schleuder 3.2.2 → 3.3.0

data/lib/schleuder/conf.rb

@@ -5,12 +5,14 @@ module Schleuder
     include Singleton
 
     EMAIL_REGEXP = /\A.+@[[:alnum:]_.-]+\z/i
-    FINGERPRINT_REGEXP = /\A(0x)?[a-f0-9]{32,}\z/i
+    # TODO: drop v3 keys and only accept length of 40
+    FINGERPRINT_REGEXP = /\A(0x)?[a-f0-9]{32}([a-f0-9]{8})?\z/i
 
     DEFAULTS = {
       'lists_dir' => '/var/lib/schleuder/lists',
       'listlogs_dir' => '/var/lib/schleuder/lists',
       'plugins_dir' => '/etc/schleuder/plugins',
+      'filters_dir' => '/usr/local/lib/schleuder/filters',
       'log_level' => 'warn',
       'superadmin' => 'root@localhost',
       'keyserver' => 'hkp://pool.sks-keyservers.net',
@@ -58,6 +60,10 @@ module Schleuder
       instance.config['plugins_dir']
     end
 
+    def self.filters_dir
+      instance.config['filters_dir']
+    end
+
     def self.database
       instance.config['database'][ENV['SCHLEUDER_ENV']]
     end

data/lib/schleuder/errors/active_model_error.rb

@@ -2,13 +2,10 @@ module Schleuder
   module Errors
     class ActiveModelError < Base
       def initialize(errors)
-        @errors = errors
-      end
-
-      def message
-        @errors.messages.map do |message|
+        messages = errors.messages.map do |message|
           message.join(' ')
         end.join("\n")
+        super messages
       end
     end
   end

data/lib/schleuder/errors/decryption_failed.rb

@@ -3,13 +3,8 @@ module Schleuder
     class DecryptionFailed < Base
       def initialize(list)
         set_default_locale
-        @list = list
-      end
-
-      def message
-        t('errors.decryption_failed',
-          { key: @list.key.to_s,
-            email: @list.sendkey_address })
+        super t('errors.decryption_failed',
+                    { key: list.key.to_s, email: list.sendkey_address })
       end
     end
   end

data/lib/schleuder/errors/key_adduid_failed.rb

@@ -2,11 +2,7 @@ module Schleuder
   module Errors
     class KeyAdduidFailed < Base
       def initialize(errmsg)
-        @errmsg = errmsg
-      end
-
-      def message
-        t('errors.key_adduid_failed', { errmsg: @errmsg })
+        super t('errors.key_adduid_failed', { errmsg: errmsg })
       end
     end
   end

data/lib/schleuder/errors/key_generation_failed.rb

@@ -2,14 +2,7 @@ module Schleuder
   module Errors
     class KeyGenerationFailed < Base
       def initialize(listdir, listname)
-        @listdir = listdir
-        @listname = listname
-      end
-
-      def message
-        t('errors.key_generation_failed',
-          { listdir: @listdir,
-            listname: @listname })
+        super t('errors.key_generation_failed', {listdir: listdir, listname: listname})
       end
     end
   end

data/lib/schleuder/errors/keyword_admin_only.rb

@@ -2,11 +2,7 @@ module Schleuder
   module Errors
     class KeywordAdminOnly < Base
       def initialize(keyword)
-        @keyword = keyword
-      end
-
-      def message
-        t('errors.keyword_admin_only', keyword: @keyword)
+        super t('errors.keyword_admin_only', keyword: keyword)
       end
     end
   end

data/lib/schleuder/errors/list_not_found.rb

@@ -2,11 +2,7 @@ module Schleuder
   module Errors
     class ListNotFound < Base
       def initialize(recipient)
-        @recipient = recipient
-      end
-
-      def message
-        t('errors.list_not_found', email: @recipient)
+        super t('errors.list_not_found', email: recipient)
       end
     end
   end

data/lib/schleuder/errors/listdir_problem.rb

@@ -2,13 +2,8 @@ module Schleuder
   module Errors
     class ListdirProblem < Base
       def initialize(dir, problem)
-        @dir = dir
-        @problem = problem
-      end
-
-      def message
-        problem = t("errors.listdir_problem.#{@problem}")
-        t('errors.listdir_problem.message', dir: @dir, problem: problem)
+        problem = t("errors.listdir_problem.#{problem}")
+        super t('errors.listdir_problem.message', dir: dir, problem: problem)
       end
     end
   end

data/lib/schleuder/errors/loading_list_settings_failed.rb

@@ -2,11 +2,8 @@ module Schleuder
   module Errors
     class LoadingListSettingsFailed < Base
       def initialize
-        @config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
-      end
-
-      def message
-        t('errors.loading_list_settings_failed', config_file: @config_file)
+        config_file = ENV['SCHLEUDER_LIST_DEFAULTS']
+        super t('errors.loading_list_settings_failed', config_file: config_file)
       end
     end
   end

