From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH v2 10/17] indexing: record protected subject when indexing cleartext
Date: Sun, 26 May 2019 18:16:03 -0400 [thread overview]
Message-ID: <20190526221610.2833-11-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20190526221610.2833-1-dkg@fifthhorseman.net>
When indexing the cleartext of an encrypted message, record any
protected subject in the database, which should make it findable and
visible in search.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
lib/index.cc | 42 ++++++++++++++++++++++++++--------
lib/message.cc | 8 +++++++
lib/notmuch-private.h | 4 ++++
| 16 +++++++++++++
4 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/lib/index.cc b/lib/index.cc
index f216ae5d..1fd9e67e 100644
--- a/lib/index.cc
+++ b/lib/index.cc
@@ -367,13 +367,15 @@ _index_content_type (notmuch_message_t *message, GMimeObject *part)
static void
_index_encrypted_mime_part (notmuch_message_t *message, notmuch_indexopts_t *indexopts,
- GMimeMultipartEncrypted *part);
+ GMimeMultipartEncrypted *part,
+ _notmuch_message_crypto_t *msg_crypto);
/* Callback to generate terms for each mime part of a message. */
static void
_index_mime_part (notmuch_message_t *message,
notmuch_indexopts_t *indexopts,
- GMimeObject *part)
+ GMimeObject *part,
+ _notmuch_message_crypto_t *msg_crypto)
{
GMimeStream *stream, *filter;
GMimeFilter *discard_non_term_filter;
@@ -403,6 +405,8 @@ _index_mime_part (notmuch_message_t *message,
_notmuch_message_add_term (message, "tag", "encrypted");
for (i = 0; i < g_mime_multipart_get_count (multipart); i++) {
+ notmuch_status_t status;
+ GMimeObject *child;
if (GMIME_IS_MULTIPART_SIGNED (multipart)) {
/* Don't index the signature, but index its content type. */
if (i == GMIME_MULTIPART_SIGNED_SIGNATURE) {
@@ -419,7 +423,8 @@ _index_mime_part (notmuch_message_t *message,
g_mime_multipart_get_part (multipart, i));
if (i == GMIME_MULTIPART_ENCRYPTED_CONTENT) {
_index_encrypted_mime_part(message, indexopts,
- GMIME_MULTIPART_ENCRYPTED (part));
+ GMIME_MULTIPART_ENCRYPTED (part),
+ msg_crypto);
} else {
if (i != GMIME_MULTIPART_ENCRYPTED_VERSION) {
_notmuch_database_log (notmuch_message_get_database (message),
@@ -428,8 +433,13 @@ _index_mime_part (notmuch_message_t *message,
}
continue;
}
- _index_mime_part (message, indexopts,
- g_mime_multipart_get_part (multipart, i));
+ child = g_mime_multipart_get_part (multipart, i);
+ status = _notmuch_message_crypto_potential_payload (msg_crypto, child, part, i);
+ if (status)
+ _notmuch_database_log (notmuch_message_get_database (message),
+ "Warning: failed to mark the potential cryptographic payload (%s).\n",
+ notmuch_status_to_string (status));
+ _index_mime_part (message, indexopts, child, msg_crypto);
}
return;
}
@@ -439,7 +449,7 @@ _index_mime_part (notmuch_message_t *message,
mime_message = g_mime_message_part_get_message (GMIME_MESSAGE_PART (part));
- _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message));
+ _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message), msg_crypto);
return;
}
@@ -516,7 +526,8 @@ _index_mime_part (notmuch_message_t *message,
static void
_index_encrypted_mime_part (notmuch_message_t *message,
notmuch_indexopts_t *indexopts,
- GMimeMultipartEncrypted *encrypted_data)
+ GMimeMultipartEncrypted *encrypted_data,
+ _notmuch_message_crypto_t *msg_crypto)
{
notmuch_status_t status;
GError *err = NULL;
@@ -553,6 +564,10 @@ _index_encrypted_mime_part (notmuch_message_t *message,
return;
}
if (decrypt_result) {
+ status = _notmuch_message_crypto_successful_decryption (msg_crypto);
+ if (status)
+ _notmuch_database_log_append (notmuch, "failed to mark the message as decrypted (%s)\n",
+ notmuch_status_to_string (status));
if (get_sk) {
status = notmuch_message_add_property (message, "session-key",
