RubyGems - schleuder - Versions diffs - 2.2.4 → 3.2.2 - Mend

schleuder 2.2.4 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

checksums.yaml +5 -5
data/README.md +138 -0
data/Rakefile +136 -0
data/bin/pinentry-clearpassphrase +72 -0
data/bin/schleuder +9 -89
data/bin/schleuder-api-daemon +4 -0
data/db/migrate/20140501103532_create_lists.rb +39 -0
data/db/migrate/20140501112859_create_subscriptions.rb +21 -0
data/db/migrate/201508092100_add_language_to_lists.rb +11 -0
data/db/migrate/20150812165700_change_keywords_admin_only_defaults.rb +8 -0
data/db/migrate/20150813235800_add_forward_all_incoming_to_admins.rb +11 -0
data/db/migrate/201508141727_change_send_encrypted_only_default.rb +8 -0
data/db/migrate/201508222143_add_logfiles_to_keep_to_lists.rb +11 -0
data/db/migrate/201508261723_rename_delivery_disabled_to_delivery_enabled_and_change_default.rb +14 -0
data/db/migrate/201508261815_strip_gpg_passphrase.rb +11 -0
data/db/migrate/201508261827_remove_default_mime.rb +9 -0
data/db/migrate/20160501172700_fix_headers_to_meta_defaults.rb +8 -0
data/db/migrate/20170713215059_add_internal_footer_to_list.rb +11 -0
data/db/schema.rb +62 -0
data/etc/init.d/schleuder-api-daemon +87 -0
data/etc/list-defaults.yml +123 -0
data/etc/postfix/schleuder_sqlite.cf +28 -0
data/etc/schleuder-api-daemon.service +10 -0
data/etc/schleuder.cron.weekly +6 -0
data/etc/schleuder.yml +61 -0
data/lib/schleuder-api-daemon.rb +420 -0
data/lib/schleuder.rb +81 -47
data/lib/schleuder/cli.rb +334 -0
data/lib/schleuder/cli/cert.rb +24 -0
data/lib/schleuder/cli/schleuder_cert_manager.rb +84 -0
data/lib/schleuder/cli/subcommand_fix.rb +11 -0
data/lib/schleuder/conf.rb +131 -0
data/lib/schleuder/errors/active_model_error.rb +15 -0
data/lib/schleuder/errors/base.rb +17 -0
data/lib/schleuder/errors/decryption_failed.rb +16 -0
data/lib/schleuder/errors/fatal_error.rb +13 -0
data/lib/schleuder/errors/file_not_found.rb +14 -0
data/lib/schleuder/errors/invalid_listname.rb +13 -0
data/lib/schleuder/errors/key_adduid_failed.rb +13 -0
data/lib/schleuder/errors/key_generation_failed.rb +16 -0
data/lib/schleuder/errors/keyword_admin_only.rb +13 -0
data/lib/schleuder/errors/list_exists.rb +13 -0
data/lib/schleuder/errors/list_not_found.rb +14 -0
data/lib/schleuder/errors/list_property_missing.rb +14 -0
data/lib/schleuder/errors/listdir_problem.rb +16 -0
data/lib/schleuder/errors/loading_list_settings_failed.rb +14 -0
data/lib/schleuder/errors/message_empty.rb +14 -0
data/lib/schleuder/errors/message_not_from_admin.rb +13 -0
data/lib/schleuder/errors/message_sender_not_subscribed.rb +13 -0
data/lib/schleuder/errors/message_too_big.rb +14 -0
data/lib/schleuder/errors/message_unauthenticated.rb +13 -0
data/lib/schleuder/errors/message_unencrypted.rb +13 -0
data/lib/schleuder/errors/message_unsigned.rb +13 -0
data/lib/schleuder/errors/standard_error.rb +5 -0
data/lib/schleuder/errors/too_many_keys.rb +17 -0
data/lib/schleuder/errors/unknown_list_option.rb +14 -0
data/lib/schleuder/filters/auth_filter.rb +39 -0
data/lib/schleuder/filters/bounces_filter.rb +12 -0
data/lib/schleuder/filters/forward_filter.rb +17 -0
data/lib/schleuder/filters/forward_incoming.rb +13 -0
data/lib/schleuder/filters/hotmail_message_filter.rb +25 -0
data/lib/schleuder/filters/max_message_size.rb +14 -0