data/lib/schleuder/errors/message_empty.rb

@@ -3,11 +3,7 @@ module Schleuder
     class MessageEmpty < Base
       def initialize(list)
         set_default_locale
-        @request_address = list.request_address
-      end
-
-      def message
-        t('errors.message_empty', { request_address: @request_address })
+        super t('errors.message_empty', { request_address: list.request_address })
       end
     end
   end

data/lib/schleuder/errors/message_not_from_admin.rb

@@ -1,12 +1,9 @@
 module Schleuder
   module Errors
     class MessageNotFromAdmin < Base
-      def initialize(list)
+      def initialize
         set_default_locale
-      end
-
-      def message
-        t('errors.message_not_from_admin')
+        super t('errors.message_not_from_admin')
       end
     end
   end

data/lib/schleuder/errors/message_sender_not_subscribed.rb

@@ -1,12 +1,9 @@
 module Schleuder
   module Errors
     class MessageSenderNotSubscribed < Base
-      def initialize(list)
+      def initialize
         set_default_locale
-      end
-
-      def message
-        t('errors.message_sender_not_subscribed')
+        super t('errors.message_sender_not_subscribed')
       end
     end
   end

data/lib/schleuder/errors/message_too_big.rb

@@ -3,11 +3,8 @@ module Schleuder
     class MessageTooBig < Base
       def initialize(list)
         set_default_locale
-        @allowed_size = list.max_message_size_kb
-      end
-
-      def message
-        t('errors.message_too_big', { allowed_size: @allowed_size })
+        allowed_size = list.max_message_size_kb
+        super t('errors.message_too_big', { allowed_size: allowed_size })
       end
     end
   end

data/lib/schleuder/errors/message_unauthenticated.rb

@@ -3,10 +3,7 @@ module Schleuder
     class MessageUnauthenticated < Base
       def initialize
         set_default_locale
-      end
-
-      def message
-        t('errors.message_unauthenticated')
+        super t('errors.message_unauthenticated')
       end
     end
   end

data/lib/schleuder/errors/message_unencrypted.rb

@@ -1,12 +1,9 @@
 module Schleuder
   module Errors
     class MessageUnencrypted < Base
-      def initialize(list)
+      def initialize
         set_default_locale
-      end
-
-      def message
-        t('errors.message_unencrypted')
+        super t('errors.message_unencrypted')
       end
     end
   end

data/lib/schleuder/errors/message_unsigned.rb

@@ -1,12 +1,9 @@
 module Schleuder
   module Errors
     class MessageUnsigned < Base
-      def initialize(list)
+      def initialize
         set_default_locale
-      end
-
-      def message
-        t('errors.message_unsigned')
+        super t('errors.message_unsigned')
       end
     end
   end

data/lib/schleuder/errors/too_many_keys.rb

@@ -2,14 +2,7 @@ module Schleuder
   module Errors
     class TooManyKeys < Base
       def initialize(listdir, listname)
-        @listdir = listdir
-        @listname = listname
-      end
-
-      def message
-        t('errors.too_many_keys',
-          { listdir: @listdir,
-            listname: @listname })
+        super t('errors.too_many_keys', {listdir: listdir, listname: listname})
       end
     end
   end

data/lib/schleuder/filters/post_decryption/40_receive_admin_only.rb

@@ -0,0 +1,10 @@
+module Schleuder
+  module Filters
+    def self.receive_admin_only(list, mail)
+      if list.receive_admin_only? && ( ! mail.was_validly_signed? || ! mail.signer.admin? )
+        list.logger.info "Rejecting mail as not from admin."
+        return Errors::MessageNotFromAdmin.new
+      end
+    end
+  end
+end

data/lib/schleuder/filters/post_decryption/50_receive_authenticated_only.rb

@@ -0,0 +1,10 @@
+module Schleuder
+  module Filters
+    def self.receive_authenticated_only(list, mail)
+      if list.receive_authenticated_only? && ( ! mail.was_encrypted? || ! mail.was_validly_signed? )
+        list.logger.info "Rejecting mail as unauthenticated"
+        return Errors::MessageUnauthenticated.new
+      end
+    end
+  end
+end

data/lib/schleuder/filters/post_decryption/60_receive_signed_only.rb

@@ -0,0 +1,10 @@
+module Schleuder
+  module Filters
+    def self.receive_signed_only(list, mail)
+      if list.receive_signed_only? && ! mail.was_validly_signed?
+        list.logger.info "Rejecting mail as unsigned"
+        return Errors::MessageUnsigned.new
+      end
+    end
+  end
+end

data/lib/schleuder/filters/post_decryption/70_receive_encrypted_only.rb

@@ -0,0 +1,10 @@
+module Schleuder
+  module Filters
+    def self.receive_encrypted_only(list, mail)
+      if list.receive_encrypted_only? && ! mail.was_encrypted?
+        list.logger.info "Rejecting mail as unencrypted"
+        return Errors::MessageUnencrypted.new
+      end
+    end
+  end
+end

data/lib/schleuder/filters/post_decryption/80_receive_from_subscribed_emailaddresses_only.rb