g_mime_decrypt_result_get_session_key (decrypt_result));
@@ -562,7 +577,8 @@ _index_encrypted_mime_part (notmuch_message_t *message,
}
g_object_unref (decrypt_result);
}
- _index_mime_part (message, indexopts, clear);
+ status = _notmuch_message_crypto_potential_payload (msg_crypto, clear, GMIME_OBJECT (encrypted_data), GMIME_MULTIPART_ENCRYPTED_CONTENT);
+ _index_mime_part (message, indexopts, clear, msg_crypto);
g_object_unref (clear);
status = notmuch_message_add_property (message, "index.decryption", "success");
@@ -606,6 +622,7 @@ _notmuch_message_index_file (notmuch_message_t *message,
InternetAddressList *addresses;
const char *subject;
notmuch_status_t status;
+ _notmuch_message_crypto_t *msg_crypto;
status = _notmuch_message_file_get_mime_message (message_file,
&mime_message);
@@ -628,7 +645,14 @@ _notmuch_message_index_file (notmuch_message_t *message,
status = _notmuch_message_index_user_headers (message, mime_message);
- _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message));
+ msg_crypto = _notmuch_message_crypto_new (NULL);
+ _index_mime_part (message, indexopts, g_mime_message_get_mime_part (mime_message), msg_crypto);
+ if (msg_crypto && msg_crypto->payload_subject) {
+ _notmuch_message_gen_terms (message, "subject", msg_crypto->payload_subject);
+ _notmuch_message_update_subject (message, msg_crypto->payload_subject);
+ }
+
+ talloc_free (msg_crypto);
return NOTMUCH_STATUS_SUCCESS;
}
diff --git a/lib/message.cc b/lib/message.cc
index dc4a96ad..9e1005a3 100644
--- a/lib/message.cc
+++ b/lib/message.cc
@@ -1238,6 +1238,14 @@ _notmuch_message_set_header_values (notmuch_message_t *message,
message->modified = true;
}
+void
+_notmuch_message_update_subject (notmuch_message_t *message,
+ const char *subject)
+{
+ message->doc.add_value (NOTMUCH_VALUE_SUBJECT, subject);
+ message->modified = true;
+}
+
/* Upgrade a message to support NOTMUCH_FEATURE_LAST_MOD. The caller
* must call _notmuch_message_sync. */
void
diff --git a/lib/notmuch-private.h b/lib/notmuch-private.h
index e46df9a8..6fc5b366 100644
--- a/lib/notmuch-private.h
+++ b/lib/notmuch-private.h
@@ -325,6 +325,10 @@ _notmuch_message_set_header_values (notmuch_message_t *message,
const char *from,
const char *subject);
+void
+_notmuch_message_update_subject (notmuch_message_t *message,
+ const char *subject);
+
void
_notmuch_message_upgrade_last_mod (notmuch_message_t *message);
--git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
index ff37f6bd..fee3b043 100755
--- a/test/T356-protected-headers.sh
+++ b/test/T356-protected-headers.sh
@@ -83,4 +83,20 @@ test_json_nodes <<<"$output" \
'subject:["original"]["headers"]["Subject"]="This is a protected header"' \
'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"'
+test_begin_subtest "protected subject is not indexed by default"
+output=$(notmuch search --output=messages 'subject:"This is a protected header"')
+test_expect_equal "$output" ''
+
+test_begin_subtest "reindex message with protected header"
+test_expect_success 'notmuch reindex --decrypt=true id:protected-header@crypto.notmuchmail.org'
+
+test_begin_subtest "protected subject is indexed when cleartext is indexed"
+output=$(notmuch search --output=messages 'subject:"This is a protected header"')
+test_expect_equal "$output" 'id:protected-header@crypto.notmuchmail.org'
+
+test_begin_subtest "indexed protected subject is visible in search"
+output=$(notmuch search --format=json 'id:protected-header@crypto.notmuchmail.org')
+test_json_nodes <<<"$output" \
+ 'subject:[0]["subject"]="This is a protected header"'
+
test_done
--
2.20.1
