RubyGems - schleuder - Versions diffs - 2.2.4 → 3.2.2 - Mend

schleuder 2.2.4 → 3.2.2

Files changed (141) hide show

checksums.yaml +5 -5
data/README.md +138 -0
data/Rakefile +136 -0
data/bin/pinentry-clearpassphrase +72 -0
data/bin/schleuder +9 -89
data/bin/schleuder-api-daemon +4 -0
data/db/migrate/20140501103532_create_lists.rb +39 -0
data/db/migrate/20140501112859_create_subscriptions.rb +21 -0
data/db/migrate/201508092100_add_language_to_lists.rb +11 -0
data/db/migrate/20150812165700_change_keywords_admin_only_defaults.rb +8 -0
data/db/migrate/20150813235800_add_forward_all_incoming_to_admins.rb +11 -0
data/db/migrate/201508141727_change_send_encrypted_only_default.rb +8 -0
data/db/migrate/201508222143_add_logfiles_to_keep_to_lists.rb +11 -0
data/db/migrate/201508261723_rename_delivery_disabled_to_delivery_enabled_and_change_default.rb +14 -0
data/db/migrate/201508261815_strip_gpg_passphrase.rb +11 -0
data/db/migrate/201508261827_remove_default_mime.rb +9 -0
data/db/migrate/20160501172700_fix_headers_to_meta_defaults.rb +8 -0
data/db/migrate/20170713215059_add_internal_footer_to_list.rb +11 -0
data/db/schema.rb +62 -0
data/etc/init.d/schleuder-api-daemon +87 -0
data/etc/list-defaults.yml +123 -0
data/etc/postfix/schleuder_sqlite.cf +28 -0
data/etc/schleuder-api-daemon.service +10 -0
data/etc/schleuder.cron.weekly +6 -0
data/etc/schleuder.yml +61 -0
data/lib/schleuder-api-daemon.rb +420 -0
data/lib/schleuder.rb +81 -47
data/lib/schleuder/cli.rb +334 -0
data/lib/schleuder/cli/cert.rb +24 -0
data/lib/schleuder/cli/schleuder_cert_manager.rb +84 -0
data/lib/schleuder/cli/subcommand_fix.rb +11 -0
data/lib/schleuder/conf.rb +131 -0
data/lib/schleuder/errors/active_model_error.rb +15 -0
data/lib/schleuder/errors/base.rb +17 -0
data/lib/schleuder/errors/decryption_failed.rb +16 -0
data/lib/schleuder/errors/fatal_error.rb +13 -0
data/lib/schleuder/errors/file_not_found.rb +14 -0
data/lib/schleuder/errors/invalid_listname.rb +13 -0
data/lib/schleuder/errors/key_adduid_failed.rb +13 -0
data/lib/schleuder/errors/key_generation_failed.rb +16 -0
data/lib/schleuder/errors/keyword_admin_only.rb +13 -0
data/lib/schleuder/errors/list_exists.rb +13 -0
data/lib/schleuder/errors/list_not_found.rb +14 -0
data/lib/schleuder/errors/list_property_missing.rb +14 -0
data/lib/schleuder/errors/listdir_problem.rb +16 -0
data/lib/schleuder/errors/loading_list_settings_failed.rb +14 -0
data/lib/schleuder/errors/message_empty.rb +14 -0
data/lib/schleuder/errors/message_not_from_admin.rb +13 -0
data/lib/schleuder/errors/message_sender_not_subscribed.rb +13 -0
data/lib/schleuder/errors/message_too_big.rb +14 -0
data/lib/schleuder/errors/message_unauthenticated.rb +13 -0
data/lib/schleuder/errors/message_unencrypted.rb +13 -0
data/lib/schleuder/errors/message_unsigned.rb +13 -0
data/lib/schleuder/errors/standard_error.rb +5 -0
data/lib/schleuder/errors/too_many_keys.rb +17 -0
data/lib/schleuder/errors/unknown_list_option.rb +14 -0
data/lib/schleuder/filters/auth_filter.rb +39 -0
data/lib/schleuder/filters/bounces_filter.rb +12 -0
data/lib/schleuder/filters/forward_filter.rb +17 -0
data/lib/schleuder/filters/forward_incoming.rb +13 -0
data/lib/schleuder/filters/hotmail_message_filter.rb +25 -0
data/lib/schleuder/filters/max_message_size.rb +14 -0
data/lib/schleuder/filters/request_filter.rb +26 -0
