schleuder 4.0.2 → 5.0.0

data/lib/schleuder/mail/gpg.rb

@@ -1,15 +1,244 @@
+require 'schleuder/mail/gpg/missing_keys_error'
+require 'schleuder/mail/gpg/version_part'
+require 'schleuder/mail/gpg/decrypted_part'
+require 'schleuder/mail/gpg/encrypted_part'
+require 'schleuder/mail/gpg/inline_decrypted_message'
+require 'schleuder/mail/gpg/gpgme_helper'
+require 'schleuder/mail/gpg/signed_part'
+require 'schleuder/mail/gpg/mime_signed_message'
+require 'schleuder/mail/gpg/inline_signed_message'
+
 module Mail
   module Gpg
-    class << self  
-      alias_method :encrypt_mailgpg, :encrypt
+    BEGIN_PGP_MESSAGE_MARKER = /^-----BEGIN PGP MESSAGE-----/
+    BEGIN_PGP_SIGNED_MESSAGE_MARKER = /^-----BEGIN PGP SIGNED MESSAGE-----/
+
+    # options are:
+    # :sign: sign message using the sender's private key
+    # :sign_as: sign using this key (give the corresponding email address or key fingerprint)
+    # :password: passphrase for the signing key
+    # :keys: A hash mapping recipient email addresses to public keys or public
+    # key ids. Imports any keys given here that are not already part of the
+    # local keychain before sending the mail.
+    # :always_trust: send encrypted mail to untrusted receivers, true by default
+    def self.encrypt(cleartext_mail, options = {})
+      construct_mail(cleartext_mail, options) do
+        receivers = []
+        receivers += cleartext_mail.to if cleartext_mail.to
+        receivers += cleartext_mail.cc if cleartext_mail.cc
+        receivers += cleartext_mail.bcc if cleartext_mail.bcc
+
+        if options[:sign_as]
+          options[:sign] = true
+          options[:signers] = options.delete(:sign_as)
+        elsif options[:sign]
+          options[:signers] = cleartext_mail.from
+        end
+
+        add_part VersionPart.new
+        add_part EncryptedPart.new(cleartext_mail,
+                                   options.merge({recipients: receivers}))
+        content_type "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=#{boundary}"
+        body.preamble = options[:preamble] || 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)'
 