data/lib/schleuder/filters/request_filter.rb +26 -0
data/lib/schleuder/filters/send_key_filter.rb +20 -0
data/lib/schleuder/filters/strip_alternative_filter.rb +21 -0
data/lib/schleuder/filters_runner.rb +83 -0
data/lib/schleuder/gpgme/ctx.rb +274 -0
data/lib/schleuder/gpgme/import_status.rb +27 -0
data/lib/schleuder/gpgme/key.rb +212 -0
data/lib/schleuder/gpgme/sub_key.rb +13 -0
data/lib/schleuder/gpgme/user_id.rb +22 -0
data/lib/schleuder/list.rb +318 -127
data/lib/schleuder/list_builder.rb +139 -0
data/lib/schleuder/listlogger.rb +31 -0
data/lib/schleuder/logger.rb +23 -0
data/lib/schleuder/logger_notifications.rb +69 -0
data/lib/schleuder/mail/message.rb +482 -0
data/lib/schleuder/mail/parts_list.rb +9 -0
data/lib/schleuder/plugin_runners/base.rb +91 -0
data/lib/schleuder/plugin_runners/list_plugins_runner.rb +24 -0
data/lib/schleuder/plugin_runners/request_plugins_runner.rb +27 -0
data/lib/schleuder/plugins/attach_listkey.rb +17 -0
data/lib/schleuder/plugins/get_version.rb +7 -0
data/lib/schleuder/plugins/key_management.rb +113 -0
data/lib/schleuder/plugins/list_management.rb +15 -0
data/lib/schleuder/plugins/resend.rb +196 -0
data/lib/schleuder/plugins/sign_this.rb +46 -0
data/lib/schleuder/plugins/subscription_management.rb +140 -0
data/lib/schleuder/runner.rb +130 -0
data/lib/schleuder/subscription.rb +98 -0
data/lib/schleuder/validators/boolean_validator.rb +7 -0
data/lib/schleuder/validators/email_validator.rb +7 -0
data/lib/schleuder/validators/fingerprint_validator.rb +7 -0
data/lib/schleuder/validators/greater_than_zero_validator.rb +7 -0
data/lib/schleuder/validators/no_line_breaks_validator.rb +7 -0
data/lib/schleuder/version.rb +1 -1
data/locales/de.yml +179 -0
data/locales/en.yml +179 -0
metadata +305 -108
checksums.yaml.gz.sig +0 -3
data.tar.gz.sig +0 -2
data/LICENSE +0 -339
data/README +0 -32
data/bin/schleuder-fix-gem-dependencies +0 -37
data/bin/schleuder-init-setup +0 -37
data/bin/schleuder-migrate-v2.1-to-v2.2 +0 -225
data/bin/schleuder-newlist +0 -413
data/contrib/check-expired-keys.rb +0 -60
data/contrib/mutt-schleuder-colors.rc +0 -10
data/contrib/mutt-schleuder-resend.vim +0 -24
data/contrib/smtpserver.rb +0 -76
data/ext/default-list.conf +0 -149
data/ext/default-members.conf +0 -7
data/ext/list.conf.example +0 -14
data/ext/schleuder.conf +0 -64
data/lib/schleuder/archiver.rb +0 -46
data/lib/schleuder/crypt.rb +0 -210
data/lib/schleuder/errors.rb +0 -5
data/lib/schleuder/list_config.rb +0 -146
data/lib/schleuder/log/listlogger.rb +0 -57
data/lib/schleuder/log/outputter/emailoutputter.rb +0 -120
data/lib/schleuder/log/outputter/metaemailoutputter.rb +0 -50
data/lib/schleuder/log/schleuderlogger.rb +0 -34
data/lib/schleuder/mail.rb +0 -873
data/lib/schleuder/mailer.rb +0 -26
data/lib/schleuder/member.rb +0 -69
data/lib/schleuder/plugin.rb +0 -54
data/lib/schleuder/processor.rb +0 -363
data/lib/schleuder/schleuder_config.rb +0 -75
data/lib/schleuder/storage.rb +0 -84
data/lib/schleuder/utils.rb +0 -80
data/man/schleuder-newlist.8 +0 -174
data/man/schleuder.8 +0 -416
data/plugins/README +0 -20
data/plugins/manage_keys_plugin.rb +0 -113
data/plugins/manage_members_plugin.rb +0 -156
data/plugins/manage_self_plugin.rb +0 -26
data/plugins/resend_plugin.rb +0 -35
data/plugins/sign_this_plugin.rb +0 -14
data/plugins/version_plugin.rb +0 -12
metadata.gz.sig +0 -0