data/lib/schleuder/filters/send_key_filter.rb +20 -0
data/lib/schleuder/filters/strip_alternative_filter.rb +21 -0
data/lib/schleuder/filters_runner.rb +83 -0
data/lib/schleuder/gpgme/ctx.rb +274 -0
data/lib/schleuder/gpgme/import_status.rb +27 -0
data/lib/schleuder/gpgme/key.rb +212 -0
data/lib/schleuder/gpgme/sub_key.rb +13 -0
data/lib/schleuder/gpgme/user_id.rb +22 -0
data/lib/schleuder/list.rb +318 -127
data/lib/schleuder/list_builder.rb +139 -0
data/lib/schleuder/listlogger.rb +31 -0
data/lib/schleuder/logger.rb +23 -0
data/lib/schleuder/logger_notifications.rb +69 -0
data/lib/schleuder/mail/message.rb +482 -0
data/lib/schleuder/mail/parts_list.rb +9 -0
data/lib/schleuder/plugin_runners/base.rb +91 -0
data/lib/schleuder/plugin_runners/list_plugins_runner.rb +24 -0
data/lib/schleuder/plugin_runners/request_plugins_runner.rb +27 -0
data/lib/schleuder/plugins/attach_listkey.rb +17 -0
data/lib/schleuder/plugins/get_version.rb +7 -0
data/lib/schleuder/plugins/key_management.rb +113 -0
data/lib/schleuder/plugins/list_management.rb +15 -0
data/lib/schleuder/plugins/resend.rb +196 -0
data/lib/schleuder/plugins/sign_this.rb +46 -0
data/lib/schleuder/plugins/subscription_management.rb +140 -0
data/lib/schleuder/runner.rb +130 -0
data/lib/schleuder/subscription.rb +98 -0
data/lib/schleuder/validators/boolean_validator.rb +7 -0
data/lib/schleuder/validators/email_validator.rb +7 -0
data/lib/schleuder/validators/fingerprint_validator.rb +7 -0
data/lib/schleuder/validators/greater_than_zero_validator.rb +7 -0
data/lib/schleuder/validators/no_line_breaks_validator.rb +7 -0
data/lib/schleuder/version.rb +1 -1
data/locales/de.yml +179 -0
data/locales/en.yml +179 -0
metadata +305 -108
checksums.yaml.gz.sig +0 -3
data.tar.gz.sig +0 -2
data/LICENSE +0 -339
data/README +0 -32
data/bin/schleuder-fix-gem-dependencies +0 -37
data/bin/schleuder-init-setup +0 -37
data/bin/schleuder-migrate-v2.1-to-v2.2 +0 -225
data/bin/schleuder-newlist +0 -413
data/contrib/check-expired-keys.rb +0 -60
data/contrib/mutt-schleuder-colors.rc +0 -10
data/contrib/mutt-schleuder-resend.vim +0 -24
data/contrib/smtpserver.rb +0 -76
data/ext/default-list.conf +0 -149
data/ext/default-members.conf +0 -7
data/ext/list.conf.example +0 -14
data/ext/schleuder.conf +0 -64
data/lib/schleuder/archiver.rb +0 -46
data/lib/schleuder/crypt.rb +0 -210
data/lib/schleuder/errors.rb +0 -5
data/lib/schleuder/list_config.rb +0 -146
data/lib/schleuder/log/listlogger.rb +0 -57
data/lib/schleuder/log/outputter/emailoutputter.rb +0 -120
data/lib/schleuder/log/outputter/metaemailoutputter.rb +0 -50
data/lib/schleuder/log/schleuderlogger.rb +0 -34
data/lib/schleuder/mail.rb +0 -873
data/lib/schleuder/mailer.rb +0 -26
data/lib/schleuder/member.rb +0 -69
data/lib/schleuder/plugin.rb +0 -54
data/lib/schleuder/processor.rb +0 -363
data/lib/schleuder/schleuder_config.rb +0 -75
data/lib/schleuder/storage.rb +0 -84
data/lib/schleuder/utils.rb +0 -80
data/man/schleuder-newlist.8 +0 -174
data/man/schleuder.8 +0 -416
data/plugins/README +0 -20
data/plugins/manage_keys_plugin.rb +0 -113
data/plugins/manage_members_plugin.rb +0 -156
data/plugins/manage_self_plugin.rb +0 -26
data/plugins/resend_plugin.rb +0 -35
data/plugins/sign_this_plugin.rb +0 -14
data/plugins/version_plugin.rb +0 -12
metadata.gz.sig +0 -0

