schleuder 2.2.4 → 3.2.2

data/lib/schleuder/crypt.rb

@@ -1,210 +0,0 @@
-module Schleuder
-    # Wrapper for ruby-gpgme. Method naming is not strictly logical, this might
-    # change but aliases will be set up then.
-    class Crypt
-      # Instantiates and stores password
-      def initialize(password, options={})
-        unless options[:new_keyring]
-          # Check file permissions. ruby-gpgme unfortunately returns unspecific
-          # errors if it can't read files.
-          %w(pubring.gpg secring.gpg trustdb.gpg).each do |fn|
-            f = File.join(ENV['GNUPGHOME'], fn)
-            if ! File.readable?(f)
-              raise Errno::EACCES.new('%s is not readable' % f)
-            elsif ! File.writable?(f)
-              raise Errno::EACCES.new('%s is not writable' % f)
-            end
-          end
-        end
-
-        @password = password
-        if GPGME.respond_to? 'check_version'
-          GPGME::check_version('0.0.0')
-        end
-        @ctx = GPGME::Ctx.new
-        # feed the passphrase into the Context
-        @ctx.set_passphrase_cb(method(:passfunc))
-      end
-
-      # Verify a gpg-signature. Use +signed_string+ if the signature is
-      # detached. Returns a GPGME::SignatureResult
-      def verify(sig, signed_string='')
-        in_signed = ''
-        if signed_string.empty?
-          # verify +sig+ as cleartext (aka pgp/inline) signature
-          Schleuder.log.debug 'No extra signed_string, verifying cleartext signature'
-          output = GPGME.verify(sig) do |sig|
-            in_signed = sig
-          end
-        else
-          # verify detached signature
-          Schleuder.log.debug 'Verifying detached signature'
-          # Don't know why we need a GPGME::Data object this time but without gpgme throws exceptions
-          plain = GPGME::Data.new
-          GPGME.verify(sig, signed_string, plain) do |sig|
-            in_signed = sig
-          end
-          output = signed_string
-          
-        end
-        Schleuder.log.debug 'verify_result: ' + in_signed.inspect
-        
-        [output, in_signed]
-      end
-      
-      # Decrypt a string.
-      def decrypt(str)
-        output = ""
-        in_encrypted = nil
-        in_signed = nil
-        
-        # TODO: return ciphertext if missing key when decrypting inline
-        # attachments or recursing into mime-messages.  Breaking if even the
-        # whole message is not decryptable is a job for the processor.
-        
-        # match pgp-mime- and inline-pgp-signatures
-        if str =~ /^-----BEGIN PGP SIG/
-          Schleuder.log.debug 'found ascii-armored, signed, not encrypted message, verifying'
-          output, in_signed = verify(str)
-        else
-          begin
-            Schleuder.log.debug 'Trying to decrypt'
-            output = GPGME.decrypt(str, :passphrase_callback => method(:passfunc)) do |sig|
-              in_signed = sig
-            end
-            in_encrypted = true
-          rescue GPGME::Error::NoData => exc
-            Schleuder.log.debug "Caught NoData-exception from gpgme. This probably means we're dealing with a binary signature, trying to verify."
-            output, in_signed = verify(str)
-            if output.empty?
-              Schleuder.log.debug "Empty output from verification. No more options, returning."
-            end
-          end
-        end
-        Schleuder.log.debug "mime_type of decrypted content: #{output.mime.inspect}"
-        Schleuder.log.debug "in_signed: #{in_signed.inspect}"
-        Schleuder.log.debug "in_encrypted: #{in_encrypted.inspect}"
-	if output.empty?
-          Schleuder.log.debug "Empty output, returning input"
-          output = str
-	end
-        # TODO: return mailadresses or keys instead of signature-objects?
-        [output, in_encrypted, in_signed]
-      rescue GPGME::Error::General => exc
