schleuder 2.2.1 → 2.2.2

data/bin/schleuder-fix-gem-dependencies

@@ -8,7 +8,14 @@ require 'rubygems'
 require 'rubygems/dependency_installer.rb'
 
 inst = Gem::DependencyInstaller.new
-spec = Gem::Specification.find_by_name 'schleuder'
+
+if Gem::Specification.respond_to? :find_by_name
+  spec = Gem::Specification.find_by_name 'schleuder'
+  spec_file = spec.spec_file
+else
+  spec = Gem.source_index.find_name('schleuder').first
+  spec_file = spec.loaded_from
+end
 
 begin
   if RUBY_VERSION < "1.9"
@@ -21,7 +28,7 @@ begin
   inst.install name, ver
   spec.add_dependency name, ver
   # Write spec back to file, from rubygems/installer.rb
-  File.open(spec.spec_file.untaint, "w") do |f|
+  File.open(spec_file.untaint, "w") do |f|
     f << spec.to_ruby_for_cache
   end
 rescue Gem::FilePermissionError => e

data/bin/schleuder-newlist

@@ -1,5 +1,7 @@
 #!/usr/bin/env ruby
 
+trap ("INT") { exit 1 }
+
 $:.unshift File.dirname(__FILE__) + '/../lib'
 require 'schleuder'
 require 'etc'
@@ -90,7 +92,9 @@ class ListCreator
     listdir = File.join([Schleuder.config.lists_dir, listname.split('@').reverse].flatten)
     raise NewListError, "List or parts of a list named: #{listname} already exists!" if File.directory?(listdir)
     list_email = ListCreator::verify_emailvar(listname,interactive,"The lists's email address")
-    list_realname = ListCreator::verify_strvar(args[:list_realname],interactive,"'Realname' (for GPG-key and email-headers)")
+    list_realname = ListCreator::verify_strvar(args[:list_realname],interactive,"'Realname' (for GPG-key and email-headers)") do |var|
+      raise NewListError, "Realname must be at least 5 characters long (requirement of GnuPG)" if var.size < 5
+    end
     list_adminaddress = ListCreator::verify_emailvar(args[:list_adminaddress],interactive,"Admin email address")
 
     raise NewListError,"Lists' email address and the admin address can't be the same" if list_email == list_adminaddress
@@ -183,7 +187,7 @@ class ListCreator
     Schleuder.log.debug "Store list config..."
     list.config = list.config
     Schleuder.log.debug "Changing ownership..."
-    ListCreator::filepermissions(listdir,mailuser)
+    ListCreator::filepermissions(list, mailuser)
     Schleuder.log.debug "List successfully created..."
     ListCreator::print_list_infos(list) if interactive
   end
@@ -206,7 +210,7 @@ class ListCreator
     end
   end
 
-  def self.verify_strvar(var,interactive,question, echo=true)
+  def self.verify_strvar(var,interactive,question, echo=true, &block)
     if (var.nil? or var.empty?) and interactive then
       str = question+": "
       if echo
@@ -215,6 +219,7 @@ class ListCreator
         var = ask(str) { |question| question.echo = '*' }
       end
     end
+    yield(var) if block_given?
     raise NewListError,"Missing mandatory variable: "+question if (var.nil? or var.empty?)
     var
   end
@@ -290,9 +295,9 @@ class ListCreator
         else
           reply = nil
         end
-        #$stderr.puts line
+        $stderr.puts line if $DEBUG
         if reply
-          #$stderr.puts reply
+          $stderr.puts reply if $DEBUG
           stdin.puts reply
         end
       end
@@ -332,7 +337,7 @@ class ListCreator
   end
 
   def self.import_keypair(list,list_privatekeyfile,list_publickeyfile)
-    crypt = Schleuder::Crypt.new(list.config.gpg_password)
+    crypt = Schleuder::Crypt.new(list.config.gpg_password, :new_keyring => true)
     Schleuder.log.debug "Importing private key from #{list_privatekeyfile}"
     crypt.add_key_from_file(list_privatekeyfile)
     Schleuder.log.debug "Importing public key from #{list_publickeyfile}"
@@ -353,15 +358,23 @@ Passphrase: #{pass}
 </GnupgKeyParms>"
   end
 
