.t("errors.no_match_for", input: argument)
+        when 1
+          begin
+            keys.first.delete!
+            I18n.t('plugins.key_management.deleted', key_string: keys.first.fingerprint)
+          rescue GPGME::Error::Conflict
+            I18n.t('plugins.key_management.not_deletable', key_string: keys.first.fingerprint)
+          end
+        else
+          I18n.t('errors.too_many_matching_keys', {
+              input: argument,
+              key_strings: keys.map(&:to_s).join("\n")
+            })
+        end
+      end.join("\n\n")
+    end
+    def self.list_keys(arguments, list, mail)
+      args = Array(arguments.presence || '')
+      args.map do |argument|
+        # In this case it shall be allowed to match keys by arbitrary
+        # sub-strings, therefore we use `list.gpg` directly to not have the
+        # input filtered.
+        list.gpg.keys(argument).map do |key|
+          key.to_s
+        end
+      end.join("\n\n")
+    end
+    def self.get_key(arguments, list, mail)
+      arguments.map do |argument|
+        keys = list.keys(argument)
+        if keys.blank?
+          I18n.t("errors.no_match_for", input: argument)
+        else
+          result = [I18n.t('plugins.key_management.matching_keys_intro', input: argument)]
+          keys.each do |key|
+            atchm = Mail::Part.new
+            atchm.body = key.armored
+            atchm.content_type = 'application/pgp-keys'
+            atchm.content_disposition = "attachment; filename=#{key.fingerprint}.asc"
+            result << atchm
+          end
+          result.flatten
+        end
+      end
+    end
+    def self.fetch_key(arguments, list, mail)
+      arguments.map do |argument|
+        list.fetch_keys(argument)
+      end
+    end
+    # helper methods
+    private
+    def self.is_armored_key?(material)
+      return false unless /^-----BEGIN PGP PUBLIC KEY BLOCK-----$/ =~ material
+      return false unless /^-----END PGP PUBLIC KEY BLOCK-----$/ =~ material
+      lines = material.split("\n").reject(&:empty?)
+      # remove header
+      lines.shift
+      # remove tail
+      lines.pop
+      # verify the rest
+      # TODO: verify length except for lasts lines?
+      # headers according to https://tools.ietf.org/html/rfc4880#section-6.2
+      lines.map do |line|
+        /\A((comment|version|messageid|hash|charset):.*|[0-9a-z\/=+]+)\Z/i =~ line
+      end.all?
+    end
+    def self.import_keys_from_attachments(list, mail)
+      mail.attachments.map do |attachment|
+        material = attachment.body.to_s
+        list.import_key(material) if self.is_armored_key?(material)
+      end
+    end
+    def self.import_key_from_body(list, mail)
+      key_material = mail.first_plaintext_part.body.to_s
+      list.import_key(key_material) if self.is_armored_key?(key_material)
+    end
+  end
+end

data/lib/schleuder/plugins/list_management.rb ADDED

@@ -0,0 +1,15 @@
+module Schleuder
+  module RequestPlugins
+    def self.get_logfile(arguments, list, mail)
+      if File.readable?(list.logfile)
+        attachment = Mail::Part.new
+        attachment.body = File.read(list.logfile)
+        attachment.content_disposition = "inline; filename=#{list.email}.log"
+        intro = I18n.t("plugins.list_management.logfile_attached", listname: list.email)
+        [intro, attachment]
+      else
+        I18n.t("plugins.list_management.no_logfile", listname: list.email)
+      end
+    end
+  end
+end

