schleuder 2.2.4 → 3.2.2

data/lib/schleuder/list_builder.rb

@@ -0,0 +1,139 @@
+module Schleuder
+  class ListBuilder
+    def initialize(list_attributes, adminemail=nil, adminfingerprint=nil, adminkey=nil)
+      @list_attributes = list_attributes.with_indifferent_access
+      @listname = list_attributes[:email]
+      @fingerprint = list_attributes[:fingerprint]
+      @adminemail = adminemail
+      @adminfingerprint = adminfingerprint
+      @adminkey = adminkey
+    end
+
+    def read_default_settings
+      hash = YAML.load_file(ENV['SCHLEUDER_LIST_DEFAULTS'])
+      if ! hash.kind_of?(Hash)
+        raise Errors::LoadingListSettingsFailed.new
+      end
+      hash
+    rescue Psych::SyntaxError
+      raise Errors::LoadingListSettingsFailed.new
+    end
+
+    def run
+      Schleuder.logger.info "Building new list"
+
+      if @listname.blank? || ! @listname.match(Conf::EMAIL_REGEXP)
+        return [nil, {'email' => ["'#{@listname}' is not a valid email address"]}]
+      end
+
+      settings = read_default_settings.merge(@list_attributes)
+      list = List.new(settings)
+
+      @list_dir = list.listdir
+      create_or_test_dir(@list_dir)
+      # In case listlogs_dir != lists_dir we have to create the basedir of the
+      # list's log-file.
+      create_or_test_dir(File.dirname(list.logfile))
+
+      if list.fingerprint.blank?
+        list_key = gpg.keys("<#{list.email}>").first
+        if list_key.nil?
+          list_key = create_key(list)
+        end
+        list.fingerprint = list_key.fingerprint
+      end
+
+      if ! list.valid?
+        return list
+      end
+
+      list.save!
+
+      if @adminemail.blank?
+        msg = nil
+      else
+        sub, msg = list.subscribe(@adminemail, @adminfingerprint, true, true, @adminkey)
+        if sub.errors.present?
+          raise Errors::ActiveModelError.new(sub.errors)
+        end
+      end
+
+      [list, msg]
+    end
+
+    def gpg
+      @gpg_ctx ||= begin
+        ENV["GNUPGHOME"] = @list_dir
+        GPGME::Ctx.new
+      end
+    end
+
+    def create_key(list)
+      Schleuder.logger.info "Generating key-pair, this could take a while..."
+      gpg.generate_key(key_params(list))
+
+      # Get key without knowing the fingerprint yet.
+      keys = list.keys(@listname)
+      if keys.empty?
+        raise Errors::KeyGenerationFailed.new(@list_dir, @listname)
+      elsif keys.size > 1
+        raise Errors::TooManyKeys.new(@list_dir, @listname)
+      else
+        adduids(list, keys.first)
+      end
+
+      keys.first
+    end
+
+    def adduids(list, key)
+      # Add UIDs for -owner and -request.
+      [list.request_address, list.owner_address].each do |address|
+        err = key.adduid(list.email, address)
+        if err.present?
+          raise err
+        end
+      end
+      # Go through list.key() to re-fetch the key from the keyring, otherwise
+      # we don't see the new UIDs.
+      errors = list.key.set_primary_uid(list.email)
+      if errors.present?
+        raise errors
+      end
+    rescue => exc
+      raise Errors::KeyAdduidFailed.new(exc.to_s)
+    end
+
+    def key_params(list)
+      "
+        <GnupgKeyParms format=\"internal\">
+        Key-Type: RSA
+        Key-Length: 4096
+        Key-Usage: sign
+        Subkey-Type: RSA
+        Subkey-Length: 4096
+        Subkey-Usage: encrypt
+        Name-Real: #{list.email}
+        Name-Email: #{list.email}
+        Expire-Date: 0
+        %no-protection
+        </GnupgKeyParms>
+
+      "
+    end
+
+    def create_or_test_dir(dir)
+      if File.exists?(dir)
+        if ! File.directory?(dir)
+          raise Errors::ListdirProblem.new(dir, :not_a_directory)
+        end
+
+        if ! File.writable?(dir)
+          raise Errors::ListdirProblem.new(dir, :not_writable)
+        end
+      else
+        FileUtils.mkdir_p(dir)
+      end
+    end
+
+  end
+end