-        Schleuder.log.warn "gpgme returned a general error. Most likely this is due to unexpected input, but as you never know here's the input and the exception:\ninput:\n#{str.inspect}\n#{exc.to_s}\n#{exc.backtrace[0..9].join("\n")}"
-        [str, nil, nil]
-      end
-      
-      # Encrypt a string to a single receiver and sign it. +receiver+ must be a
-      # Schleuder::Member
-      def encrypt_str(str, receiver)
-        # encrypt and sign and return encrypted data as string
-        # For some reason sometimes the last two characters of str are stolen
-        # unless we append a blank or newline... Life is hard...
-        GPGME.encrypt([receiver.key],
-                      "#{str} ",
-                      {:passphrase_callback => method(:passfunc),
-                       :armor => true,
-                       :sign => true,
-                       :always_trust => true
-                      })
-      end
-      
-      # Lists all public keys matching +pattern+. Returns an array of
-      # GPGME::GpgKey's
-      def list_keys(pattern='')
-        GPGME.list_keys(pattern)
-      end
-
-      # Returns the GPGME::GpgKey matching +pattern+. Log an error if more than
-      # one matches, because duplicated user-ids is a sensitive issue.
-      def get_key(pattern, only_valid_keys=false)
-        pattern = "<#{pattern}>" if pattern =~ /.*@.*/ && !(pattern =~ /^<.*>$/)
-        keys = list_keys(pattern)
-
-        keys.reject! { |key| unusable_key?(key) } if only_valid_keys
-
-        if keys.empty?
-          [false, "no key found for #{pattern}."]
-        elsif keys.length > 1
-          Schleuder.log.warn "There's more than one key matching the pattern you gave me!"
-          Schleuder.log.debug { "Pattern: #{pattern.inspect}" }
-          Schleuder.log.debug { "Keys: #{keys.inspect}" }
-          [false, "no distinct key for #{pattern.inspect} found. Matching keys: #{key_infos(keys,only_valid_keys).join(', ')}"]
-        else
-          [keys.first]
-        end
-      end
-      
-      # Signs +string+ with the private key of the list (aka detached signature)
-      def sign(string)
-        GPGME::detach_sign(string, {:armor => true, :passphrase_callback => method(:passfunc)})
-      end
-
-      # Clearsigns +string+ with the private key of the list
-      def clearsign(string)
-        GPGME::clearsign(string, {:armor => true, :passphrase_callback => method(:passfunc)})
-      end
-      
-      # Exports the public key matching +keyid+ as ascii key block.
-      def export(keyid)
-        GPGME.export(keyid, :armor=>:true)
-      end
-      
-      # Delete the public key matching +pattern+ from the public key ring of the
-      # list
-      def delete_key(key)
-        msg = nil
-        key, msg = get_key(key) if key.kind_of?(String)
-
-        if key
-          @ctx.delete_key(key)
-          return true
-        else
-          msg
-        end
-      rescue => e
-        return e
-      end
-      
-      # Import +keydata+ into public key ring of the list
-      def add_key(keydata)
-        GPGME.import(keydata)
-      end
-
-      def add_key_from_file(keyfile)
-        add_key(File.read(keyfile))
-      end
-
-      def key_descr(key)
-        key.to_s.split("\n").first.split[1..2].join(' ')
-      end
-
-      private
-
-      def key_infos(keys, only_valid_keys=false)
-        keys.collect do |key|
-          info = key_descr(key)
-          unless only_valid_keys
-            info << trust_info(key)
-          end
-          info
-        end
-      end
-
-      def trust_info(key)
-        unusable_key?(key) ? " *#{key.trust}*" : ''
-      end
-
-      def unusable_key?(key)
-        [:revoked, :expired].include?(key.trust)
-      end
-
-      def passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
-        io = IO.for_fd(fd, 'w')
-        io.puts @password
-        io.flush
-      end
-
-    end
-end

