|
|
|
# add Rails load path for Debian, until rails framework is split properly
|
|
DEB_RAILS_PATH = "/usr/share/rails" unless Object.constants.include?("DEB_RAILS_PATH")
|
|
Dir.new(DEB_RAILS_PATH).each do |file|
|
|
next if file =~ /^\./
|
|
path = File.join(DEB_RAILS_PATH, file, "lib")
|
|
$: << path if File.directory?(path)
|
|
end
|
|
|
|
require 'cyborghood/base'
|
|
require 'delegate'
|
|
require 'tmail'
|
|
require 'tmail_extra'
|
|
require 'action_mailer/quoting'
|
|
require 'action_mailer/utils'
|
|
require 'net/smtp'
|
|
|
|
# This class handles RFC3156 signed messages, validates them, and extract orders properly.
|
|
# Encrypted content are not implemented yet.
|
|
module CyborgHood
|
|
class Mail < Delegator
|
|
include ActionMailer::Quoting
|
|
include ActionMailer::Utils
|
|
|
|
def initialize(msg = nil)
|
|
@config = Config.instance
|
|
|
|
if msg.nil?
|
|
@mail = TMail::Mail.new
|
|
set_custom_headers
|
|
else
|
|
# unquote headers and transform into TMail object
|
|
@mail = TMail::Mail.parse(TMail::Unquoter.unquote_and_convert_to(msg, "UTF-8"))
|
|
end
|
|
end
|
|
|
|
def __getobj__
|
|
@mail
|
|
end
|
|
|
|
def parse
|
|
return parse_signed() if is_pgp_signed?
|
|
return parse_encrypted() if is_pgp_encrypted?
|
|
{:ok => false, :msg => "mail not RFC3156 compliant"}.to_ostruct
|
|
end
|
|
|
|
def create_reply
|
|
tmail_reply = @mail.create_reply
|
|
tmail_reply.from_addrs = TMail::Address.parse(@config.mail.from_address || self.to.first)
|
|
reply = self.class.new(tmail_reply.to_s)
|
|
reply.set_custom_headers
|
|
reply
|
|
end
|
|
|
|
def set_custom_headers
|
|
@mail['Organization'] = @config.mail.organization
|
|
end
|
|
|
|
def check_headers
|
|
@mail.header.keys.each do |h|
|
|
@mail[h] = quote_address_if_necessary(@mail[h].to_s, "utf-8")
|
|
end
|
|
end
|
|
|
|
def deliver
|
|
check_headers
|
|
|
|
smtp_server = @config.mail.smtp_server || "localhost"
|
|
smtp_port = @config.mail.smtp_port || 25
|
|
smtp_from = @mail.from_addrs.collect{|a| a.address}.join(", ")
|
|
smtp_to = @mail.to_addrs.collect{|a| a.address}
|
|
Net::SMTP.start(smtp_server, smtp_port) do |smtp|
|
|
#p @mail.to_s
|
|
smtp.send_message(@mail.to_s, smtp_from, smtp_to)
|
|
end
|
|
end
|
|
|
|
def to_s
|
|
@mail.to_s
|
|
end
|
|
|
|
def crypt(fingerprint)
|
|
clear_data = build_intermediate_mail()
|
|
encrypted_data = clear_data.pgp_crypt(fingerprint)
|
|
|
|
# build properly encrypted mail
|
|
# (modify original mail parts)
|
|
@mail.set_content_type("multipart", "encrypted", {'boundary' => TMail.new_boundary, "protocol" => "application/pgp-encrypted"})
|
|
@mail.transfer_encoding = "7bit"
|
|
@mail['content-disposition'] = nil
|
|
@mail.body = "This mail is a RFC3156 encrypted message.\n"
|
|
@mail.parts.clear
|
|
p_pgp = TMail::Mail.new
|
|
p_pgp.set_content_type("application", "pgp-encrypted")
|
|
p_pgp.transfer_encoding = "7bit"
|
|
p_pgp.content_disposition = "inline"
|
|
p_pgp.body = "Version: 1\n"
|
|
@mail.parts << p_pgp
|
|
p_encrypted = TMail::Mail.new
|
|
p_encrypted.set_content_type("application", "octet-stream")
|
|
p_encrypted.transfer_encoding = "7bit"
|
|
p_encrypted.content_disposition = "inline"
|
|
p_encrypted.body = encrypted_data
|
|
@mail.parts << p_encrypted
|
|
end
|
|
|
|
def sign
|
|
data = build_intermediate_mail()
|
|
sign_data = data.pgp_sign([@config.mail.key_id]) do |uid_hint, passphrase_info, prev_was_bad|
|
|
@config.mail.key_passphrase
|
|
end
|
|
|
|
original_content_type = @mail.content_type
|
|
original_content_transfer_encoding = @mail.content_transfer_encoding
|
|
original_content_disposition = @mail.content_disposition
|
|
|
|
# build properly signed mail
|
|
# (modify original mail parts)
|
|
@mail.set_content_type("multipart", "signed", {'boundary' => TMail.new_boundary, 'protocol' => "application/pgp-signature", 'micalg' => sign_data[:micalg]})