data/lib/schleuder/listlogger.rb

@@ -0,0 +1,31 @@
+module Schleuder
+  class Listlogger < ::Logger
+    include LoggerNotifications
+    def initialize(list)
+      super(list.logfile, 'daily')
+      @from = list.email
+      @list = list
+      @adminaddresses = list.admins.map { |sub| [sub.email, sub.key] }
+      @level = ::Logger.const_get(list.log_level.upcase)
+      remove_old_logfiles(list)
+    end
+
+    # Logger rotates but doesn't delete older files, so we're helping
+    # ourselves.
+    def remove_old_logfiles(list)
+      logfiles_to_keep = list.logfiles_to_keep.to_i
+      if logfiles_to_keep < 1
+        logfiles_to_keep = list.class.column_defaults['logfiles_to_keep']
+      end
+      suffix_now = Time.now.strftime("%Y%m%d").to_i
+      del_older_than = suffix_now - logfiles_to_keep
+      Pathname.glob("#{list.logfile}.????????").each do |file|
+        if file.basename.to_s.match(/\.([0-9]{8})$/)
+          if del_older_than.to_i >= $1.to_i
+            file.unlink
+          end
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/logger.rb

@@ -0,0 +1,23 @@
+module Schleuder
+  def logger
+    @logger ||= Logger.new
+  end
+  module_function :logger
+
+  class Logger < Syslog::Logger
+    include LoggerNotifications
+    def initialize
+      if RUBY_VERSION.to_f < 2.1
+        super('Schleuder')
+      else
+        super('Schleuder', Syslog::LOG_MAIL)
+      end
+      # We need some sender-address different from the superadmin-address.
+      @from = "#{`whoami`.chomp}@#{`hostname`.chomp}"
+      @adminaddresses = Conf.superadmin
+      @level = ::Logger.const_get(Conf.log_level.upcase)
+    end
+  end
+
+end
+

data/lib/schleuder/logger_notifications.rb

@@ -0,0 +1,69 @@
+module Schleuder
+  module LoggerNotifications
+    def adminaddresses
+      @adminaddresses.presence || superadmin
+    end
+
+    def superadmin
+      Conf.superadmin.presence
+    end
+
+    def error(string)
+      super(string)
+      notify_admin(string)
+    end
+
+    def fatal(string, original_message=nil)
+      super(string.to_s + append_original_message(original_message))
+      notify_admin(string, original_message)
+    end
+
+    def notify_admin(thing, original_message=nil, subject='Error')
+      # Minimize using other classes here, we don't know what caused the error.
+      msg_parts = convert_to_msg_parts(thing, original_message)
+      Array(adminaddresses).each do |address, key|
+        mail = Mail.new
+        mail.from = @from
+        mail.to = address
+        mail.subject = subject
+        mail[:Errors_To] = superadmin
+        mail.sender = superadmin
+        msg_parts.each do |msg_part|
+          mail.add_part(msg_part)
+        end
+        if @list.present?
+          gpg_opts = @list.gpg_sign_options
+          if key.present? && key.usable?
+            gpg_opts.merge!(encrypt: true, keys: { address => key.fingerprint })
+          end
+          mail.gpg gpg_opts
+        end
+        mail.deliver
+      end
+      true
+    end
+
+    private
+
+    def convert_to_msg_parts(thing, original_message)
+      msg_parts = Mail::Message.all_to_message_part(thing)
+      if original_message.present?
+        orig_part = Mail::Part.new
+        orig_part.content_type = 'message/rfc822'
+        orig_part.content_description = 'The originally incoming message'
+        orig_part.body = original_message.to_s
+        msg_parts << orig_part
+      end
+      msg_parts
+    end
+
+    def append_original_message(original_message)
+      if original_message
+        "\n\nOriginal message:\n\n#{original_message.to_s}"
+      else
+        ''
+      end
+    end
+  end
+end
+