data/lib/schleuder/errors/loading_list_settings_failed.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class LoadingListSettingsFailed < Base
+      def initialize
+        @config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
+      end
+      def message
+        t('errors.loading_list_settings_failed', config_file: @config_file)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_empty.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class MessageEmpty < Base
+      def initialize(list)
+        set_default_locale
+        @request_address = list.request_address
+      end
+      def message
+        t('errors.message_empty', { request_address: @request_address })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_not_from_admin.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageNotFromAdmin < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_not_from_admin')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_sender_not_subscribed.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageSenderNotSubscribed < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_sender_not_subscribed')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_too_big.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class MessageTooBig < Base
+      def initialize(list)
+        set_default_locale
+        @allowed_size = list.max_message_size_kb
+      end
+      def message
+        t('errors.message_too_big', { allowed_size: @allowed_size })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unauthenticated.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnauthenticated < Base
+      def initialize
+        set_default_locale
+      end
+      def message
+        t('errors.message_unauthenticated')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unencrypted.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnencrypted < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_unencrypted')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/message_unsigned.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class MessageUnsigned < Base
+      def initialize(list)
+        set_default_locale
+      end
+      def message
+        t('errors.message_unsigned')
+      end
+    end
+  end
+end

data/lib/schleuder/errors/standard_error.rb ADDED

@@ -0,0 +1,5 @@
+class StandardError
+  def message_with_backtrace
+    "#{message}\n#{self.backtrace.join("\n")}\n"
+  end
+end

data/lib/schleuder/errors/too_many_keys.rb ADDED

@@ -0,0 +1,17 @@
+module Schleuder
+  module Errors
+    class TooManyKeys < Base
+      def initialize(listdir, listname)
+        @listdir = listdir
+        @listname = listname
+      end
+      def message
+        t('errors.too_many_keys',
+          { listdir: @listdir,
+            listname: @listname })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/unknown_list_option.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class UnknownListOption < Base
+      def initialize(exception)
+        @option = exception.attribute
+        @config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
+      end
+      def message
+        t('errors.unknown_list_option', option: @option, config_file: @config_file)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/auth_filter.rb ADDED

@@ -0,0 +1,39 @@
+module Schleuder
+  module Filters
+    def self.receive_encrypted_only(list, mail)
+      if list.receive_encrypted_only? && ! mail.was_encrypted?
+        list.logger.info "Rejecting mail as unencrypted"
+        return Errors::MessageUnencrypted.new(list)
+      end
+    end
+    def self.receive_signed_only(list, mail)
+      if list.receive_signed_only? && ! mail.was_validly_signed?
+        list.logger.info "Rejecting mail as unsigned"
+        return Errors::MessageUnsigned.new(list)
+      end
+    end
+    def self.receive_authenticated_only(list, mail)
+      if list.receive_authenticated_only? && ( ! mail.was_encrypted? || ! mail.was_validly_signed? )
+        list.logger.info "Rejecting mail as unauthenticated"
+        return Errors::MessageUnauthenticated.new
+      end
+    end
+    def self.receive_from_subscribed_emailaddresses_only(list, mail)
+      if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
+        list.logger.info "Rejecting mail as not from subscribed address."
+        return Errors::MessageSenderNotSubscribed.new(list)
+      end
+    end
+    def self.receive_admin_only(list, mail)
+      if list.receive_admin_only? && ( ! mail.was_validly_signed? || ! mail.signer.admin? )
+        list.logger.info "Rejecting mail as not from admin."
+        return Errors::MessageNotFromAdmin.new(list)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/bounces_filter.rb ADDED