-  def self.filepermissions(listdir, mailuser)
-    File.chown(mailuser,nil,listdir)
-    File.chmod(0700,listdir)
+  def self.filepermissions(list, mailuser)
+    listdir = list.listdir
+    dirs = [File.dirname(listdir), listdir]
+    FileUtils.chown mailuser, nil, dirs
+    FileUtils.chmod 0700, dirs
     Dir.new(listdir).each{ |f|
       unless f =~ /^\./
         File.chown(mailuser,nil,listdir+"/"+f)
-        File.chmod(0600)
+        File.chmod(0600,listdir+"/"+f)
       end
     }
+    if list.config.log_file
+      log_file = list.config.log_file
+      log_file = File.join(listdir, log_file) unless log_file.start_with?('/')
+      FileUtils.chown mailuser, nil, log_file
+      FileUtils.chmod 0600, log_file
+    end
   end
 
   def self.print_list_infos(list)

data/contrib/check-expired-keys.rb

@@ -8,6 +8,7 @@
 
 $VERBOSE = nil
 
+$:.unshift File.dirname(__FILE__) + '/../lib'
 require 'schleuder'
 include Schleuder
 

data/ext/schleuder.conf

@@ -26,10 +26,6 @@
 # Name of the per list config file.
 #lists_configfile: list.conf
 #
-# Per list logfile name. Will be written into the directory
-# of the list.
-#lists_logfile: list.log
-#
 # Name of the per list file containing all members and their
 # options.
 #lists_memberfile: members.conf

data/lib/schleuder/crypt.rb

@@ -3,15 +3,17 @@ module Schleuder
     # change but aliases will be set up then.
     class Crypt
       # Instantiates and stores password
-      def initialize(password)
-        # Check file permissions. ruby-gpgme unfortunately returns unspecific
-        # errors if it can't read files.
-        %w(pubring.gpg secring.gpg trustdb.gpg).each do |fn|
-          f = File.join(ENV['GNUPGHOME'], fn)
-          if ! File.readable?(f)
-            raise Errno::EACCES.new('%s is not readable' % f)
-          elsif ! File.writable?(f)
-            raise Errno::EACCES.new('%s is not writable' % f)
+      def initialize(password, options={})
+        unless options[:new_keyring]
+          # Check file permissions. ruby-gpgme unfortunately returns unspecific
+          # errors if it can't read files.
+          %w(pubring.gpg secring.gpg trustdb.gpg).each do |fn|
+            f = File.join(ENV['GNUPGHOME'], fn)
+            if ! File.readable?(f)
+              raise Errno::EACCES.new('%s is not readable' % f)
+            elsif ! File.writable?(f)
+              raise Errno::EACCES.new('%s is not writable' % f)
+            end
           end
         end
 
@@ -21,7 +23,7 @@ module Schleuder
         end
         @ctx = GPGME::Ctx.new
         # feed the passphrase into the Context
-        @ctx.set_passphrase_cb(method(:passfunc))		
+        @ctx.set_passphrase_cb(method(:passfunc))
       end
 
       # Verify a gpg-signature. Use +signed_string+ if the signature is
@@ -56,35 +58,41 @@ module Schleuder
         in_encrypted = nil
         in_signed = nil
         
-        # TODO: return ciphertext if missing key. Sensible e.g. if it is part
-        # of a nested MIME-message and encrypted to someone else on purpose.
-        # Breaking if even the whole message is not decryptable is a job for
-        # the processor.
+        # TODO: return ciphertext if missing key when decrypting inline
+        # attachments or recursing into mime-messages.  Breaking if even the
+        # whole message is not decryptable is a job for the processor.
         