data/lib/schleuder/mail/message.rb

@@ -0,0 +1,482 @@
+module Mail
+  # creates a Mail::Message likes schleuder
+  def self.create_message_to_list(msg, recipient, list)
+    mail = Mail.new(msg)
+    mail.list = list
+    mail.recipient = recipient
+    # don't freeze here, as the mail might not be fully
+    # parsed as body is lazy evaluated and might still
+    # be changed later.
+    mail.original_message = mail.dup #.freeze
+    mail
+  end
+
+  # TODO: Test if subclassing breaks integration of mail-gpg.
+  class Message
+    attr_accessor :recipient
+    attr_accessor :original_message
+    attr_accessor :list
+
+    # TODO: This should be in initialize(), but I couldn't understand the
+    # strange errors about wrong number of arguments when overriding
+    # Message#initialize.
+    def setup
+      if self.encrypted?
+        new = self.decrypt(verify: true)
+        ## Work around a bug in mail-gpg: when decrypting pgp/mime the
+        ## Date-header is not copied.
+        #new.date ||= self.date
+        # Test if there's a signed multipart inside the ciphertext
+        # ("encapsulated" format of pgp/mime).
+        if new.signed?
+          new = new.verify
+        end
+      elsif self.signed?
+        new = self.verify
+      else
+        new = self
+      end
+
+      new.list = self.list
+      new.recipient = self.recipient
+
+      new.gpg list.gpg_sign_options
+      new.original_message = self.dup.freeze
+      # Trigger method early to save the information. Later some information
+      # might be gone (e.g. request-keywords that delete subscriptions or
+      # keys).
+      new.signer
+      self.dynamic_pseudoheaders.each do |str|
+        new.add_pseudoheader(str)
+      end
+      new
+    end
+
+    def clean_copy(with_pseudoheaders=false)
+      clean = Mail.new
+      clean.list = self.list
+      clean.gpg self.list.gpg_sign_options
+      clean.from = list.email
+      clean.subject = self.subject
+
+      clean.add_msgids(list, self)
+      clean.add_list_headers(list)
+      clean.add_openpgp_headers(list)
+
+      if with_pseudoheaders
+        new_part = Mail::Part.new
+        new_part.body = self.pseudoheaders(list)
+        clean.add_part new_part
+      end
+
+      # Attach body or mime-parts in a new wrapper-part, to preserve the
+      # original mime-structure.
+      # We can't use self.to_s here — that includes all the headers we *don't*
+      # want to copy.
+      wrapper_part = Mail::Part.new
+      # Copy headers to are relevant for the mime-structure.
+      wrapper_part.content_type = self.content_type
+      wrapper_part.content_transfer_encoding = self.content_transfer_encoding if self.content_transfer_encoding
+      wrapper_part.content_disposition = self.content_disposition if self.content_disposition
+      wrapper_part.content_description = self.content_description if self.content_description
+      # Copy contents.
+      if self.multipart?
+        self.parts.each do |part|
+          wrapper_part.add_part(part)
+        end
+      else
+        # We copied the content-headers, so we need to copy the body encoded.
+        # Otherwise the content might become unlegible.
+        wrapper_part.body = self.body.encoded
+      end
+      clean.add_part(wrapper_part)
+
+      clean
+    end
+
+    def prepend_part(part)
+      self.add_part(part)
+      self.parts.unshift(parts.delete_at(parts.size-1))
+    end
+
+    def add_public_footer!
+      # Add public_footer unless it's empty?.
+      add_footer!(:public_footer)
+    end
+
+    def add_internal_footer!
+      add_footer!(:internal_footer)
+    end
+
+    def was_encrypted?
+      Mail::Gpg.encrypted?(original_message)
+    end
+
+    def signature
+      case signatures.size
+      when 0
+        if multipart?
+          signature_multipart_inline
+        else
+          nil
+        end
+      when 1
+        signatures.first
+      else
+        raise "Multiple signatures found! Cannot handle!"
+      end
+    end
+
+    def was_validly_signed?
+      signature.present? && signature.valid? && signer.present?
+    end
+
+    def signer
+      @signer ||= begin
+        if signing_key.present?
+          list.subscriptions.where(fingerprint: signing_key.fingerprint).first
+        end
+      end
+    end
+
+    # The fingerprint of the signature might be the one of a sub-key, but the
+    # subscription-assigned fingerprints are (should be) the ones of the
+    # primary keys, so we need to look up the key.
+    def signing_key
+      if signature.present?
+        @signing_key ||= list.keys(signature.fpr).first
+      end
+    end
+
+    def reply_to_signer(output)
+      reply = self.reply
+      self.class.all_to_message_part(output).each do |part|
+        reply.add_part(part)
+      end
+      self.signer.send_mail(reply)
+    end
+
+    def self.all_to_message_part(input)
+      Array(input).map do |thing|
+        case thing
