From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 06/20] mime-node: track whole-message crypto state while walking the tree
Date: Fri, 11 May 2018 01:55:30 -0400 [thread overview]
Message-ID: <20180511055544.13676-7-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20180511055544.13676-1-dkg@fifthhorseman.net>
Deliberately populate the message's cryptographic status while walking
the MIME tree from the CLI.
---
mime-node.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/mime-node.c b/mime-node.c
index cbff95d1..6ecd121d 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -49,6 +49,9 @@ _mime_node_context_free (mime_node_context_t *res)
if (res->stream)
g_object_unref (res->stream);
+ if (res->msg_crypto)
+ _notmuch_message_crypto_cleanup (res->msg_crypto);
+
if (res->file)
fclose (res->file);
@@ -135,6 +138,8 @@ mime_node_open (const void *ctx, notmuch_message_t *message,
goto DONE;
}
+ mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
+
mctx->crypto = crypto;
/* Create the root node */
@@ -181,6 +186,7 @@ node_verify (mime_node_t *node, GMimeObject *part,
g_mime_3_unused(GMimeCryptoContext *cryptoctx))
{
GError *err = NULL;
+ notmuch_status_t status;
node->verify_attempted = true;
node->sig_list = g_mime_multipart_signed_verify
@@ -194,6 +200,10 @@ node_verify (mime_node_t *node, GMimeObject *part,
if (err)
g_error_free (err);
+
+ status = _notmuch_message_crypto_set_sig_list(node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
/* Decrypt and optionally verify an encrypted mime node (GMime 2.6) */
@@ -203,6 +213,7 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
{
GError *err = NULL;
GMimeDecryptResult *decrypt_result = NULL;
+ notmuch_status_t status;
GMimeMultipartEncrypted *encrypteddata = GMIME_MULTIPART_ENCRYPTED (part);
if (! node->decrypted_child) {
@@ -223,6 +234,9 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
}
node->decrypt_success = true;
+ status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
if (decrypt_result) {
/* This may be NULL if the part is not signed. */
@@ -231,6 +245,9 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
node->verify_attempted = true;
g_object_ref (node->sig_list);
set_signature_list_destructor (node);
+ status = _notmuch_message_crypto_set_sig_list(node->ctx->msg_crypto, node->sig_list);
+ if (status) /* this is a warning, not an error */
+ fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
g_object_unref (decrypt_result);
}
@@ -241,10 +258,11 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
}
static mime_node_t *
-_mime_node_create (mime_node_t *parent, GMimeObject *part)
+_mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
{
mime_node_t *node = talloc_zero (parent, mime_node_t);
GMimeCryptoContext *cryptoctx = NULL;
+ notmuch_status_t status;
/* Set basic node properties */
node->part = part;
@@ -282,7 +300,6 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
|| (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) {
GMimeContentType *content_type = g_mime_object_get_content_type (part);
const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol");
- notmuch_status_t status;
status = _notmuch_crypto_get_gmime_ctx_for_protocol (node->ctx->crypto,
protocol, &cryptoctx);
if (status) /* this is a warning, not an error */
@@ -312,6 +329,10 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
} else {
node_verify (node, part, cryptoctx);
}
+ } else {
+ status = _notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, parent ? parent->part : NULL, numchild);
+ if (status)
+ fprintf (stderr, "Warning: failed to record potential crypto payload (%s).\n", notmuch_status_to_string (status));
}
return node;
@@ -339,7 +360,7 @@ mime_node_child (mime_node_t *parent, int child)
INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
g_type_name (G_OBJECT_TYPE (parent->part)));
}
- node = _mime_node_create (parent, sub);
+ node = _mime_node_create (parent, sub, child);
if (child == parent->next_child && parent->next_part_num != -1) {
/* We're traversing in depth-first order. Record the child's
--
2.17.0
next prev parent reply other threads:[~2018-05-11 5:56 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-11 5:55 Protected headers in notmuch Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 01/20] test: new test framework to compare json parts Daniel Kahn Gillmor
2018-06-06 1:06 ` David Bremner
2018-06-06 14:49 ` Daniel Kahn Gillmor
2018-06-06 16:21 ` David Bremner
2018-06-06 20:18 ` Daniel Kahn Gillmor
2018-06-07 8:39 ` Tomi Ollila
2018-05-11 5:55 ` [PATCH 02/20] crypto: Avoid pretending to verify signatures on unsigned encrypted mail Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 03/20] cli/show: pass the siglist directly to the sigstatus sprinter Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 04/20] util/crypto: _notmuch_message_crypto: tracks message-wide crypto state Daniel Kahn Gillmor
2018-06-15 10:16 ` David Bremner
2018-06-28 21:15 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 05/20] cli: expose message-wide crypto status from mime-node Daniel Kahn Gillmor
2018-05-11 5:55 ` Daniel Kahn Gillmor [this message]
2018-06-15 10:52 ` [PATCH 06/20] mime-node: track whole-message crypto state while walking the tree David Bremner
2018-05-11 5:55 ` [PATCH 07/20] cli/show: emit new whole-message crypto status output Daniel Kahn Gillmor
2018-06-15 23:47 ` David Bremner
2018-06-29 15:41 ` Daniel Kahn Gillmor
2018-06-29 15:46 ` David Bremner
2018-05-11 5:55 ` [PATCH 08/20] cli/show: emit headers after emitting body Daniel Kahn Gillmor
2018-06-16 0:30 ` David Bremner
2018-05-11 5:55 ` [PATCH 09/20] util/crypto: add information about the payload part Daniel Kahn Gillmor
2018-06-25 1:15 ` David Bremner
2018-06-30 2:05 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 10/20] cli/show: add tests for viewing protected headers Daniel Kahn Gillmor
2018-06-25 1:31 ` David Bremner
2018-06-30 2:17 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 11/20] cli/show: emit payload subject instead of outside subject Daniel Kahn Gillmor
2018-06-29 0:40 ` David Bremner
2018-07-13 20:29 ` Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 12/20] cli/show: add information about which headers were protected Daniel Kahn Gillmor
2018-06-29 0:58 ` David Bremner
2018-05-11 5:55 ` [PATCH 13/20] test: add test for missing external subject Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 14/20] test: show cryptographic envelope information for signed mails Daniel Kahn Gillmor
2018-06-29 11:38 ` David Bremner
2018-05-11 5:55 ` [PATCH 15/20] cli/reply: ensure encrypted Subject: line does not leak in the clear Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 16/20] cli: introduce flags for format_headers_sprinter Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 17/20] cli/reply: add --protected-subject boolean flag Daniel Kahn Gillmor
2018-06-29 11:51 ` David Bremner
2018-05-11 5:55 ` [PATCH 18/20] indexing: record protected subject when indexing cleartext Daniel Kahn Gillmor
2018-06-02 17:59 ` Jameson Graef Rollins
2018-05-11 5:55 ` [PATCH 19/20] test: protected headers should work when both encrypted and signed Daniel Kahn Gillmor
2018-05-11 5:55 ` [PATCH 20/20] test: after reindexing, only legitimate protected subjects are searchable Daniel Kahn Gillmor
2018-06-02 18:25 ` Protected headers in notmuch Jameson Graef Rollins
2018-06-02 19:20 ` David Bremner
2018-06-03 13:44 ` Daniel Kahn Gillmor
2018-06-06 1:10 ` David Bremner
2018-06-03 18:14 ` Jameson Graef Rollins
2018-07-25 6:01 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180511055544.13676-7-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).