|
|
@mail.transfer_encoding = "7bit"
|
|
@mail['content-disposition'] = nil
|
|
@mail.body = "This mail is a RFC3156 signed message.\n"
|
|
@mail.parts.clear
|
|
p_signed = data
|
|
@mail.parts << p_signed
|
|
p_signature = TMail::Mail.new
|
|
p_signature.set_content_type("application", "pgp-signature")
|
|
p_signature.transfer_encoding = "7bit"
|
|
p_signature.content_disposition = "inline"
|
|
p_signature.body = sign_data[:signature]
|
|
@mail.parts << p_signature
|
|
end
|
|
|
|
def sign_and_crypt(fingerprint)
|
|
sign()
|
|
crypt(fingerprint)
|
|
end
|
|
|
|
def quoted_printable_body=(txt)
|
|
@mail.transfer_encoding = "quoted-printable"
|
|
@mail.body = [normalize_new_lines(txt)].pack("M*")
|
|
end
|
|
|
|
private
|
|
|
|
def build_intermediate_mail
|
|
# build a fake mail to get the generated content to be crypted/signed
|
|
fake_mail = TMail::Mail.new
|
|
fake_mail['content-type'] = @mail['content-type'].to_s
|
|
fake_mail.transfer_encoding = @mail.transfer_encoding if @mail.transfer_encoding
|
|
fake_mail.content_disposition = @mail.content_disposition if @mail.content_disposition
|
|
if @mail.multipart?
|
|
@mail.each_part {|p| fake_mail.parts << p }
|
|
else
|
|
fake_mail.body = @mail.body
|
|
end
|
|
|
|
# store the calculated content, to be able to use the raw() method
|
|
fake_mail.write_back
|
|
|
|
fake_mail
|
|
end
|
|
|
|
def parse_signed
|
|
order = {:ok => false, :msg => "mail not formatted correctly"}
|
|
|
|
sigs_check = verify_pgp_signature()
|
|
return order.to_ostruct if sigs_check.nil? or sigs_check.size != 1
|
|
|
|
sig_check = sigs_check.first
|
|
if sig_check.status == 0
|
|
logger.info "Mail content was properly signed by key #{sig_check.fingerprint}"
|
|
user = Person.find_by_fingerprint(sig_check.fingerprint)
|
|
if user.nil?
|
|
logger.info "Mail is from an unknown person"
|
|
order[:msg] = "unknown user"
|
|
else
|
|
logger.info "Mail is from user #{user.uid} (#{user.cn})"
|
|
|
|
signed_content = pgp_signed_part()
|
|
if signed_content.multipart?
|
|
if signed_content.parts[0].content_type == "text/plain"
|
|
command_txt = signed_content.parts[0].body
|
|
refs = signed_content.parts.collect{|p| p.dup }
|
|
end
|
|
else
|
|
command_txt = signed_content.body if signed_content.content_type == "text/plain"
|
|
refs = []
|
|
end
|
|
|
|
if command_txt
|
|
commands = []
|
|
command_txt.each_line do |line|
|
|
line.chomp!
|
|
sline = line.strip
|
|
# skip empty lines and comments
|
|
next if sline == "" or sline[0, 1] == "#"
|
|
# stop processing when detecting message signature
|
|
break if line == "-- "
|
|
|
|
commands << sline
|
|
end
|
|
|
|
order = {:ok => true, :user => user, :commands => commands, :refs => refs}
|
|
else
|
|
logger.info "Mail does not contain a proper MIME part for commands"
|
|
end
|
|
end
|
|
else
|
|
logger.info "Mail content tampered or badly signed: " + sig_check.to_s
|
|
return nil
|
|
end
|
|
|
|
order.to_ostruct
|
|
end
|
|
|
|
def parse_encrypted
|
|
order = {:ok => false, :msg => "mail not formatted correctly"}
|
|
|
|
catch :notforme do
|
|
begin
|
|
# block is not passed to delegate (limitation ?)
|
|
clear_message = @mail.pgp_decrypt do |uid_hint, passphrase_info, prev_was_bad|
|
|
logger.info "Mail crypted for #{uid_hint}"
|
|
|
|
# check if requesting passphrase for the expected key
|
|
key_id = passphrase_info.split(" ")[1]
|
|
throw :notforme if key_id != @config.mail.key_id[-(key_id.size)..-1]
|
|
|
|
# sending key
|
|
@config.mail.key_passphrase
|
|
end
|
|
|
|
# create a fake mail and chain parsing operations
|
|
clear_mail = self.class.new(clear_message)
|
|
return clear_mail.parse
|
|
rescue GPGME::Error, NotImplementedError => e
|
|
raise CyberError.new(:unrecoverable, "protocol/mail", e.message)
|
|
end
|
|
end
|
|
|
|
order.to_ostruct
|
|
end
|
|
end
|
|
end
|