next prev parent reply other threads:[~2019-05-26 22:16 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-26 22:15 Protected Headers (2nd major revision, more testing!) Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 01/17] cli/show: emit headers after emitting body Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 02/17] util/crypto: add information about the payload part Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 03/17] test: new test framework to compare json parts Daniel Kahn Gillmor
2019-05-27 9:56 ` David Bremner
2019-05-27 17:31 ` Rollins, Jameson
2019-05-27 20:34 ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 21:30 ` Daniel Kahn Gillmor
2019-05-28 0:09 ` Rollins, Jameson
2019-05-27 18:35 ` [PATCH v3] " Rollins, Jameson
2019-05-26 22:15 ` [PATCH v2 04/17] cli/show: add tests for viewing protected headers Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 05/17] cli/show: emit payload subject instead of outside subject Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 06/17] cli/show: add information about which headers were protected Daniel Kahn Gillmor
2019-05-27 10:12 ` David Bremner
2019-05-27 17:34 ` Rollins, Jameson
2019-05-27 17:59 ` David Bremner
2019-05-27 20:40 ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:18 ` Daniel Kahn Gillmor
2019-05-27 20:43 ` [PATCH v2 " Daniel Kahn Gillmor
2019-05-27 22:14 ` [PATCH v4 " Daniel Kahn Gillmor
2019-05-28 11:10 ` David Bremner
2019-05-28 22:39 ` Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 07/17] test: add test for missing external subject Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 08/17] test: show cryptographic envelope information for signed mails Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 09/17] cli/reply: ensure encrypted Subject: line does not leak in the clear Daniel Kahn Gillmor
2019-05-26 22:16 ` Daniel Kahn Gillmor [this message]
2019-05-27 10:24 ` [PATCH v2 10/17] indexing: record protected subject when indexing cleartext David Bremner
2019-05-27 21:17 ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:35 ` Daniel Kahn Gillmor
2019-05-27 21:25 ` _notmuch_database_log vs _notmuch_database_log_append [was: Re: [PATCH v2 10/17] indexing: record protected subject when indexing cleartext] Daniel Kahn Gillmor
2019-05-27 22:40 ` [PATCH v4 10/17] indexing: record protected subject when indexing cleartext Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 11/17] test: protected headers should work when both encrypted and signed Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 12/17] test: after reindexing, only legitimate protected subjects are searchable Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 13/17] test: try indexing nested messages and protected headers Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 14/17] test: ensure that protected headers appear in notmuch-emacs search as expected Daniel Kahn Gillmor
2019-05-27 20:21 ` Rollins, Jameson
2019-05-27 21:58 ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:02 ` stitching threads (v3 14/17) Daniel Kahn Gillmor
2021-12-23 11:57 ` David Bremner
2019-05-26 22:16 ` [PATCH v2 15/17] test: emacs/show: ensure that protected headers appear as expected Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 16/17] test: reply (in cli and emacs) should protect indexed sensitive headers Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 17/17] cli/reply: pull proposed subject line from the message, not the index Daniel Kahn Gillmor
2019-05-27 20:22 ` Protected Headers (2nd major revision, more testing!) Rollins, Jameson
2019-05-27 22:49 ` Daniel Kahn Gillmor
2019-05-29 11:44 ` David Bremner
2019-05-29 17:31 ` Daniel Kahn Gillmor
[not found] <87d0k3643o.fsf@caltech.edu.net>
2019-05-27 21:35 ` [PATCH v3 14/17] test: ensure that protected headers appear in notmuch-emacs search as expected Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190526221610.2833-11-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).