@@ -0,0 +1,10 @@
+module Schleuder
+  module Filters
+    def self.receive_from_subscribed_emailaddresses_only(list, mail)
+      if list.receive_from_subscribed_emailaddresses_only? && list.subscriptions.where(email: mail.from.first).blank?
+        list.logger.info "Rejecting mail as not from subscribed address."
+        return Errors::MessageSenderNotSubscribed.new
+      end
+    end
+  end
+end

data/lib/schleuder/filters/{hotmail_message_filter.rb → pre_decryption/40_fix_exchange_messages.rb}

@@ -6,9 +6,11 @@ module Schleuder
     # it problematic to correctly detect the message as a valid pgp/mime-mail.
     # Here we fix the mail to be a proper pgp/mime aka. multipart/encrypted
     # message, so further processing will detect it properly.
-    # See #211 and #246 for background
-    def self.fix_hotmail_messages!(list, mail)
-      if mail.header['X-OriginatorOrg'].to_s.match(/(hotmail|outlook).com/) &&
+    # This problem seems to be in fact related to the use of Microsoft
+    # Exchange. Accordingly, check if the headers contain 'X-MS-Exchange'.
+    # See #211, #246, #331 and #333 for background.
+    def self.fix_exchange_messages(list, mail)
+      if mail.header_fields.any?{|f| f.name =~ /^X-MS-Exchange-/i } &&
           !mail[:content_type].blank? &&
           mail[:content_type].content_type == 'multipart/mixed' && mail.parts.size > 2 &&
           mail.parts[0][:content_type].content_type == 'text/plain' &&

data/lib/schleuder/filters/{strip_alternative_filter.rb → pre_decryption/50_strip_html_from_alternative.rb}

@@ -1,7 +1,7 @@
 module Schleuder
   module Filters
 
-    def self.strip_html_from_alternative!(list, mail)
+    def self.strip_html_from_alternative(list, mail)
       if mail[:content_type].blank? ||
             mail[:content_type].content_type != 'multipart/alternative' ||
             ! mail.to_s.include?('BEGIN PGP ')

data/lib/schleuder/filters_runner.rb

@@ -1,40 +1,14 @@
 module Schleuder
   module Filters
     class Runner
-      # To define priority sort this.
-      # The method `setup` parses, decrypts etc.
-      # the mail sent to the list. So before
-      # calling setup we do all the things
-      # that won't require e.g. validation of
-      # the sender.
-      PRE_SETUP_FILTERS = %w[
-        forward_bounce_to_admins
-        forward_all_incoming_to_admins
-        send_key
-        fix_hotmail_messages!
-        strip_html_from_alternative!
-      ]
-      # message size must be checked after
-      # decryption as gpg heavily compresses
-      # messages.
-      POST_SETUP_FILTERS = %w[
-        request
-        max_message_size
-        forward_to_owner
-        receive_admin_only
-        receive_authenticated_only
-        receive_signed_only
-        receive_encrypted_only
-        receive_from_subscribed_emailaddresses_only
-      ]
+      attr_reader :list, :filter_type
 
-      attr_reader :list
-
-      def initialize(list)
+      def initialize(list, filter_type)
         @list = list
+        @filter_type = filter_type
       end
 
-      def run(mail, filters)
+      def run(mail)
         filters.map do |cmd|
           list.logger.debug "Calling filter #{cmd}"
           response = Filters.send(cmd, list, mail)
@@ -48,8 +22,12 @@ module Schleuder
         end
         nil
       end
-      private
 
+      def filters
+        @filters ||= load_filters
+      end
+
+      private
       def stop?(response)
         response.kind_of?(StandardError)
       end
@@ -78,6 +56,38 @@ module Schleuder
           list.logger.notify_admin reason, original_message, I18n.t('notice')
         end
       end
+
+      def load_filters
+        list.logger.debug "Loading #{filter_type}_decryption filters"
+        sorted_filters.map do |filter_name|
+          require all_filter_files[filter_name]
+          filter_name.split('_',2).last
+        end
+      end
+
+      def sorted_filters
+        @sorted_filters ||= all_filter_files.keys.sort do |a,b|
+          a.split('_',2).first.to_i <=> b.split('_',2).first.to_i
+        end
+      end
+
+      def all_filter_files
+        @all_filter_files ||= begin
+          files_in_filter_dirs = Dir[*filter_dirs]
+          files_in_filter_dirs.inject({}) do |res,file|
+            filter_name = File.basename(file,'.rb')
+            res[filter_name] = file
+            res
+          end
+        end
+      end
+
+      def filter_dirs
+        @filter_dirs ||= [File.join(File.dirname(__FILE__),"filters"),
+                          Schleuder::Conf.filters_dir].map do |d|
+                            File.join(d,"#{filter_type}_decryption/[0-9]*_*.rb")
+                          end
+      end
     end
   end
 end