@@ -0,0 +1,12 @@
+module Schleuder
+  module Filters
+    def self.forward_bounce_to_admins(list, mail)
+      if mail.automated_message?
+        list.logger.info "Forwarding automated message to admins"
+        list.logger.notify_admin I18n.t(:forward_automated_message_to_admins), mail.original_message, I18n.t('automated_message_subject')
+        exit
+      end
+    end
+  end
+end

data/lib/schleuder/filters/forward_filter.rb ADDED

@@ -0,0 +1,17 @@
+module Schleuder
+  module Filters
+    def self.forward_to_owner(list, mail)
+      return if ! mail.to_owner?
+      list.logger.debug "Forwarding addressed to -owner"
+      mail.add_pseudoheader(:note, I18n.t(:owner_forward_prefix))
+      cleanmail = mail.clean_copy(true)
+      list.admins.each do |admin|
+        list.logger.debug "Forwarding message to #{admin}"
+        admin.send_mail(cleanmail)
+      end
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/forward_incoming.rb ADDED

@@ -0,0 +1,13 @@
+module Schleuder
+  module Filters
+    def self.forward_all_incoming_to_admins(list, mail)
+      if list.forward_all_incoming_to_admins
+        list.logger.notify_admin I18n.t(:forward_all_incoming_to_admins), mail.original_message, I18n.t('incoming_message')
+      end
+    end
+  end
+end

data/lib/schleuder/filters/hotmail_message_filter.rb ADDED

@@ -0,0 +1,25 @@
+module Schleuder
+  module Filters
+    # Outlook / Hotmail seems to dismantle multipart/encrypted messages and
+    # put them again together as multipart/mixed, which is wrong and makes
+    # it problematic to correctly detect the message as a valid pgp/mime-mail.
+    # Here we fix the mail to be a proper pgp/mime aka. multipart/encrypted
+    # message, so further processing will detect it properly.
+    # See #211 and #246 for background
+    def self.fix_hotmail_messages!(list, mail)
+      if mail.header['X-OriginatorOrg'].to_s.match(/(hotmail|outlook).com/) &&
+          !mail[:content_type].blank? &&
+          mail[:content_type].content_type == 'multipart/mixed' && mail.parts.size > 2 &&
+          mail.parts[0][:content_type].content_type == 'text/plain' &&
+          mail.parts[0].body.to_s.blank? &&
+          mail.parts[1][:content_type].content_type == 'application/pgp-encrypted' &&
+          mail.parts[2][:content_type].content_type == 'application/octet-stream'
+        mail.parts.delete_at(0)
+        mail.content_type = [:multipart, :encrypted, {protocol: "application/pgp-encrypted", boundary: mail.boundary}]
+      end
+    end
+  end
+end

data/lib/schleuder/filters/max_message_size.rb ADDED

@@ -0,0 +1,14 @@
+module Schleuder
+  module Filters
+    def self.max_message_size(list, mail)
+      if (mail.raw_source.size / 1024) > list.max_message_size_kb
+        list.logger.info "Rejecting mail as too big"
+        return Errors::MessageTooBig.new(list)
+      end
+    end
+  end
+end

data/lib/schleuder/filters/request_filter.rb ADDED

@@ -0,0 +1,26 @@
+module Schleuder
+  module Filters
+    def self.request(list, mail)
+      return if ! mail.request?
+      list.logger.debug "Request-message"
+      if ! mail.was_encrypted? || ! mail.was_validly_signed?
+        list.logger.debug "Error: Message was not encrypted and validly signed"
+        return Errors::MessageUnauthenticated.new
+      end
+      if mail.keywords.empty?
+        output = I18n.t(:no_keywords_error)
+      else
+        output = PluginRunners::RequestPluginsRunner.run(list, mail)
+        output = output.flatten.map(&:presence).compact
+        if output.blank?
+          output = I18n.t(:no_output_result)
+        end
+      end
+      mail.reply_to_signer(output)
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/send_key_filter.rb ADDED