data/lib/schleuder/errors.rb

@@ -1,5 +0,0 @@
-
-class SchleuderError < RuntimeError 
-end
-class NewListError < SchleuderError 
-end

data/lib/schleuder/list_config.rb

@@ -1,146 +0,0 @@
-# the list config class - a simple container
-
-module Schleuder
-  class ListConfig < Storage
-
-    # Options and their defaults
-    # If you want to change the defaults, edit conf/default-list.conf
-
-    # Emailaddress of the list
-    schleuder_attr :myaddr, ''
-
-    # Realname of this list address (mainly used for gpg key)
-    schleuder_attr :myname, ''
-
-    # Listadmin's emailaddress(es). Must be an array.
-    schleuder_attr :admins, []
-
-    # Default mime setting
-    schleuder_attr :default_mime, 'MIME'
-
-    # The gpg password
-    schleuder_attr :gpg_password, nil
-
-    # The fingerprint of the key used for this list
-    schleuder_attr :key_fingerprint, nil
-
-    # Wether sending emails in the clear is allowed or not.
-    schleuder_attr :send_encrypted_only, false
-
-    # Wether to accept only incoming emails that are encrypted
-    schleuder_attr :receive_encrypted_only, false
-
-    # Wether to accept only emails that are validly signed
-    schleuder_attr :receive_signed_only, false
-
-    # Wether to accept only emails that are validly signed by a list-member's key
-    schleuder_attr :receive_authenticated_only, false
-
-    # Wether to accept only emails that are validly signed by a list-admin's key
-    schleuder_attr :receive_admin_only, false
-
-    # Whether to accept only emails that are sent from a members address.
-    # NOTE: better rely on :receive_authenticated_only and ignore that option.
-    schleuder_attr :receive_from_member_emailaddresses_only, false
-
-    # Wether to keep the msgid or not
-    schleuder_attr :keep_msgid, true
-
-    # Footer for outgoing mails
-    schleuder_attr :public_footer, ''
-
-    # Subject prefix for incoming (signed) mails from listmembers
-    schleuder_attr :prefix, ''
-
-    # Subject prefix for incoming mails
-    schleuder_attr :prefix_in, ''
-
-    # Subject prefix for outgoing mails
-    schleuder_attr :prefix_out, ''
-
-    # The log_level (ERROR || WARN || INFO || DEBUG)
-    schleuder_attr :log_level, 'ERROR'
-
-    # Log to SYSLOG?
-    schleuder_attr :log_syslog, false
-
-    # Log to IO (writing into STDIN of another process/executable)
-    schleuder_attr :log_io, false
-
-    # Log to a file? If the path doesn't start with a slash the list-dir will
-    # be prefixed.
-    schleuder_attr :log_file, 'list.log'
-
-    # Which headers from original mail to include into the internal meta data
-    schleuder_attr :headers_to_meta, [:from, :to, :cc, :date]
-
-    # Restrict specific plugins to admin
-    schleuder_attr :keywords_admin_only, ['ADD-MEMBER', 'DELETE-MEMBER', 'DELETE-KEY', 'SAVE-MEMBERS', 'DEL-KEY' ]
-
-    # Notify admin if these keywords triggered commands.
-    schleuder_attr :keywords_admin_notify, [ 'ADD-KEY' ]
-
-    # Drop any bounces (incoming email not passing the receive_*_only-rules)
-    schleuder_attr :bounces_drop_all, false
-
-    # Drop bounces if they match one of these headers. Must be a hash, keys and values are case insensitive.
-    schleuder_attr :bounces_drop_on_headers,  {'x-spam-flag' => 'yes'}
-
-    # Send a notice to admin(s) on bouncing or dropping
-    schleuder_attr :bounces_notify_admin, true
-
-    # Include RFC-compliant List-* Headers into member mails
-    schleuder_attr :include_list_headers, true
-
-    # Include OpenPGP-Header
-    schleuder_attr :include_openpgp_header, true
-    # Preferred way to receive emails to note in OpenPGP-Header ('sign'|'encrypt'|'signencrypt'|'unprotected'|'none')
-    # 'none' to not include a preference
-    # default: 'signencrypt'
-    schleuder_attr :openpgp_header_preference, 'signencrypt'
-
-    # If we want to dump the original incoming mail.
-    # ATTENTION: this stores the incoming e-mail on disk!
-    schleuder_attr :dump_incoming_mail, false
-
-    # Maximum size of message allowed on the list in kilobyte. All others will be bounced.
-    schleuder_attr :max_message_size, 10240 # 10MB
-
-    # Whether to archive messages sent to list members or not.
-    # default: false
-    schleuder_attr :archive, false
-
-    ### END OF CONFIG OPTIONS
-
-    def initialize(config=nil)
-      # First Overload with default-list.conf then load our config
-      overload_from_file!(Schleuder.config.lists_default_conf)
-      # overload with config_file
-      super(config)
-
-      # load admins as members
-      self.admins = self.admins
-      # compress fingerprint
-      self.key_fingerprint = self.key_fingerprint
-    end
-
-    def key_fingerprint=(fpr)
-      schleuder_attributes['key_fingerprint'] = Schleuder::Utils.compress_fingerprint(fpr)
-    end
-
-    def admins=(ary)
-      schleuder_attributes['admins'] = Array(ary).collect { |mem|
-        if mem.kind_of?(Member)
-          mem
-        else
-          if mem.kind_of?(Hash) && mem.has_key?("email")
-            Member.new(mem)
-          else
-            Schleuder.log.error "Wrong input: #{mem.inspect} is not suitable data for a Member."
-            nil
-          end
-        end
-      }.compact
-    end
-  end
-end