-        # return input instead of empty String if not encrypted.
-        # String#content_type is provided by filemagic/ext.
-        unless str =~ /^-----BEGIN PGP MESSAGE-----/ || str.content_type.split('/').last.eql?('pgp')
-            output, in_signed = verify(str)
-          # match pgp-mime- and inline-pgp-signatures
-          if str =~ /^-----BEGIN PGP SIG/
-            Schleuder.log.debug 'found signed, not encrypted message, verifying'
-            output, in_signed = verify(str)
-          else
-            Schleuder.log.debug 'found not signed, not encrypted message, returning input'
-            output = str
-          end
+        # match pgp-mime- and inline-pgp-signatures
+        if str =~ /^-----BEGIN PGP SIG/
+          Schleuder.log.debug 'found ascii-armored, signed, not encrypted message, verifying'
+          output, in_signed = verify(str)
         else
-          Schleuder.log.debug 'found pgp content, decrypting and verifying with gpgme'
-          in_encrypted = true
-          output = GPGME.decrypt(str, :passphrase_callback => method(:passfunc)) do |sig|
-            in_signed = sig
-          end
-          if output.empty?
-            Exception.new("Output from GPGME.decrypt was empty!")
+          begin
+            Schleuder.log.debug 'Trying to decrypt'
+            output = GPGME.decrypt(str, :passphrase_callback => method(:passfunc)) do |sig|
+              in_signed = sig
+            end
+            in_encrypted = true
+          rescue GPGME::Error::NoData => exc
+            Schleuder.log.debug "Caught NoData-exception from gpgme. This probably means we're dealing with a binary signature, trying to verify."
+            output, in_signed = verify(str)
+            if output.empty?
+              Schleuder.log.debug "Empty output from verification. No more options, returning."
+            end
           end
-          # TODO: return mailadresses or keys instead of signature-objects?
         end
+        Schleuder.log.debug "mime_type of decrypted content: #{output.mime.inspect}"
+        Schleuder.log.debug "in_signed: #{in_signed.inspect}"
+        Schleuder.log.debug "in_encrypted: #{in_encrypted.inspect}"
+	if output.empty?
+          Schleuder.log.debug "Empty output, returning input"
+          output = str
+	end
+        # TODO: return mailadresses or keys instead of signature-objects?
         [output, in_encrypted, in_signed]
+      rescue GPGME::Error::General => exc
+        Schleuder.log.warn = "gpgme returned a general error. Most likely this is due to unexpected input, but as you never know here's the input and the exception:\ninput:\n#{str.inspect}\n#{exc.to_s}\n#{exc.backtrace[0..9].join("\n")}"
+        [str, nil, nil]
       end
       
       # Encrypt a string to a single receiver and sign it. +receiver+ must be a
@@ -114,7 +122,7 @@ module Schleuder
         pattern = "<#{pattern}>" if pattern =~ /.*@.*/ && !(pattern =~ /^<.*>$/)
         keys = list_keys(pattern)
 
-        keys.reject! { |key| [:revoked,:expired].include?(key.trust) } if only_valid_keys
+        keys.reject! { |key| unusable_key?(key) } if only_valid_keys
 
         if keys.empty?
           [false, "no key found for #{pattern}."]
@@ -175,7 +183,21 @@ module Schleuder
       private
 
       def key_infos(keys, only_valid_keys=false)
-        keys.collect { |key| key_descr(key) + (!only_valid_keys && [:revoked, :expired].include?(key.trust)) ? " *#{key.trust}*" : '' }
+        keys.collect do |key|
+          info = key_descr(key)
+          unless only_valid_keys
+            info << trust_info(key)
+          end
+          info
+        end
+      end
+
+      def trust_info(key)
+        unusable_key?(key) ? " *#{key.trust}*" : ''
+      end
+
+      def unusable_key?(key)
+        [:revoked, :expired].include?(key.trust)
       end
 
       def passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)

data/lib/schleuder/list.rb

@@ -8,7 +8,7 @@ module Schleuder
     # Prepare some variables, set up the SchleuderLogger and set GNUPGHOME
     def initialize(listname,newlist=false)
       @listname = listname
-      @config = _load_config(false) if newlist
+      @config = ListConfig.new if newlist
       @log = ListLogger.new listname, listdir, config
       