-      def encrypt(cleartext_mail, options={})
-        encrypted_mail = encrypt_mailgpg(cleartext_mail, options)
         if cleartext_mail.protected_headers_subject
-          encrypted_mail.subject = cleartext_mail.protected_headers_subject
+          subject cleartext_mail.protected_headers_subject
+        end
+      end
+    end
+
+    def self.sign(cleartext_mail, options = {})
+      options[:sign_as] ||= cleartext_mail.from
+      construct_mail(cleartext_mail, options) do
+        to_be_signed = SignedPart.build(cleartext_mail)
+        add_part to_be_signed
+        add_part to_be_signed.sign(options)
+
+        content_type "multipart/signed; micalg=pgp-sha1; protocol=\"application/pgp-signature\"; boundary=#{boundary}"
+        body.preamble = options[:preamble] || 'This is an OpenPGP/MIME signed message (RFC 4880 and 3156)'
+      end
+    end
+
+    # options are:
+    # :verify: decrypt and verify
+    def self.decrypt(encrypted_mail, options = {})
+      if encrypted_mime?(encrypted_mail)
+        decrypt_pgp_mime(encrypted_mail, options)
+      elsif encrypted_inline?(encrypted_mail)
+        decrypt_pgp_inline(encrypted_mail, options)
+      else
+        raise EncodingError.new("Unsupported encryption format '#{encrypted_mail.content_type}'")
+      end
+    end
+
+    def self.signature_valid?(signed_mail, options = {})
+      if signed_mime?(signed_mail)
+        signature_valid_pgp_mime?(signed_mail, options)
+      elsif signed_inline?(signed_mail)
+        signature_valid_inline?(signed_mail, options)
+      else
+        raise EncodingError.new("Unsupported signature format '#{signed_mail.content_type}'")
+      end
+    end
+
+    # true if a mail is encrypted
+    def self.encrypted?(mail)
+      return true if encrypted_mime?(mail)
+      return true if encrypted_inline?(mail)
+      false
+    end
+
+    # true if a mail is signed.
+    #
+    # throws EncodingError if called on an encrypted mail (so only call this method if encrypted? is false)
+    def self.signed?(mail)
+      return true if signed_mime?(mail)
+      return true if signed_inline?(mail)
+      if encrypted?(mail)
+        raise EncodingError.new('Unable to determine signature on an encrypted mail, use :verify option on decrypt()')
+      end
+      false
+    end
+
+    def self.construct_mail(cleartext_mail, options, &block)
+      Mail.new do
+        self.perform_deliveries = cleartext_mail.perform_deliveries
+        Mail::Gpg.copy_headers cleartext_mail, self
+        # necessary?
+        if cleartext_mail.message_id
+          header['Message-ID'] = cleartext_mail['Message-ID'].value
+        end
+        instance_eval &block
+      end
+    end
+
+    # decrypts PGP/MIME (RFC 3156, section 4) encrypted mail
+    def self.decrypt_pgp_mime(encrypted_mail, options)
+      if encrypted_mail.parts.length < 2
+        raise EncodingError.new("RFC 3156 mandates exactly two body parts, found '#{encrypted_mail.parts.length}'")
+      end
+      if !VersionPart.is_version_part? encrypted_mail.parts[0]
+        raise EncodingError.new("RFC 3156 first part not a valid version part '#{encrypted_mail.parts[0]}'")
+      end
+      decrypted = DecryptedPart.new(encrypted_mail.parts[1], options)
+      Mail.new(decrypted.raw_source) do
+        # headers from the encrypted part (set by the initializer above) take
+        # precedence over those from the outer mail.
+        Mail::Gpg.copy_headers encrypted_mail, self, overwrite: false
+        verify_result decrypted.verify_result if options[:verify]
+      end
+    end
+
+    # decrypts inline PGP encrypted mail
+    def self.decrypt_pgp_inline(encrypted_mail, options)
+      InlineDecryptedMessage.setup(encrypted_mail, options)
+    end
+
+    def self.verify(signed_mail, options = {})
+      if signed_mime?(signed_mail)
+        Mail::Gpg::MimeSignedMessage.setup signed_mail, options
+      elsif signed_inline?(signed_mail)
+        Mail::Gpg::InlineSignedMessage.setup signed_mail, options
+      else
+        signed_mail
+      end
+    end
+
+    # check signature for PGP/MIME (RFC 3156, section 5) signed mail
+    def self.signature_valid_pgp_mime?(signed_mail, options)
+      # MUST contain exactly two body parts
+      if signed_mail.parts.length != 2
+        raise EncodingError.new("RFC 3156 mandates exactly two body parts, found '#{signed_mail.parts.length}'")
+      end
+      result, verify_result = SignPart.verify_signature(signed_mail.parts[0], signed_mail.parts[1], options)
+      signed_mail.verify_result = verify_result
+      return result
+    end
+
+    # check signature for inline signed mail
+    def self.signature_valid_inline?(signed_mail, options)
+      result = nil
+      if signed_mail.multipart?
+        signed_mail.parts.each do |part|
+          if signed_inline?(part)
+            if result.nil?
+              result = true
+              signed_mail.verify_result = []
+            end
+            result &= signature_valid_inline?(part, options)
+            signed_mail.verify_result << part.verify_result
+          end
+        end
+      else
+        result, verify_result = GpgmeHelper.inline_verify(signed_mail.body.to_s, options)
+        signed_mail.verify_result = verify_result
+      end
+      return result
+    end
+
+    # copies all header fields from mail in first argument to that given last
+    def self.copy_headers(from, to, overwrite: true)
+      from.header.fields.each do |field|
+        if overwrite || to.header[field.name].nil?
+          to.header[field.name] = field.value
+        end
+      end
+    end
+
+    # check if PGP/MIME encrypted (RFC 3156)
+    def self.encrypted_mime?(mail)
+      mail.has_content_type? &&
+        mail.mime_type == 'multipart/encrypted' &&
+        mail.content_type_parameters[:protocol] == 'application/pgp-encrypted'
+    end
+
+    # check if inline PGP (i.e. if any parts of the mail includes
+    # the PGP MESSAGE marker)
+    def self.encrypted_inline?(mail)
+      begin
+        return true if mail.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER
+      rescue
+      end
+      if mail.multipart?
+        mail.parts.each do |part|
+          begin
+            return true if part.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER
+          rescue
+          end
+          return true if part.has_content_type? &&
+            /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type &&
+            /.*\.(?:pgp|gpg|asc)$/ =~ part.content_type_parameters[:name] &&
+            part.content_type_parameters[:name] != 'signature.asc'
+          # that last condition above prevents false positives in case e.g.
+          # someone forwards a mime signed mail including signature.
+        end
+      end
+      false
+    end
+
+    # check if PGP/MIME signed (RFC 3156)
+    def self.signed_mime?(mail)
+      mail.has_content_type? &&
+        mail.mime_type == 'multipart/signed' &&
+        mail.content_type_parameters[:protocol] == 'application/pgp-signature'
+    end
+
+    # check if inline PGP (i.e. if any parts of the mail includes
+    # the PGP SIGNED marker)
+    def self.signed_inline?(mail)
+      begin
+        return true if mail.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER
+      rescue
+      end
+      if mail.multipart?
+        mail.parts.each do |part|
+          begin
+            return true if part.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER
+          rescue
+          end
         end
-        encrypted_mail
       end
-    end  
+      false
+    end
   end
 end