@@ -0,0 +1,20 @@
+module Schleuder
+  module Filters
+    def self.send_key(list, mail)
+      return if ! mail.sendkey_request?
+      list.logger.debug "Sending public key as reply."
+      out = mail.reply
+      out.from = list.email
+      # We're not sending to a subscribed address, so we need to specify a envelope-sender manually.
+      out.sender = list.bounce_address
+      out.body = I18n.t(:list_public_key_attached)
+      out.attach_list_key!(list)
+      # TODO: find out why the gpg-module puts all the headers into the first mime-part, too
+      out.gpg list.gpg_sign_options
+      out.deliver
+      exit
+    end
+  end
+end

data/lib/schleuder/filters/strip_alternative_filter.rb ADDED

@@ -0,0 +1,21 @@
+module Schleuder
+  module Filters
+    def self.strip_html_from_alternative!(list, mail)
+      if mail[:content_type].blank? ||
+            mail[:content_type].content_type != 'multipart/alternative' ||
+            ! mail.to_s.include?('BEGIN PGP ')
+        return false
+      end
+      Schleuder.logger.debug "Stripping html-part from multipart/alternative-message"
+      mail.parts.delete_if do |part|
+        part[:content_type].content_type == 'text/html'
+      end
+      mail.content_type = 'multipart/mixed'
+      mail.add_pseudoheader(:note, I18n.t("pseudoheaders.stripped_html_from_multialt"))
+    end
+  end
+end

data/lib/schleuder/filters_runner.rb ADDED

@@ -0,0 +1,83 @@
+module Schleuder
+  module Filters
+    class Runner
+      # To define priority sort this.
+      # The method `setup` parses, decrypts etc.
+      # the mail sent to the list. So before
+      # calling setup we do all the things
+      # that won't require e.g. validation of
+      # the sender.
+      PRE_SETUP_FILTERS = %w[
+        forward_bounce_to_admins
+        forward_all_incoming_to_admins
+        send_key
+        fix_hotmail_messages!
+        strip_html_from_alternative!
+      ]
+      # message size must be checked after
+      # decryption as gpg heavily compresses
+      # messages.
+      POST_SETUP_FILTERS = %w[
+        request
+        max_message_size
+        forward_to_owner
+        receive_admin_only
+        receive_authenticated_only
+        receive_signed_only
+        receive_encrypted_only
+        receive_from_subscribed_emailaddresses_only
+      ]
+      attr_reader :list
+      def initialize(list)
+        @list = list
+      end
+      def run(mail, filters)
+        filters.map do |cmd|
+          list.logger.debug "Calling filter #{cmd}"
+          response = Filters.send(cmd, list, mail)
+          if stop?(response)
+            if bounce?(response, mail)
+              return response
+            else
+              return nil
+            end
+          end
+        end
+        nil
+      end
+      private
+      def stop?(response)
+        response.kind_of?(StandardError)
+      end
+      def bounce?(response, mail)
+        if list.bounces_drop_all
+          list.logger.debug "Dropping bounce as configurated"
+          notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
+          return false
+        end
+        list.bounces_drop_on_headers.each do |key, value|
+          if mail[key].to_s.match(/#{value}/i)
+            list.logger.debug "Incoming message header key '#{key}' matches value '#{value}': dropping the bounce."
+            notify_admins(I18n.t('.bounces_drop_on_headers', key: key, value: value), mail.original_message)
+            return false
+          end
+        end
+        list.logger.debug "Bouncing message"
+        true
+      end
+      def notify_admins(reason, original_message)
+        if list.bounces_notify_admins?
+          list.logger.notify_admin reason, original_message, I18n.t('notice')
+        end
+      end
+    end
+  end
+end