Revision 3d444084
Added by Marc Dequènes about 15 years ago
- ID 3d4440844dbef4fedc839d7d9cb0408ab5cc94bd
| lib/cyborghood/mail.rb | ||
|---|---|---|
|
include ActionMailer::Quoting
|
||
|
include ActionMailer::Utils
|
||
|
|
||
|
MAX_DRIFT_TIME = 600
|
||
|
|
||
|
def initialize(msg = nil)
|
||
|
@config = Config.instance
|
||
|
|
||
| ... | ... | |
|
else
|
||
|
logger.info "Mail is from user #{user.uid} (#{user.cn})"
|
||
|
|
||
|
signed_content = pgp_signed_part()
|
||
|
if signed_content.multipart?
|
||
|
if signed_content.parts[0].content_type == "text/plain"
|
||
|
command_txt = signed_content.parts[0].body
|
||
|
refs = signed_content.parts.collect{|p| p.dup }
|
||
|
drift = Time.new.to_i - sig_check.timestamp.to_i
|
||
|
logger.debug "Signature drift time: #{drift}"
|
||
|
if drift > 0 and drift < MAX_DRIFT_TIME
|
||
|
signed_content = pgp_signed_part()
|
||
|
if signed_content.multipart?
|
||
|
if signed_content.parts[0].content_type == "text/plain"
|
||
|
command_txt = signed_content.parts[0].body
|
||
|
refs = signed_content.parts.collect{|p| p.dup }
|
||
|
end
|
||
|
else
|
||
|
command_txt = signed_content.body if signed_content.content_type == "text/plain"
|
||
|
refs = []
|
||
|
end
|
||
|
else
|
||
|
command_txt = signed_content.body if signed_content.content_type == "text/plain"
|
||
|
refs = []
|
||
|
end
|
||
|
|
||
|
if command_txt
|
||
|
commands = []
|
||
|
command_txt.each_line do |line|
|
||
|
line.chomp!
|
||
|
sline = line.strip
|
||
|
# skip empty lines and comments
|
||
|
next if sline == "" or sline[0, 1] == "#"
|
||
|
# stop processing when detecting message signature
|
||
|
break if line == "-- "
|
||
|
|
||
|
commands << sline
|
||
|
if command_txt
|
||
|
commands = []
|
||
|
command_txt.each_line do |line|
|
||
|
line.chomp!
|
||
|
sline = line.strip
|
||
|
# skip empty lines and comments
|
||
|
next if sline == "" or sline[0, 1] == "#"
|
||
|
# stop processing when detecting message signature
|
||
|
break if line == "-- "
|
||
|
|
||
|
commands << sline
|
||
|
end
|
||
|
|
||
|
logger.debug "Mail OK"
|
||
|
order = {:ok => true, :user => user, :commands => commands, :refs => refs}
|
||
|
else
|
||
|
order[:user] = user
|
||
|
logger.info "Mail does not contain a proper MIME part for commands"
|
||
|
end
|
||
|
|
||
|
order = {:ok => true, :user => user, :commands => commands, :refs => refs}
|
||
|
else
|
||
|
logger.info "Mail does not contain a proper MIME part for commands"
|
||
|
logger.info "Mail rejected as it may be a replay (signature timestamp is too old)"
|
||
|
order = {:ok => false, :user => user, :msg => "The signature was made too long ago (perhaps your system clock is not up-to-date). Rejected message to avoid replay attacks."}
|
||
|
end
|
||
|
end
|
||
|
else
|
||
Also available in: Unified diff
[evol] check if signature timestamp is not too old or reject it (first part of the replay protection)