From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yCZVB4cju14tewAA0tVLHw (envelope-from ) for ; Tue, 12 May 2020 22:30:31 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id sOdDJJUju14/bQAA1q6Kng (envelope-from ) for ; Tue, 12 May 2020 22:30:45 +0000 Received: from arlo.cworth.org (unknown [50.126.95.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4F402940DEC for ; Tue, 12 May 2020 22:30:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 2B7706DE1412; Tue, 12 May 2020 15:30:15 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XH8qkdXiaULD; Tue, 12 May 2020 15:30:14 -0700 (PDT) Received: from arlo.cworth.org (localhost [IPv6:::1]) by arlo.cworth.org (Postfix) with ESMTP id AC30D6DE140C; Tue, 12 May 2020 15:30:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id D7ABD6DE13F3 for ; Tue, 12 May 2020 15:29:59 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaU_XUe_-J0O for ; Tue, 12 May 2020 15:29:59 -0700 (PDT) Received: from che.mayfirst.org (unknown [162.247.75.117]) by arlo.cworth.org (Postfix) with ESMTPS id 461676DE13DB for ; Tue, 12 May 2020 15:29:56 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1589322594; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=Bf3iUMpNZwEkzekass0asfo70TNwv43mWxUIntHtF4I=; b=azOs/q3dWRpYhC1pnKgEvwONdNaq7ZNGb9p9rHbPuy4y52Yk7L8S5p9NNxbLEKbbzAUdg 1LJI+giRu0PEIApBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1589322594; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=Bf3iUMpNZwEkzekass0asfo70TNwv43mWxUIntHtF4I=; b=UYlwFR2W2x2UzOcbmJ8SlMzKcnDRp2c4lfnOcHizwOyw1mM1vHpY26XIBe9AoQf/t73Kt lCDPsQNvVgHvYxPkP6tW0AS2pDK4aPHIr7mxmgB8nIFId+ecmyEp/fHfAoDsOuymqxfq6Mv rbt/U5qgglV3fBy+shmE9i1UBYnh5KDxBwjxYnyHipMRtaBz5FeZQ6l57vjm7lt5FStFB9n AKteNXx+aeoKzG5YdaULERJCaTPla5SVm4tqeuQ1tFj2Ql0zkLVIB85CHZ8xxtHVNXOHmjP RtDBvtV7pBIWzAvgVvcQ9EYxzlzufzI6cTh/CrCWURGKnCRwj+4YB4chedEg== Received: from fifthhorseman.net (unknown [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 9CA2EF9A5 for ; Tue, 12 May 2020 18:29:54 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id E197820B02; Tue, 12 May 2020 18:29:51 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v2 4/9] cli/show: If a leaf part has children, show them instead of omitting Date: Tue, 12 May 2020 18:29:34 -0400 Message-Id: <20200512222939.372093-5-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200512222939.372093-1-dkg@fifthhorseman.net> References: <20200512222939.372093-1-dkg@fifthhorseman.net> MIME-Version: 1.0 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: notmuch-bounces@notmuchmail.org Sender: "notmuch" X-Scanner: scn0 X-Spam-Score: 4.59 Authentication-Results: aspmx1.migadu.com; dkim=fail (body hash did not verify) header.d=fifthhorseman.net header.s=2019 header.b=azOs/q3d; dkim=fail (body hash did not verify) header.d=fifthhorseman.net header.s=2019rsa header.b=UYlwFR2W; dmarc=fail reason="SPF not aligned (relaxed)" header.from=fifthhorseman.net (policy=none); spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 50.126.95.6 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Scan-Result: default: False [4.59 / 13.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GENERIC_REPUTATION(0.00)[-0.44777286520757]; RDNS_NONE(1.00)[]; DWL_DNSWL_BLOCKED(0.00)[50.126.95.6:from]; R_DKIM_REJECT(1.00)[fifthhorseman.net:s=2019,fifthhorseman.net:s=2019rsa]; R_SPF_ALLOW(-0.20)[+a]; IP_REPUTATION_HAM(0.00)[asn: 27017(-0.18), country: US(-0.00), ip: 50.126.95.6(-0.45)]; FORGED_SENDER_MAILLIST(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[fifthhorseman.net:-]; MX_GOOD(-0.50)[cached: notmuchmail.org]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:27017, ipnet:50.126.64.