data/lib/schleuder/mail/message.rb

@@ -1,3 +1,6 @@
+require 'schleuder/mail/gpg/delivery_handler'
+require 'schleuder/mail/gpg/verify_result_attribute'
+
 module Mail
   # creates a Mail::Message likes schleuder
   def self.create_message_to_list(msg, recipient, list)
@@ -13,11 +16,14 @@ module Mail
 
   # TODO: Test if subclassing breaks integration of mail-gpg.
   class Message
+    include Mail::Gpg::VerifyResultAttribute #for Mail::Gpg
+
     attr_accessor :recipient
     attr_accessor :original_message
     attr_accessor :list
     attr_accessor :protected_headers_subject
     attr_writer :dynamic_pseudoheaders
+    attr_accessor :raise_encryption_errors # for Mail::Gpg
 
     # TODO: This should be in initialize(), but I couldn't understand the
     # strange errors about wrong number of arguments when overriding
@@ -154,7 +160,12 @@ module Mail
     def signer
       @signer ||= begin
         if signing_key.present?
-          list.subscriptions.where(fingerprint: signing_key.fingerprint).first
+          # Look for a subscription that matches the sending address, in case
+          # there're multiple subscriptions for the same key. As a fallback use
+          # the first subscription found.
+          sender_email = self.from.to_s.downcase
+          subscriptions = list.subscriptions.where(fingerprint: signing_key.fingerprint)
+          subscriptions.where(email: sender_email).first || subscriptions.first
         end
       end
     end
@@ -436,36 +447,109 @@ module Mail
       true
     end
 
+    # turn on gpg encryption / set gpg options.
+    #
+    # options are:
+    #
+    # encrypt: encrypt the message. defaults to true
+    # sign: also sign the message. false by default
+    # sign_as: UIDs to sign the message with
+    #
+    # See Mail::Gpg methods encrypt and sign for more
+    # possible options
+    #
+    # mail.gpg encrypt: true
+    # mail.gpg encrypt: true, sign: true
+    # mail.gpg encrypt: true, sign_as: "other_address@host.com"
+    #
+    # sign-only mode is also supported:
+    # mail.gpg sign: true
+    # mail.gpg sign_as: 'jane@doe.com'
+    #
+    # To turn off gpg encryption use:
+    # mail.gpg false
+    #
+    def gpg(options = nil)
+      case options
+      when nil
+        @gpg
+      when false
+        @gpg = nil
+        if Mail::Gpg::DeliveryHandler == delivery_handler
+          self.delivery_handler = nil
+        end
+        nil
+      else
+        self.raise_encryption_errors = true if raise_encryption_errors.nil?
+        @gpg = options
+        self.delivery_handler ||= Mail::Gpg::DeliveryHandler
+        nil
+      end
+    end
+
+    # true if this mail is encrypted
+    def encrypted?
+      Mail::Gpg.encrypted?(self)
+    end
+
+    # returns the decrypted mail object.
+    #
+    # pass verify: true to verify signatures as well. The gpgme verification
+    # result will be available via decrypted_mail.verify_result
+    def decrypt(options = {})
+      Mail::Gpg.decrypt(self, options)
+    end
+
+    # true if this mail is signed (but not encrypted)
+    def signed?
+      Mail::Gpg.signed?(self)
+    end
+
+    # verify signatures. returns a new mail object with signatures removed and
+    # populated verify_result.
+    #
+    # verified = signed_mail.verify()
+    # verified.signature_valid?
+    # signers = mail.signatures.map{|sig| sig.from}
+    #
+    # use import_missing_keys: true in order to try to fetch and import
+    # unknown keys for signature validation
+    def verify(options = {})
+      Mail::Gpg.verify(self, options)
+    end
+
+    def repeat_validation!
+      new = self.original_message.dup.setup
+      self.verify_result = new.verify_result
+      @signatures = new.signatures
+      dynamic_pseudoheaders << new.dynamic_pseudoheaders
+    end
+
     private
 