data/lib/schleuder/errors/loading_list_settings_failed.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class LoadingListSettingsFailed < Base
+      def initialize
+        @config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
+      end
+      def message
+        t('errors.loading_list_settings_failed', config_file: @config_file)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_empty.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class MessageEmpty < Base
+      def initialize(list)
+        set_default_locale
+        @request_address = list.request_address
+      end
+      def message
+        t('errors.message_empty', { request_address: @request_address })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_not_from_admin.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageNotFromAdmin < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_not_from_admin')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_sender_not_subscribed.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageSenderNotSubscribed < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_sender_not_subscribed')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_too_big.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class MessageTooBig < Base
+      def initialize(list)
+        set_default_locale
+        @allowed_size = list.max_message_size_kb
+      end
+      def message
+        t('errors.message_too_big', { allowed_size: @allowed_size })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unauthenticated.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnauthenticated < Base
+      def initialize
+        set_default_locale
+      end
+      def message
+        t('errors.message_unauthenticated')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unencrypted.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnencrypted < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_unencrypted')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unsigned.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnsigned < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_unsigned')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/standard_error.rb ADDED

@@ -0,0 +1,5 @@
+class StandardError
+  def message_with_backtrace
+    "#{message}\n#{self.backtrace.join("\n")}\n"
+  end
+end

data/lib/schleuder/errors/too_many_keys.rb ADDED

@@ -0,0 +1,17 @@
+module Schleuder
+  module Errors
+    class TooManyKeys < Base
+      def initialize(listdir, listname)
+        @listdir = listdir
+        @listname = listname
+      end
+      def message
+        t('errors.too_many_keys',
+          { listdir: @listdir,
+            listname: @listname })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/unknown_list_option.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class UnknownListOption < Base
+      def initialize(exception)
+        @option = exception.attribute
+        @config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
+      end
+      def message
+        t('errors.unknown_list_option', option: @option, config_file: @config_file)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/auth_filter.rb ADDED

@@ -0,0 +1,39 @@
+module Schleuder
+  module Filters
+    def self.receive_encrypted_only(list, mail)
+      if list.receive_encrypted_only? && ! mail.was_encrypted?
+        list.logger.info "Rejecting mail as unencrypted"
+        return Errors::MessageUnencrypted.new(list)
+      end
+    end
+    def self.receive_signed_only(list, mail)
+      if list.receive_signed_only? && ! mail.was_validly_signed?
+        list.logger.info "Rejecting mail as unsigned"
+        return Errors::MessageUnsigned.new(list)
+      end
+    end
+    def self.receive_authenticated_only(list, mail)
+      if list.receive_authenticated_only? && ( ! mail.was_encrypted? || ! mail.was_validly_signed? )
+        list.logger.info "Rejecting mail as unauthenticated"
+        return Errors::MessageUnauthenticated.new
+      end
+    end
+    def self.receive_from_subscribed_emailaddresses_only(list, mail)
+      if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
+        list.logger.info "Rejecting mail as not from subscribed address."
+        return Errors::MessageSenderNotSubscribed.new(list)
+      end
+    end
+    def self.receive_admin_only(list, mail)
+      if list.receive_admin_only? && ( ! mail.was_validly_signed? || ! mail.signer.admin? )
+        list.logger.info "Rejecting mail as not from admin."
+        return Errors::MessageNotFromAdmin.new(list)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/bounces_filter.rb ADDED