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[dkg@fifthhorseman.net,notmuch-bounces@notmuchmail.org]; RDNS_DNSFAIL(0.00)[]; ARC_NA(0.00)[]; URIBL_BLOCKED(0.00)[fifthhorseman.net:email,notmuchmail.org:email]; FROM_HAS_DN(0.00)[]; SPF_REPUTATION_HAM(0.00)[-0.41288601556236]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[notmuch@notmuchmail.org]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; DNSWL_BLOCKED(0.00)[50.126.95.6:from]; MID_CONTAINS_FROM(1.00)[]; HFILTER_HOSTNAME_UNKNOWN(2.50)[]; RCVD_COUNT_SEVEN(0.00)[8]; DMARC_POLICY_SOFTFAIL(0.10)[fifthhorseman.net : SPF not aligned (relaxed),none] X-TUID: tRNtOvyJ8Tvy Until we did PKCS#7 unwrapping, no leaf MIME part could have a child. Now, we treat the unwrapped MIME part as the child of the PKCS#7 SignedData object. So in that case, we want to show it instead of deliberately omitting the content. This fixes the test of the protected subject in id:smime-onepart-signed@protected-headers.example. Signed-off-by: Daniel Kahn Gillmor --- notmuch-show.c | 11 ++++++++++- test/T355-smime.sh | 6 +++--- test/T356-protected-headers.sh | 3 +-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/notmuch-show.c b/notmuch-show.c index ab1cd144..36265043 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -759,7 +759,16 @@ format_part_sprinter (const void *ctx, sprinter_t *sp, mime_node_t *node, sp->string_len (sp, (char *) part_content->data, part_content->len); g_object_unref (stream_memory); } else { - format_omitted_part_meta_sprinter (sp, meta, GMIME_PART (node->part)); + /* if we have a child part despite being a standard + * (non-multipart) MIME part, that means there is + * something to unwrap, which we will present in + * content: */ + if (node->nchildren) { + sp->map_key (sp, "content"); + sp->begin_list (sp); + nclose = 1; + } else + format_omitted_part_meta_sprinter (sp, meta, GMIME_PART (node->part)); } } else if (GMIME_IS_MULTIPART (node->part)) { sp->map_key (sp, "content"); diff --git a/test/T355-smime.sh b/test/T355-smime.sh index 4de0fbef..03aada20 100755 --- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -177,12 +177,10 @@ On Tue, 26 Nov 2019 20:11:29 -0400, Alice Lovelace wrote: test_expect_equal "$expected" "$output" test_begin_subtest "show PKCS#7 SignedData outputs valid JSON" -test_subtest_known_broken output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example) test_valid_json "$output" test_begin_subtest "Verify signature on PKCS#7 SignedData message" -test_subtest_known_broken output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example) test_json_nodes <<<"$output" \ @@ -192,7 +190,9 @@ test_json_nodes <<<"$output" \ 'status:[0][0][0]["crypto"]["signed"]["status"][0]["status"]="good"' test_begin_subtest "Verify signature on PKCS#7 SignedData message signer User ID" -test_subtest_known_broken +if [ $NOTMUCH_GMIME_X509_CERT_VALIDITY -ne 1 ]; then + test_subtest_known_broken +fi test_json_nodes <<<"$output" \ 'userid:[0][0][0]["crypto"]["signed"]["status"][0]["userid"]="CN=Alice Lovelace"' diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh index 5fd27434..5beffaf0 100755 --- a/test/T356-protected-headers.sh +++ b/test/T356-protected-headers.sh @@ -157,7 +157,6 @@ test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail. for variant in multipart-signed onepart-signed; do test_begin_subtest "verify signed PKCS#7 subject ($variant)" - [ "$variant" = multipart-signed ] || test_subtest_known_broken output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example") test_json_nodes <<<"$output" \ 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \ @@ -165,7 +164,7 @@ for variant in multipart-signed onepart-signed; do 'sig_fpr:[0][0][0]["crypto"]["signed"]["status"][0]["fingerprint"]="702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB"' \ 'not_encrypted:[0][0][0]["crypto"]!"decrypted"' test_begin_subtest "verify signed PKCS#7 subject ($variant) signer User ID" - if [ $NOTMUCH_GMIME_X509_CERT_VALIDITY -ne 1 ] || [ "$variant" != multipart-signed ]; then + if [ $NOTMUCH_GMIME_X509_CERT_VALIDITY -ne 1 ]; then test_subtest_known_broken fi test_json_nodes <<<"$output" \ -- 2.26.2