From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 3ED586DE1006 for ; Tue, 17 Oct 2017 12:10:28 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.042 X-Spam-Level: X-Spam-Status: No, score=-0.042 tagged_above=-999 required=5 tests=[AWL=-0.042] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z4DKW7D3Ou6G for ; Tue, 17 Oct 2017 12:10:27 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id E47B76DE10E8 for ; Tue, 17 Oct 2017 12:10:21 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 7BCE5F9A7 for ; Tue, 17 Oct 2017 15:10:21 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 51C2C20882; Tue, 17 Oct 2017 15:10:17 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v6 03/14] index: implement notmuch_indexopts_t with try_decrypt Date: Tue, 17 Oct 2017 15:09:57 -0400 Message-Id: <20171017191008.8742-4-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171017191008.8742-1-dkg@fifthhorseman.net> References: <20171017191008.8742-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 19:10:28 -0000 This is currently mostly a wrapper around _notmuch_crypto_t that keeps its internals private and doesn't expose any of the GMime API. However, non-crypto indexing options might also be added later (e.g. filters or other transformations). --- lib/add-message.cc | 11 ++++++++++- lib/indexopts.c | 22 ++++++++++++++++++++-- lib/notmuch-private.h | 7 +++++++ lib/notmuch.h | 20 ++++++++++++++++++++ 4 files changed, 57 insertions(+), 3 deletions(-) diff --git a/lib/add-message.cc b/lib/add-message.cc index bce10a0f..34099ed5 100644 --- a/lib/add-message.cc +++ b/lib/add-message.cc @@ -460,7 +460,7 @@ _notmuch_database_link_message (notmuch_database_t *notmuch, notmuch_status_t notmuch_database_index_file (notmuch_database_t *notmuch, const char *filename, - notmuch_indexopts_t unused (*indexopts), + notmuch_indexopts_t *indexopts, notmuch_message_t **message_ret) { notmuch_message_file_t *message_file; @@ -468,6 +468,7 @@ notmuch_database_index_file (notmuch_database_t *notmuch, notmuch_status_t ret = NOTMUCH_STATUS_SUCCESS, ret2; notmuch_private_status_t private_status; bool is_ghost = false, is_new = false; + notmuch_indexopts_t *def_indexopts = NULL; const char *date; const char *from, *to, *subject; @@ -540,6 +541,11 @@ notmuch_database_index_file (notmuch_database_t *notmuch, if (is_new || is_ghost) _notmuch_message_set_header_values (message, date, from, subject); + if (!indexopts) { + def_indexopts = notmuch_database_get_default_indexopts (notmuch); + indexopts = def_indexopts; + } + ret = _notmuch_message_index_file (message, message_file); if (ret) goto DONE; @@ -557,6 +563,9 @@ notmuch_database_index_file (notmuch_database_t *notmuch, } DONE: + if (def_indexopts) + notmuch_indexopts_destroy (def_indexopts); + if (message) { if ((ret == NOTMUCH_STATUS_SUCCESS || ret == NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID) && message_ret) diff --git a/lib/indexopts.c b/lib/indexopts.c index 2f9b841b..cc1d6422 100644 --- a/lib/indexopts.c +++ b/lib/indexopts.c @@ -21,9 +21,27 @@ #include "notmuch-private.h" notmuch_indexopts_t * -notmuch_database_get_default_indexopts (notmuch_database_t unused (*db)) +notmuch_database_get_default_indexopts (notmuch_database_t *db) { - return NULL; + return talloc_zero (db, notmuch_indexopts_t); +} + +notmuch_status_t +notmuch_indexopts_set_try_decrypt (notmuch_indexopts_t *indexopts, + bool try_decrypt) +{ + if (!indexopts) + return NOTMUCH_STATUS_NULL_POINTER; + indexopts->crypto.decrypt = try_decrypt; + return NOTMUCH_STATUS_SUCCESS; +} + +bool +notmuch_indexopts_get_try_decrypt (const notmuch_indexopts_t *indexopts) +{ + if (!indexopts) + return false; + return indexopts->crypto.decrypt; } void diff --git a/lib/notmuch-private.h b/lib/notmuch-private.h index e86f4582..4c408396 100644 --- a/lib/notmuch-private.h +++ b/lib/notmuch-private.h @@ -52,6 +52,7 @@ NOTMUCH_BEGIN_DECLS #include "xutil.h" #include "error_util.h" #include "string-util.h" +#include "crypto.h" #ifdef DEBUG # define DEBUG_DATABASE_SANITY 1 @@ -633,6 +634,12 @@ _notmuch_thread_create (void *ctx, notmuch_exclude_t omit_exclude, notmuch_sort_t sort); +/* indexopts.c */ + +struct _notmuch_indexopts { + _notmuch_crypto_t crypto; +}; + NOTMUCH_END_DECLS #ifdef __cplusplus diff --git a/lib/notmuch.h b/lib/notmuch.h index 669e01b1..0b2e8305 100644 --- a/lib/notmuch.h +++ b/lib/notmuch.h @@ -42,6 +42,7 @@ NOTMUCH_BEGIN_DECLS #include +#include #pragma GCC visibility push(default) @@ -2214,6 +2215,25 @@ notmuch_config_list_destroy (notmuch_config_list_t *config_list); notmuch_indexopts_t * notmuch_database_get_default_indexopts (notmuch_database_t *db); +/** + * Specify whether to decrypt encrypted parts while indexing. + * + * Be aware that the index is likely sufficient to reconstruct the + * cleartext of the message itself, so please ensure that the notmuch + * message index is adequately protected. DO NOT SET THIS FLAG TO TRUE + * without considering the security of your index. + */ +notmuch_status_t +notmuch_indexopts_set_try_decrypt (notmuch_indexopts_t *indexopts, + bool try_decrypt); + +/** + * Return whether to decrypt encrypted parts while indexing. + * see notmuch_indexopts_set_try_decrypt. + */ +bool +notmuch_indexopts_get_try_decrypt (const notmuch_indexopts_t *indexopts); + /** * Destroy a notmuch_indexopts_t object. * -- 2.14.2