 
     def extract_keywords(content_lines)
       keywords = []
       in_keyword_block = false
-      found_blank_line = false
       content_lines.each_with_index do |line, i|
-        if match = line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
+        if line.blank?
+          # Swallow the line: before the actual content or keywords block begins we want to drop blank lines.
+          content_lines[i] = nil
+          # Stop interpreting the following line as argument to the previous keyword.
+          in_keyword_block = false
+        elsif match = line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
           keyword = match[1].strip.downcase
           arguments = match[2].to_s.strip.downcase.split(/[,; ]{1,}/)
           keywords << [keyword, arguments]
           in_keyword_block = true
-
           # Set this line to nil to have it stripped from the message.
           content_lines[i] = nil
-        elsif line.blank? && keywords.any?
-          # Look for blank lines after the first keyword had been found.
-          # These might mark the end of the keywords-block — unless more keywords follow.
-          found_blank_line = true
-          # Swallow the line: before the actual content begins we want to drop blank lines.
-          content_lines[i] = nil
-          # Stop interpreting the following line as argument to the previous keyword.
-          in_keyword_block = false
         elsif in_keyword_block == true
           # Interpret line as arguments to the previous keyword.
           keywords[-1][-1] += line.downcase.strip.split(/[,; ]{1,}/)
           content_lines[i] = nil
-        elsif found_blank_line
-          # Any line that isn't blank and does not start with "x-" stops the keyword parsing.
+        else
+          # Any other line stops the keyword parsing.
           break
         end
       end

data/lib/schleuder/runner.rb

@@ -31,7 +31,13 @@ module Schleuder
       end
 
       error = run_filters('pre')
-      return error if error
+      if error
+        if bounce?(error, @mail)
+          return error
+        else
+          return nil
+        end
+      end
 
       begin
         # This decrypts, verifies, etc.
@@ -48,7 +54,13 @@ module Schleuder
       end
 
       error = run_filters('post')
-      return error if error
+      if error
+        if bounce?(error, @mail)
+          return error
+        else
+          return nil
+        end
+      end
 
       if ! @mail.was_validly_signed?
         logger.debug 'Message was not validly signed, adding subject_prefix_in'
@@ -85,16 +97,34 @@ module Schleuder
       @list
     end
 
-    def run_filters(filter_type)
-      error = filters_runner(filter_type).run(@mail)
-      if error
-        if list.bounces_notify_admins?
-          text = "#{I18n.t('.bounces_notify_admins')}\n\n#{error}"
-          # TODO: raw_source is mostly blank?
-          logger.notify_admin text, @mail.original_message, I18n.t('notice')
+    def notify_admins(reason, original_message)
+      if list.bounces_notify_admins
+        list.logger.notify_admin reason, original_message, I18n.t('notice')
+      end
+    end
+
+    def bounce?(response, mail)
+      if list.bounces_drop_all
+        list.logger.debug 'Dropping bounce as configurated'
+        notify_admins(I18n.t('.bounces_drop_all'), mail.original_message)
+        return false
+      end
+
+      list.bounces_drop_on_headers.each do |key, value|
+        if mail[key].to_s.match(/#{value}/i)
+          list.logger.debug "Incoming message header key '#{key}' matches value '#{value}': dropping the bounce."
+          notify_admins(I18n.t('.bounces_drop_on_headers', key: key, value: value), mail.original_message)
+          return false
         end
-        return error
       end
+
+      list.logger.debug 'Bouncing message'
+      notify_admins("#{I18n.t('.bounces_notify_admins')}\n\n#{response}", mail.original_message)
+      true
+    end
+
+    def run_filters(filter_type)
+      filters_runner(filter_type).run(@mail)
     end
 
     def filters_runner(filter_type)

data/lib/schleuder/sks_client.rb

@@ -0,0 +1,18 @@
+module Schleuder
+  class SksClient < Http
+    SKS_PATH = '/pks/lookup?&exact=on&op=get&options=mr&search=SEARCH_ARG'
+
+    class << self
+      def get(input)
+        super(url(input))
+      end
+
+      private
+
+      def url(input)
+        arg = CGI.escape(input.gsub(/\s/, ''))
+        Conf.sks_keyserver + SKS_PATH.gsub('SEARCH_ARG', arg)
+      end
+    end
+  end
+end