+        when Mail::Part
+          thing
+        when String, StandardError
+          Mail::Part.new do
+            body thing.to_s
+          end
+        else
+          raise "Don't know how to handle input: #{thing.inspect}"
+        end
+      end
+    end
+
+    def sendkey_request?
+      @recipient.match(/-sendkey@/)
+    end
+
+    def to_owner?
+      @recipient.match(/-owner@/)
+    end
+
+    def request?
+      @recipient.match(/-request@/)
+    end
+
+    def automated_message?
+      @recipient.match(/-bounce@/).present? ||
+          # Empty Return-Path
+          self.return_path.to_s == '<>' ||
+          # Auto-Submitted exists and does not equal 'no' and no cron header
+          # present, as cron emails have the auto-submitted header.
+          ( self['Auto-Submitted'].present? && \
+            self['Auto-Submitted'].to_s.downcase != 'no' && \
+            !self['X-Cron-Env'].present?)
+    end
+
+    def keywords
+      return @keywords if @keywords
+
+      part = first_plaintext_part
+      if part.blank?
+        return []
+      end
+
+      @keywords = []
+      lines = part.decoded.lines.map do |line|
+        # TODO: Find multiline arguments (add-key). Currently add-key has to
+        # read the whole body and hope for the best.
+        if line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
+          command = $1.strip.downcase
+          arguments = $2.to_s.strip.downcase.split(/[,; ]{1,}/)
+          @keywords << [command, arguments]
+          nil
+        else
+          line
+        end
+      end
+
+      # Work around problems with re-encoding the body. If we delete the
+      # content-transfer-encoding prior to re-assigning the body, and let Mail
+      # decide itself how to encode, it works. If we don't, some
+      # character-sequences are not properly re-encoded.
+      part.content_transfer_encoding = nil
+      # Make the converted strings (now UTF-8) match what mime-part's headers say,
+      # fall back to US-ASCII if none is set.
+      # https://tools.ietf.org/html/rfc2046#section-4.1.2
+      # -> Default charset is US-ASCII
+      part.body = lines.compact.join.encode(part.charset||'US-ASCII')
+
+      @keywords
+    end
+
+    def add_subject_prefix!
+      _add_subject_prefix(nil)
+    end
+
+    def add_subject_prefix_in!
+      _add_subject_prefix(:in)
+    end
+
+    def add_subject_prefix_out!
+      _add_subject_prefix(:out)
+    end
+
+    def add_pseudoheader(string_or_key, value=nil)
+      @dynamic_pseudoheaders ||= []
+      if value.present?
+        @dynamic_pseudoheaders << make_pseudoheader(string_or_key, value)
+      else
+        @dynamic_pseudoheaders << string_or_key.to_s
+      end
+    end
+
+    def make_pseudoheader(key, value)
+      "#{key.to_s.camelize}: #{value.to_s}"
+    end
+
+    def dynamic_pseudoheaders
+      @dynamic_pseudoheaders || []
+    end
+
+    def standard_pseudoheaders(list)
+      if @standard_pseudoheaders.present?
+        return @standard_pseudoheaders
+      else
+        @standard_pseudoheaders = []
+      end
+
+      Array(list.headers_to_meta).each do |field|
+        @standard_pseudoheaders << make_pseudoheader(field.to_s, self.header[field.to_s])
+      end
+
+      # Careful to add information about the incoming signature. GPGME
+      # throws exceptions if it doesn't know the key.
+      if self.signature.present?
+        # Some versions of gpgme return nil if the key is unknown, so we check
+        # for that manually and provide our own fallback. (Calling
+        # `signature.key` results in an EOFError in that case.)
+        if signing_key.present?
+          msg = signature.to_s
+        else
+          # TODO: I18n
+          msg = "Unknown signature by unknown key 0x#{self.signature.fingerprint}"
+        end
+      else
+        # TODO: I18n
+        msg = "Unsigned"
+      end
+      @standard_pseudoheaders << make_pseudoheader(:sig, msg)
+
+      # TODO: I18n
+      @standard_pseudoheaders << make_pseudoheader(
+            :enc,
+            was_encrypted? ? 'Encrypted' : 'Unencrypted'
+        )
+
+      @standard_pseudoheaders
+    end
+
+    def pseudoheaders(list)
+      (standard_pseudoheaders(list) + dynamic_pseudoheaders).flatten.join("\n") + "\n"
+    end
+
+    def add_msgids(list, orig)
+      if list.keep_msgid
+        # Don't use `orig['in-reply-to']` here, because that sometimes fails to
+        # parse the original value and then returns it without the
+        # angle-brackets.
+        self.message_id = clutch_anglebrackets(orig.message_id)
+        self.in_reply_to = clutch_anglebrackets(orig.in_reply_to)
+        self.references = clutch_anglebrackets(orig.references)
+      end
+    end
+
+    def add_list_headers(list)
+      if list.include_list_headers
+        self['List-Id'] = "<#{list.email.gsub('@', '.')}>"
+        self['List-Owner'] = "<mailto:#{list.owner_address}> (Use list's public key)"