       # setting GNUPGHOME to list's home, to make use of the keys there
@@ -22,7 +22,7 @@ module Schleuder
       unless @members
         Schleuder.log.debug("reading #{members_file}")
         @members = YAML::load_file(members_file).collect do |h|
-          h.kind_of?(Schleuder::Member) ? h : Schleuder::Member.new(h,false)
+          h.kind_of?(Schleuder::Member) ? h : Schleuder::Member.new(h)
         end
       end
       @members
@@ -36,7 +36,7 @@ module Schleuder
     def members=(arr)
       Schleuder.log.debug 'writing members'
       Schleuder.log.info("writing #{members_file}")
-      @members = arr.collect { |m| m.kind_of?(Hash) ? Member.new(m,false) : m }
+      @members = arr.collect { |m| m.kind_of?(Hash) ? Member.new(m) : m }
       _write(YAML.dump(@members.collect { |m| m.to_hash }), members_file)
       @members
     end
@@ -144,10 +144,9 @@ module Schleuder
     private
 
     # Loads the configuration
-    # fromfile = Whether to load the config from file.
-    def _load_config(fromfile=true)
+    def _load_config
         Schleuder.log.debug("reading list-config for: #{@listname}") unless Schleuder.log.nil?
-        @config = ListConfig.new(File.join(listdir, Schleuder.config.lists_configfile),fromfile)
+        @config = ListConfig.new(File.join(listdir, Schleuder.config.lists_configfile))
     end
 
     def find_by_key(ary, key)

data/lib/schleuder/list_config.rb

@@ -75,10 +75,10 @@ module Schleuder
     schleuder_attr :headers_to_meta, [:from, :to, :cc, :date]
 
     # Restrict specific plugins to admin
-    schleuder_attr :keywords_admin_only,  ['SAVE-MEMBERS', 'DEL-KEY']
+    schleuder_attr :keywords_admin_only, ['ADD-MEMBER', 'DELETE-MEMBER', 'DELETE-KEY', 'SAVE-MEMBERS', 'DEL-KEY' ]
 
     # Notify admin if these keywords triggered commands.
-    schleuder_attr :keywords_admin_notify, [ 'X-ADD-KEY' ]
+    schleuder_attr :keywords_admin_notify, [ 'ADD-KEY' ]
 
     # Drop any bounces (incoming email not passing the receive_*_only-rules)
     schleuder_attr :bounces_drop_all, false
@@ -112,11 +112,11 @@ module Schleuder
 
     ### END OF CONFIG OPTIONS
 
-    def initialize(config_file, fromfile=true)
+    def initialize(config=nil)
       # First Overload with default-list.conf then load our config
       overload_from_file!(Schleuder.config.lists_default_conf)
       # overload with config_file
-      super(config_file, fromfile)
+      super(config)
 