@@ -0,0 +1,12 @@
+module Schleuder
+  module Filters
+    def self.forward_bounce_to_admins(list, mail)
+      if mail.automated_message?
+        list.logger.info "Forwarding automated message to admins"
+        list.logger.notify_admin I18n.t(:forward_automated_message_to_admins), mail.original_message, I18n.t('automated_message_subject')
+        exit
+      end
+    end
+  end
+end

data/lib/schleuder/filters/forward_filter.rb ADDED

@@ -0,0 +1,17 @@
+module Schleuder
+  module Filters
+    def self.forward_to_owner(list, mail)
+      return if ! mail.to_owner?
+      list.logger.debug "Forwarding addressed to -owner"
+      mail.add_pseudoheader(:note, I18n.t(:owner_forward_prefix))
+      cleanmail = mail.clean_copy(true)
+      list.admins.each do |admin|
+        list.logger.debug "Forwarding message to #{admin}"
+        admin.send_mail(cleanmail)
+      end
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/forward_incoming.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Filters
+    def self.forward_all_incoming_to_admins(list, mail)
+      if list.forward_all_incoming_to_admins
+        list.logger.notify_admin I18n.t(:forward_all_incoming_to_admins), mail.original_message, I18n.t('incoming_message')
+      end
+    end
+  end
+end

data/lib/schleuder/filters/hotmail_message_filter.rb ADDED

@@ -0,0 +1,25 @@
+module Schleuder
+  module Filters
+    # Outlook / Hotmail seems to dismantle multipart/encrypted messages and
+    # put them again together as multipart/mixed, which is wrong and makes
+    # it problematic to correctly detect the message as a valid pgp/mime-mail.
+    # Here we fix the mail to be a proper pgp/mime aka. multipart/encrypted
+    # message, so further processing will detect it properly.
+    # See #211 and #246 for background
+    def self.fix_hotmail_messages!(list, mail)
+      if mail.header['X-OriginatorOrg'].to_s.match(/(hotmail|outlook).com/) &&
+          !mail[:content_type].blank? &&
+          mail[:content_type].content_type == 'multipart/mixed' && mail.parts.size > 2 &&
+          mail.parts[0][:content_type].content_type == 'text/plain' &&
+          mail.parts[0].body.to_s.blank? &&
+          mail.parts[1][:content_type].content_type == 'application/pgp-encrypted' &&
+          mail.parts[2][:content_type].content_type == 'application/octet-stream'
+        mail.parts.delete_at(0)
+        mail.content_type = [:multipart, :encrypted, {protocol: "application/pgp-encrypted", boundary: mail.boundary}]
+      end
+    end
+  end
+end

data/lib/schleuder/filters/max_message_size.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Filters
+    def self.max_message_size(list, mail)
+      if (mail.raw_source.size / 1024) > list.max_message_size_kb
+        list.logger.info "Rejecting mail as too big"
+        return Errors::MessageTooBig.new(list)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/request_filter.rb ADDED

@@ -0,0 +1,26 @@
+module Schleuder
+  module Filters
+    def self.request(list, mail)
+      return if ! mail.request?
+      list.logger.debug "Request-message"
+      if ! mail.was_encrypted? || ! mail.was_validly_signed?
+        list.logger.debug "Error: Message was not encrypted and validly signed"
+        return Errors::MessageUnauthenticated.new
+      end
+      if mail.keywords.empty?
+        output = I18n.t(:no_keywords_error)
+      else
+        output = PluginRunners::RequestPluginsRunner.run(list, mail)
+        output = output.flatten.map(&:presence).compact
+        if output.blank?
+          output = I18n.t(:no_output_result)
+        end
+      end
+      mail.reply_to_signer(output)
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/send_key_filter.rb ADDED