data/lib/schleuder/log/listlogger.rb

@@ -1,57 +0,0 @@
-module Schleuder
-  class ListLogger < Log4r::Logger
-    # Instantiates the list-logger and sets outputters and level.
-    # Warning: Do *not* rely on the list-object here!  It's not yet available
-    # (this actually is part of setting it up) and you'd produce loops and
-    # break the whole thing.
-    def initialize(listname, listdir, config)
-      # Initialize self
-      super('list')
-
-      # define the initial log_level for all outputters (they inherit it)
-      @level = eval("Log4r::#{config.log_level.upcase}")
-
-      # Setting up outputters.
-      fmtr = Log4r::PatternFormatter.new(:pattern => "%d #{listname} %l\t%M")
-
-      if config.log_file
-        require 'log4r/outputter/fileoutputter'
-        filename = config.log_file
-        filename = File.join(listdir, filename) unless filename[0..0].eql?('/')
-        filename = File.join(filename, "#{listname}.log") if filename.end_with?('/')
-        add Log4r::FileOutputter.new("file",
-                                       { :level => @level,
-                                         :filename => filename,
-                                         :formatter => fmtr }
-                                     )
-      end
-
-      if config.log_syslog
-        require 'log4r/outputter/syslogoutputter'
-        syslogfmtr = Log4r::PatternFormatter.new(:pattern => "#{listname}: %M")
-        add Log4r::SyslogOutputter.new("syslog",
-                                         { :level => @level,
-                                           :ident => 'schleuder',
-                                           :facility => "LOG_MAIL",
-                                           :formatter => syslogfmtr }
-                                      )
-      end
-
-      if config.log_io
-        require 'log4r/outputter/iooutputter'
-        require 'stringio'
-        io = IO.popen(config.log_io, 'w')
-        add Log4r::IOOutputter.new("io", io, :level => @level)
-      end
-
-      # Add this as last outputter, else you'll see logging-statements from
-      # sending the email before the original error is logged — that's a little
-      # confusing.
-      add EmailOutputter.new("email", :formatter => fmtr)
-    end
-
-    def notify_admin(*args)
-      Log4r::Outputter['email'].notify_admin *args
-    end
-  end
-end