data/lib/schleuder/version.rb

@@ -1,3 +1,3 @@
 module Schleuder
-  VERSION = '4.0.2'
+  VERSION = '5.0.0'
 end

data/lib/schleuder/vks_client.rb

@@ -0,0 +1,24 @@
+module Schleuder
+  class VksClient < Http
+    VKS_PATH = '/vks/v1'
+
+    class << self
+      def get(type, input)
+        if type.to_s == 'fingerprint'
+          input = normalize_fingerprint(input)
+        end
+        super(url(type, input))
+      end
+
+      private
+
+      def normalize_fingerprint(input)
+        input.gsub(/^0x/, '').gsub(/\s/, '').upcase
+      end
+
+      def url(type, input)
+        "#{Conf.vks_keyserver}/#{VKS_PATH}/by-#{type}/#{CGI.escape(input)}"
+      end
+    end
+  end
+end

data/lib/schleuder-api-daemon/routes/key.rb

@@ -14,7 +14,28 @@ class SchleuderApiDaemon < Sinatra::Base
       if ! input.match('BEGIN PGP')
         input = Base64.decode64(input)
       end
-      json list(requested_list_id).import_key(input)
+      @list = list(requested_list_id)
+      import_result = @list.import_key(input)
+      keys = []
+      messages = []
+      import_result.imports.each do |import_status|
+        if import_status.action == 'error'
+          messages << "The key with the fingerprint #{import_status.fingerprint} could not be imported for unknown reasons"
+        else
+          key = @list.gpg.find_distinct_key(import_status.fingerprint)
+          if key
+            keys << key_to_hash(key).merge({import_action: import_status.action})
+          end
+        end
+      end
+      set_x_messages(messages)
+      # Use a Hash as single response object to stay more REST-like. (also,
+      # ActiveResource chokes if we return an array here).
+      # The 'type' attribute is only necessary to keep ActiveResource from
+      # complaining about "expected attributes to be able to convert to Hash",
+      # which for some reason is raised without it (or some other, similar
+      # attribute).
+      json({type: 'keys', keys: keys})
     end
 
     get '/check_keys.json' do

data/lib/schleuder.rb

@@ -15,15 +15,15 @@ require 'syslog/logger'
 require 'logger'
 require 'open3'
 require 'socket'
+require 'base64'
 
 # Require mandatory libs. The database-layer-lib is required below.
-require 'mail-gpg'
+require 'mail'
+require 'gpgme'
 require 'active_record'
 require 'active_support'
 require 'active_support/core_ext/string'
-
-# An extra from mail-gpg
-require 'hkp'
+require 'typhoeus'
 
 # Load schleuder
 libdir = Pathname.new(__FILE__).dirname.realpath
@@ -34,13 +34,12 @@ $:.unshift libdir
 require 'schleuder/mail/parts_list.rb'
 require 'schleuder/mail/message.rb'
 require 'schleuder/mail/gpg.rb'
-require 'schleuder/mail/gpg/encrypted_part.rb'
-require 'schleuder/mail/gpg/sign_part.rb'
 require 'schleuder/gpgme/import_status.rb'
 require 'schleuder/gpgme/key.rb'
 require 'schleuder/gpgme/sub_key.rb'
 require 'schleuder/gpgme/ctx.rb'
 require 'schleuder/gpgme/user_id.rb'
+require 'schleuder/gpgme/key_extractor'
 
 # The Code[tm]
 require 'schleuder/errors/base'
@@ -50,6 +49,10 @@ end
 # Load schleuder/conf before the other classes, it defines constants!
 require 'schleuder/conf'
 require 'schleuder/version'
+require 'schleuder/http'
+require 'schleuder/key_fetcher'
+require 'schleuder/vks_client'
+require 'schleuder/sks_client'
 require 'schleuder/logger_notifications'
 require 'schleuder/logger'
 require 'schleuder/listlogger'
@@ -66,6 +69,7 @@ require 'schleuder/runner'
 require 'schleuder/list'
 require 'schleuder/list_builder'
 require 'schleuder/subscription'
+require 'schleuder/email_key_importer'
 
 # Setup
 ENV['SCHLEUDER_CONFIG'] ||= '/etc/schleuder/schleuder.yml'
@@ -88,6 +92,6 @@ I18n.load_path += Dir["#{rootdir}/locales/*.yml"]
 I18n.enforce_available_locales = true
 I18n.default_locale = :en
 
-File.umask(0027)
+File.umask(Schleuder::Conf.umask)
 
 include Schleuder