@@ -0,0 +1,20 @@
+module Schleuder
+  module Filters
+    def self.send_key(list, mail)
+      return if ! mail.sendkey_request?
+      list.logger.debug "Sending public key as reply."
+      out = mail.reply
+      out.from = list.email
+      # We're not sending to a subscribed address, so we need to specify a envelope-sender manually.
+      out.sender = list.bounce_address
+      out.body = I18n.t(:list_public_key_attached)
+      out.attach_list_key!(list)
+      # TODO: find out why the gpg-module puts all the headers into the first mime-part, too
+      out.gpg list.gpg_sign_options
+      out.deliver
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/strip_alternative_filter.rb ADDED

@@ -0,0 +1,21 @@
+module Schleuder
+  module Filters
+    def self.strip_html_from_alternative!(list, mail)
+      if mail[:content_type].blank? ||
+            mail[:content_type].content_type != 'multipart/alternative' ||
+            ! mail.to_s.include?('BEGIN PGP ')
+        return false
+      end
+      Schleuder.logger.debug "Stripping html-part from multipart/alternative-message"
+      mail.parts.delete_if do |part|
+        part[:content_type].content_type == 'text/html'
+      end
+      mail.content_type = 'multipart/mixed'
+      mail.add_pseudoheader(:note, I18n.t("pseudoheaders.stripped_html_from_multialt"))
+    end
+  end
+end

data/lib/schleuder/filters_runner.rb ADDED

@@ -0,0 +1,83 @@
+module Schleuder
+  module Filters
+    class Runner
+      # To define priority sort this.
+      # The method `setup` parses, decrypts etc.
+      # the mail sent to the list. So before
+      # calling setup we do all the things
+      # that won't require e.g. validation of
+      # the sender.
+      PRE_SETUP_FILTERS = %w[
+        forward_bounce_to_admins
+        forward_all_incoming_to_admins
+        send_key
+        fix_hotmail_messages!
+        strip_html_from_alternative!
+      ]
+      # message size must be checked after
+      # decryption as gpg heavily compresses
+      # messages.
+      POST_SETUP_FILTERS = %w[
+        request
+        max_message_size
+        forward_to_owner
+        receive_admin_only
+        receive_authenticated_only
+        receive_signed_only
+        receive_encrypted_only
+        receive_from_subscribed_emailaddresses_only
+      ]
+      attr_reader :list
+      def initialize(list)
+        @list = list
+      end
+      def run(mail, filters)
+        filters.map do |cmd|
+          list.logger.debug "Calling filter #{cmd}"
+          response = Filters.send(cmd, list, mail)
+          if stop?(response)
+            if bounce?(response, mail)
+              return response
+            else
+              return nil
+            end
+          end
+        end
+        nil
+      end
+      private
+      def stop?(response)
+        response.kind_of?(StandardError)
+      end
+      def bounce?(response, mail)
+        if list.bounces_drop_all
+          list.logger.debug "Dropping bounce as configurated"
+          notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
+          return false
+        end
+        list.bounces_drop_on_headers.each do |key, value|
+          if mail[key].to_s.match(/#{value}/i)
+            list.logger.debug "Incoming message header key '#{key}' matches value '#{value}': dropping the bounce."
+            notify_admins(I18n.t('.bounces_drop_on_headers', key: key, value: value), mail.original_message)
+            return false
+          end
+        end
+        list.logger.debug "Bouncing message"
+        true
+      end
+      def notify_admins(reason, original_message)
+        if list.bounces_notify_admins?
+          list.logger.notify_admin reason, original_message, I18n.t('notice')
+        end
+      end
+    end
+  end
+end