data/lib/schleuder/log/outputter/emailoutputter.rb

@@ -1,120 +0,0 @@
-module Schleuder
-  class EmailOutputter < Log4r::EmailOutputter
-    def initialize(name, hash={})
-      # The class needs to/from/subject, we don't use it
-      hash = {:to => Schleuder.config.superadminaddr,
-              :from => Schleuder.config.myaddr,
-              :'error-to' => Schleuder.config.superadminaddr,
-              :subject => 'Error',
-              :server => Schleuder.config.smtp_host,
-              :port => Schleuder.config.smtp_port,
-              :immediate_at => 'ERROR, FATAL',
-              :formatter => formatter,
-              :domain => 'schleuder', # necessary for log4r from debian "stable"
-              :buffsize => 1024**1024 # set the buff size very high otherwise we would trigger random log mails on random log statements if the buffer is full.
-             }.merge(hash)
-      @altmsg = "Hello,\n\nsending an encrypted error message to you failed. Therefore you receive only\nthis message and are kindly requested to take care of the encryption problem\n(e.g. fix your keys) and have a look at the logs to find the error.\n\nYours,  Schleuder\n"
-      super name, hash
-    end
-
-    def format(events)
-      events.map { |event| @formatter.format(event) }
-    end
-
-    def notify_admin(subject, msg)
-      send_mail(makeemail(subject, msg))
-    end
-
-    def makeemail(subject=@subject, msg=nil)
-      m = Mail.new
-      m.subject = subject
-      m.date = Time.now
-      m.from = @from
-
-      if msg
-        case msg
-        when String
-          m.body = msg
-        when Array
-          m.body = ''
-          m.mime_version = 1.0
-          msg.each do |msgpart|
-            part = Mail.new
-            case msgpart
-            when Mail
-              # This contruction is needed to have valid boundaries. Did I mention that Tmail sucks?
-              part.body = Mail.parse(msgpart.to_s).to_s
-              part.content_type = 'message/rfc822'
-            when String
-              part.body = msgpart.to_s
-              part.content_type = 'text/plain'
-            else
-              # This shouldn't happen (we should only have forwarded emails or
-              # strings to notify admins), but who knows.
-              part.body = msgpart
-              part.content_type = 'application/octet-stream'
-            end
-            m.parts.push part
-          end
-        end
-      else
-        # Get the triggering error-msg(s).
-        msg = format(@buff.select { |e| e.level > Log4r::WARN }).join
-        # Get the whole log.
-        backlog = format(@buff).join
-
-        infopart = Mail.new
-        infopart.body = "An error occurred working for list #{Schleuder.list.listname}:\n\n#{msg}\n\nSee also attachments.\n\n"
-        m.parts.push infopart
-
-        if Schleuder.origmsg
-          origm = Mail.new
-          origm.body = Schleuder.origmsg << "\n"
-          origm.content_type = "message/rfc822"
-          origm.set_content_disposition 'inline', { :filename => 'schleuder-orig-message.txt' }
-          origm['content-description'] = "'The originally incoming message'"
-          m.parts.push origm
-        end
-
-        backlogpart = Mail.new
-        backlogpart.body = backlog << "\n\n"
-        backlogpart['content-description'] = "'Schleuder logging output'"
-        backlogpart.set_content_disposition 'inline', { :filename => 'schleuder-log.txt' }
-        m.parts.push backlogpart
-      end
-
-      # Trigger re-parsing of the body, else TMail doesn't know it's multipart... :/
-      m.to_s
-      m
-    end
-
-    def send_mail(mail=makeemail)
-      if @send_mail_lock
-        self.level = Log4r::OFF # it's possible that the loglevel haven't yet been changed
-        Schleuder.log.warn "This is a loop in sending a mail in the EmailOutputer, breaking!"
-        return false
-      end
-      @send_mail_lock = true
-      Schleuder.log.info 'Sending notification to admin'
-      Schleuder.list.config.admins.each do |admin|
-        Schleuder.log.debug { "Looping for admin #{admin}" }
-        m = mail.individualize(admin)
-        m.to = admin.email
-        sender = Schleuder.config.superadminaddr
-        if !Processor.send(m, admin, true, sender)
-          m.body = @altmsg
-          m.content_type = 'text/plain'
-          Processor.send(m, admin, false, sender)
-        end
-      end
-      Schleuder.log.info { 'Sending notification done' }
-    rescue => e
-      # switch off logging per email, else we create loops here!
-      self.level = Log4r::OFF
-      raise
-    ensure
-      @send_mail_lock = false
-      @buff.clear
-    end
-  end
-end