data/lib/schleuder/plugins/resend.rb ADDED

@@ -0,0 +1,196 @@
+module Schleuder
+  module ListPlugins
+    def self.resend(arguments, list, mail)
+      resend_it(arguments, mail, false)
+    end
+    def self.resend_enc(arguments, list, mail)
+      resend_encrypted_only(arguments, list, mail)
+    end
+    def self.resend_encrypted_only(arguments, list, mail)
+      resend_it(arguments, mail, true)
+    end
+    def self.resend_cc(arguments, list, mail)
+      resend_it_cc(arguments, mail, false)
+    end
+    def self.resend_cc_enc(arguments, list, mail)
+      resend_cc_encrypted_only(arguments, list, mail)
+    end
+    def self.resend_cc_encrypted_only(arguments, list, mail)
+      resend_it_cc(arguments, mail, true)
+    end
+    def self.resend_unencrypted(arguments, list, mail)
+      do_resend_unencrypted(arguments, list, mail, :to)
+    end
+    def self.resend_cc_unencrypted(arguments, list, mail)
+      do_resend_unencrypted(arguments, list, mail, :cc)
+    end
+    # helper methods
+    private
+    def self.do_resend_unencrypted(arguments, list, mail, target)
+      if ! resend_recipients_valid?(mail, arguments)
+        return false
+      end
+      recip_map = Hash[Array(arguments).map{|email| [email,''] }]
+      if do_resend(mail, recip_map, target, false)
+        mail.add_subject_prefix_out!
+      end
+    end
+    def self.resend_it_cc(arguments, mail, encrypted_only)
+      if ! resend_recipients_valid?(mail, arguments)
+        return false
+      end
+      recip_map = map_with_keys(mail, arguments, encrypted_only)
+      # Only continue if all recipients are still here.
+      if recip_map.size < arguments.size
+        return
+      end
+      if do_resend(mail, recip_map, :cc, encrypted_only)
+        mail.add_subject_prefix_out!
+      end
+    end
+    def self.resend_it(arguments, mail, encrypted_only)
+      if ! resend_recipients_valid?(mail, arguments)
+        return false
+      end
+      recip_map = map_with_keys(mail, arguments, encrypted_only)
+      resent_stati = recip_map.map do |email, key|
+        do_resend(mail, {email => key}, :to, encrypted_only)
+      end
+      if resent_stati.include?(true)
+        # At least one message has been resent
+        mail.add_subject_prefix_out!
+      end
+    end
+    def self.do_resend(mail, recipients_map, to_or_cc, encrypted_only)
+      if recipients_map.empty?
+        return
+      end
+      gpg_opts = make_gpg_opts(mail, recipients_map, encrypted_only)
+      if gpg_opts == false
+        return false
+      end
+      # Compose and send email
+      new = mail.clean_copy
+      new[to_or_cc] = recipients_map.keys
+      new.add_public_footer!
+      new.sender = mail.list.bounce_address
+      # `dup` gpg_opts because `deliver` changes their value and we need them
+      # below to determine encryption!
+      new.gpg gpg_opts.dup
+      if new.deliver
+        add_resent_headers(mail, recipients_map, to_or_cc, gpg_opts[:encrypt])
+        return true
+      else
+        add_error_header(mail, recipients_map)
+        return false
+      end
+    rescue Net::SMTPFatalError => exc
+      add_error_header(mail, recipients_map)
+      logger.error "Error while sending: #{exc}"
+      return false
+    end
+    def self.map_with_keys(mail, recipients, encrypted_only)
+      Array(recipients).inject({}) do |hash, email|
+        keys = mail.list.keys(email)
+        # Exclude unusable keys.
+        keys.select! { |key| key.usable_for?(:encrypt) }
+        case keys.size
+        when 1
+          hash[email] = keys.first
+        when 0
+          if encrypted_only
+            # Don't add the email to the result to exclude it from the
+            # recipients.
+            add_keys_error(mail, email, keys.size)
+          else
+            hash[email] = ''
+          end
+        else
+          # Always report this situation, regardless of sending or not. It's
+          # bad and should be fixed.
+          add_keys_error(mail, email, keys.size)
+          if ! encrypted_only
+            hash[email] = ''
+          end
+        end
+        hash
+      end
+    end
+    def self.make_gpg_opts(mail, recipients_map, encrypted_only)
+      gpg_opts = mail.list.gpg_sign_options
+      # Do all recipients have a key?
+      if recipients_map.values.map(&:class).uniq == [GPGME::Key]
+        gpg_opts.merge!(encrypt: true)
+      elsif encrypted_only
+        false
+      end
+      gpg_opts
+    end
+    def self.add_keys_error(mail, email, keys_size)
+      mail.add_pseudoheader(:error, I18n.t("plugins.resend.not_resent_no_keys", email: email, num_keys: keys_size))
+    end
+    def self.add_error_header(mail, recipients_map)
+      mail.add_pseudoheader(:error, "Resending to #{recipients_map.keys.join(', ')} failed, please check the logs!")
+    end
+    def self.add_resent_headers(mail, recipients_map, to_or_cc, sent_encrypted)
+      if sent_encrypted
+        prefix = I18n.t('plugins.resend.encrypted_to')
+        str = recipients_map.map do |email, key|
+          "#{email} (#{key.fingerprint})"
+        end.join(', ')
+      else
+        prefix = I18n.t('plugins.resend.unencrypted_to')
+        str = recipients_map.keys.join(', ')
+      end
+      headername = resent_header_name(to_or_cc)
+      mail.add_pseudoheader(headername, "#{prefix} #{str}")
+    end
+    def self.resent_header_name(to_or_cc)
+      if to_or_cc.to_s == 'to'
+        'resent'
+      else
+        'resent_cc'
+      end
+    end
+    def self.resend_recipients_valid?(mail, recipients)
+      all_valid = true
+      Array(recipients).each do |address|
+        if ! address.match(Conf::EMAIL_REGEXP)
+          mail.add_pseudoheader(:error, I18n.t("plugins.resend.invalid_recipient", address: address))
+          all_valid = false
+        end
+      end
+      all_valid
+    end
+  end
+end