+        self['List-Help'] = '<https://schleuder.nadir.org/>'
+
+        postmsg = if list.receive_admin_only
+                    "NO (Admins only)"
+                  elsif list.receive_authenticated_only
+                    "<mailto:#{list.email}> (Subscribers only)"
+                  else
+                    "<mailto:#{list.email}>"
+                  end
+
+        self['List-Post'] = postmsg
+      end
+    end
+
+    def add_openpgp_headers(list)
+      if list.include_openpgp_header
+
+        if list.openpgp_header_preference == 'none'
+          pref = ''
+        else
+          pref = "preference=#{list.openpgp_header_preference}"
+
+          # TODO: simplify.
+          pref << ' ('
+          if list.receive_admin_only
+            pref << 'Only encrypted and signed emails by list-admins are accepted'
+          elsif ! list.receive_authenticated_only
+            if list.receive_encrypted_only && list.receive_signed_only
+              pref << 'Only encrypted and signed emails are accepted'
+            elsif list.receive_encrypted_only && ! list.receive_signed_only
+              pref << 'Only encrypted emails are accepted'
+            elsif ! list.receive_encrypted_only && list.receive_signed_only
+              pref << 'Only signed emails are accepted'
+            else
+              pref << 'All kind of emails are accepted'
+            end
+          elsif list.receive_authenticated_only
+            if list.receive_encrypted_only
+              pref << 'Only encrypted and signed emails by subscribers are accepted'
+            else
+              pref << 'Only signed emails by subscribers are accepted'
+            end
+          else
+            pref << 'All kind of emails are accepted'
+          end
+          pref << ')'
+        end
+
+        fingerprint = list.fingerprint
+        comment = "(Send an email to #{list.sendkey_address} to receive the public-key)"
+
+        self['OpenPGP'] = "id=0x#{fingerprint} #{comment}; #{pref}"
+      end
+    end
+
+    def empty?
+      if self.multipart?
+        if self.parts.empty?
+          return true
+        else
+          # Test parts recursively. E.g. Thunderbird with activated
+          # memoryhole-headers send nested parts that might still be empty.
+          return parts.inject(true) { |result, part| result && part.empty? }
+        end
+      else
+        return self.body.empty?
+      end
+    end
+
+    def first_plaintext_part(part=nil)
+      part ||= self
+      if part.multipart?
+        first_plaintext_part(part.parts.first)
+      elsif part.mime_type == 'text/plain'
+        part
+      else
+        nil
+      end
+    end
+
+
+    def attach_list_key!(list)
+      filename = "#{list.email}.asc"
+      self.add_file({
+        filename: filename,
+        content: list.export_key
+      })
+      self.attachments[filename].content_type = 'application/pgp-keys'
+      self.attachments[filename].content_description = 'OpenPGP public key'
+      true
+    end
+
+    private
+
+
+    def add_footer!(footer_attribute)
+      if self.list.blank? || self.list.send(footer_attribute).to_s.empty?
+        return
+      end
+      footer_part = Mail::Part.new
+      footer_part.body = self.list.send(footer_attribute).to_s
+      if wrapped_single_text_part?
+        self.parts.first.add_part footer_part
+      else
+        self.add_part footer_part
+      end
+    end
+
+    def wrapped_single_text_part?
+      parts.size == 1 && 
+        parts.first.mime_type == 'multipart/mixed' && 
+        parts.first.parts.size == 1 && 
+        parts.first.parts.first.mime_type == 'text/plain'
+    end
+
+    def _add_subject_prefix(suffix)
+      attrib = "subject_prefix"
+      if suffix
+        attrib << "_#{suffix}"
+      end
+      if ! self.list.respond_to?(attrib)
+        return false
+      end
+
+      string = self.list.send(attrib).to_s.strip
+      if ! string.empty?
+        prefix = "#{string} "
+        # Only insert prefix if it's not present already.
+        if self.subject.nil?
+          self.subject = string
+        elsif ! self.subject.include?(prefix)
+          self.subject = "#{prefix}#{self.subject}"
+        end
+      end
+    end
+
+    # Looking for signatures in each part. They are not aggregated into the main part.
+    # We only return the signature if all parts are validly signed by the same key.
+    def signature_multipart_inline
+      fingerprints = parts.map do |part|
+        if part.signature_valid?
+          part.signature.fpr
+        else
+          nil
+        end
+      end
+      if fingerprints.uniq.size == 1
+        parts.first.signature
+      else
+        nil
+      end
+    end
+
+    def clutch_anglebrackets(input)
+      Array(input).map do |string|
+        if string.first == '<'
+          string
+        else
+          "<#{string}>"
+        end
+      end.join(' ')
+    end
+  end
+end