       # load admins as members
       self.admins = self.admins

data/lib/schleuder/mail.rb

@@ -111,6 +111,11 @@ module Schleuder
           self.parts.each do |part|
             _decrypt_pgp_inline(part)
           end
+          # If all parts are equally encrypted and signed mark the whole message as such
+          self.in_encrypted = self.parts.map{ |p| p.in_encrypted }.uniq == [true]
+          if self.parts.map { |p| p.in_signed.fpr }.uniq.size == 1
+            self.in_signed = self.parts.first.in_signed
+          end
         else
           Schleuder.log.debug 'single inline content found, looking for pgp content'
           _decrypt_pgp_inline(self)
@@ -627,14 +632,14 @@ module Schleuder
     def _decrypt_pgp_inline(msg)
       if msg._content_type_stripped == 'text/html'
         Schleuder.log.debug "Content-type is text/html, can't handle that, skipping"
-      elsif msg.body =~ /^-----BEGIN PGP.*/ || msg.body.content_type.split('/').last.eql?('pgp')
+      elsif msg.body =~ /^-----BEGIN PGP.*/ || ['pgp', 'gpg'].include?(msg.disposition_param('filename').to_s.split('.').last.to_s.downcase)
         Schleuder.log.debug 'found pgp-inline in input'
-        # Look for charset-armor-header. In most cases useless but nobody shall say we didn't try.
-        msg.body.each_line do |l|
-          break if l.strip.empty?
-          next unless m = l.match(/^Charset:\s(.*)$/)
-          @charset = m[1]
-        end
+        # We need to do this in three steps:
+        # 1. get the decoded body from TMail
+        # 2. delete the encoding-header
+        # 3. put the plaintext back into TMail
+        # Else TMail either can't decode the body correctly or 'over-decodes' it
+        # on next output
         # TMail decodes QP if body() is called, Umlauts if to_s() is called.
         # Life with TMail is hard...
         if msg.encoding.to_s.downcase.eql?('quoted-printable') || !msg.main_type.eql?('text')
@@ -642,32 +647,29 @@ module Schleuder
         else
           str = msg.to_s
         end
-        # We need to do this in three steps:
-        # 1. get the decoded body from TMail
-        # 2. delete the encoding-header
-        # 3. put the plaintext back into TMail
-        # Else TMail either can't decode the body correctly or 'over-decodes' it
-        # on next output
         ptxt, enc, sig = crypt.decrypt(str)
-        if msg.main_type.eql?('text')
-          msg.body = ptxt
-          msg.charset = @charset || 'UTF-8'
-          msg.encoding = nil
+        if ptxt == str
+          Schleuder.log.debug "Output equals input, content was obviously not suitable for gpg. Passing it untouched."
         else
-          # base64-encode if not text as we don't know what's in there. Might
-          # be binary data, which could break otherweise.
-          msg.body = [ptxt].pack("m")
-          msg.encoding = 'base64'
-        end
-        msg.in_encrypted = enc
-        msg.in_signed = sig
-        # RFC 2440 defines that the armored text by default is utf-8
-        if msg.content_type && msg['content-type'].params['x-action'] =~ /^pgp/
-          msg['content-type'].params['x-action'] = nil
-        end
-        unless msg.disposition_param('filename').nil?
-          msg['content-disposition'].params['filename'] =  msg.disposition_param('filename').gsub(/\.(gpg|pgp|asc)$/, '')
+          #Schleuder.log.debug "ptxt.mime_encoding: #{FileMagic.fm(:mime_encoding).buffer(ptxt).inspect}"
+          Schleuder.log.debug "Processing plaincontent: #{ptxt.mime}"
+          msg.in_encrypted = enc
+          msg.in_signed = sig
+          if ! msg.disposition_param('filename').nil?
+            msg['content-disposition'].params['filename'] = msg.disposition_param('filename').gsub(/\.(gpg|pgp|asc)$/, '')
+          end
+          if ptxt.content_type.split('/').first == 'text'
+            msg['content-type'] = ptxt.mime
+            msg.encoding = nil
+            msg.body = ptxt
+          else
+            # TMail handles binary data in an "interesting" way, so we manuall encode before handing Tmail the data.
+            msg['content-type'] = ptxt.content_type
+            msg.encoding = 'Base64'
+            msg.body = [ptxt].pack('m')
+          end
         end
+        msg
       else
         Schleuder.log.debug 'no pgp-inline-data found, doing nothing'
       end
@@ -696,15 +698,16 @@ module Schleuder
     end
 
     def _sig_str(arg)
-      if arg
+      # gpgme breaks if we use arg.to_s.empty? here.
+      if arg.nil? || (arg.is_a?(String) && arg.empty?)
+        'No signature'
+      else
         if crypt.get_key(arg.fpr).first
           arg.to_s
         else
           #Schleuder.log.debug arg.inspect
           "Unknown signature from #{arg.fpr} (public key not present)"
         end
-      else
-        'No signature'
       end
     end
 

data/lib/schleuder/member.rb

@@ -6,8 +6,8 @@ module Schleuder
     schleuder_attr :encrypted_only, false
     schleuder_attr :key_fingerprint, nil
 
-    def initialize(config_file, fromfile=true)
-      super(config_file, fromfile)
+    def initialize(config=nil)
+      super(config)
 
       # compress fingerprint
       self.key_fingerprint = self.key_fingerprint