Revision cb0d68fd
Added by Marc Dequènes about 15 years ago
- ID cb0d68fd2c857faea5a05f374b2bb4464a1191fd
lib/cyborghood/mail.rb | ||
---|---|---|
require 'digest/md5'
|
||
|
||
|
||
# This class handles RFC3156 signed messages, validates them, and extract orders properly.
|
||
# Encrypted content are not implemented yet.
|
||
# This class handles RFC3156 signed/encrypted messages, validates them, and extract content properly.
|
||
# It also implements a protection against replay attacks.
|
||
module CyborgHood
|
||
class Command
|
||
attr_reader :cmdline, :cmdsplit
|
||
class MailReport
|
||
attr_reader :error, :warn_sender, :user, :message
|
||
|
||
def initialize(cmdline, cmdsplit)
|
||
@cmdline = cmdline
|
||
@cmdsplit = cmdsplit
|
||
end
|
||
end
|
||
|
||
class SharedParameter
|
||
attr_reader :type, :content
|
||
def initialize(params = {})
|
||
@error = params[:error]
|
||
@warn_sender = params[:warn_sender]
|
||
@user = params[:user]
|
||
@message = params[:message]
|
||
|
||
def initialize(content, type = nil)
|
||
@content = content
|
||
@type = type
|
||
@warn_sender = false
|
||
end
|
||
end
|
||
|
||
class ParameterReference
|
||
attr_reader :reference
|
||
|
||
def initialize(reference)
|
||
@reference = reference
|
||
end
|
||
end
|
||
|
||
class Order
|
||
attr_accessor :ok, :message, :system_message, :user, :commands, :shared_parameters
|
||
attr_writer = :warn_sender
|
||
|
||
def initialize(ok, message = nil, system_message = nil)
|
||
@ok = ok
|
||
@message = message
|
||
@system_message = system_message
|
||
def ok?
|
||
@error.nil? and @user and @message
|
||
end
|
||
|
||
def warn_sender
|
||
... | ... | |
@mail
|
||
end
|
||
|
||
def parse
|
||
def process
|
||
if is_marked?
|
||
return Order.new(false, "Replay detected.")
|
||
return MailReport.new(:error => "Replay detected.")
|
||
end
|
||
|
||
return parse_signed() if is_pgp_signed?
|
||
return parse_encrypted() if is_pgp_encrypted?
|
||
# don't parse commands if user is not identified
|
||
return parse_plain if self.user
|
||
return process_signed() if is_pgp_signed?
|
||
return process_encrypted() if is_pgp_encrypted?
|
||
|
||
Order.new(false, "Mail not RFC3156 compliant.")
|
||
MailReport.new(:error => "Mail not RFC3156 compliant.")
|
||
end
|
||
|
||
def create_reply
|
||
... | ... | |
|
||
private
|
||
|
||
def parse_plain
|
||
command_txt = nil
|
||
shared_params = nil
|
||
if multipart?
|
||
if parts[0].content_type == "text/plain"
|
||
command_txt = self.parts[0].body
|
||
shared_params = {}
|
||
i = 1
|
||
self.parts.each do |p|
|
||
shared_params[i] = SharedParameter.new(p.body, p.content_type)
|
||
filename = p.header['content-type'].params('filename')
|
||
shared_params[filename] = ParameterReference.new(i) if filename
|
||
i += 1
|
||
end
|
||
end
|
||
else
|
||
command_txt = self.body if self.content_type == "text/plain"
|
||
shared_params = {}
|
||
end
|
||
unless command_txt
|
||
order = Order.new(false, N_("Mail does not contain a proper text part for commands."))
|
||
order.user = self.user
|
||
return order
|
||
end
|
||
|
||
commands = []
|
||
command_txt.each_line do |line|
|
||
line.chomp!
|
||
sline = line.strip
|
||
# skip empty lines and comments
|
||
next if sline == "" or sline[0, 1] == "#"
|
||
# stop processing when detecting message signature
|
||
break if line == "-- "
|
||
|
||
used_refs = []
|
||
cmd_parts = sline.shellsplit.collect do |word|
|
||
if =~ /^@([a-zA-Z0-9._-]+)$/
|
||
ref = $1
|
||
d_ref, d_param = dereference_param(shared_params, param)
|
||
# TODO: should add error message for attachment not found in the Command
|
||
used_refs << d_ref
|
||
d_param
|
||
else
|
||
word
|
||
end
|
||
end
|
||
|
||
commands << Command.new(sline, cmd_parts)
|
||
end
|
||
|
||
shared_params.delete_if{|ref, param| not used_refs.include?(ref) }
|
||
|
||
logger.debug "Mail OK"
|
||
mark_processed(self.signature_timestamp)
|
||
|
||
order = Order.new(true)
|
||
order.user = self.user
|
||
order.commands = commands
|
||
order.references = shared_params
|
||
order
|
||
end
|
||
|
||
def dereference_param(shared_params, param)
|
||
if param.is_a? SharedParameter
|
||
[ref, ParameterReference(ref)]
|
||
elsif param.is_a? ParameterReference
|
||
d_ref = param.reference
|
||
d_param = shared_params[d_ref]
|
||
return dereference_param(shared_params, d_param)
|
||
else
|
||
nil
|
||
end
|
||
end
|
||
|
||
def parse_signed
|
||
def process_signed
|
||
sigs_check = verify_pgp_signature()
|
||
return Order.new(false, N_("Mail not formatted correctly (signed part).")) if sigs_check.nil? or sigs_check.size != 1
|
||
return MailReport.new(:error => "Mail not formatted correctly (signed part).") if sigs_check.nil? or sigs_check.size != 1
|
||
|
||
sig_check = sigs_check.first
|
||
return Order.new(false, N_("Mail content tampered or badly signed: ") + sig_check.to_s) unless sig_check.status == 0
|
||
return MailReport.new(:error => "Mail content tampered or badly signed: " + sig_check.to_s) unless sig_check.status == 0
|
||
|
||
logger.info "Mail content was properly signed by key #{sig_check.fingerprint}"
|
||
user = Person.find_by_fingerprint(sig_check.fingerprint)
|
||
if user.nil?
|
||
order = Order.new(false, N_("Mail is from an unknown person."))
|
||
order.warn_sender = true
|
||
return order
|
||
end
|
||
return MailReport.new(:error => "Mail is from an unknown person.", :warn_sender => true) if user.nil?
|
||
|
||
logger.info "Mail is from user #{user.uid} (#{user.cn})"
|
||
self.user = user
|
||
... | ... | |
logger.debug "Signature drift time: #{drift}"
|
||
unless drift.abs < MAX_DRIFT_TIME
|
||
if drift > 0
|
||
order = Order.new(false, N_("The signature was made too long ago (check your system clock). Rejected message to avoid replay attacks."))
|
||
order.user = self.user
|
||
return MailReport.new(:error => N_("The signature was made too long ago (check your system clock). Rejected message to avoid replay attacks."), :user => user)
|
||
else
|
||
# mark message to prevent later replay of the message
|
||
mark_processed(sig_check.timestamp)
|
||
order = Order.new(false, N_("The signature was made in the future (check your system clock). Rejected message to avoid replay attacks."))
|
||
order.user = self.user
|
||
return MailReport.new(:error => N_("The signature was made in the future (check your system clock). Rejected message to avoid replay attacks."), :user => user)
|
||
end
|
||
return order
|
||
end
|
||
|
||
logger.debug "Mail OK"
|
||
mark_processed(self.signature_timestamp)
|
||
|
||
signed_content = pgp_signed_part()
|
||
|
||
# create a fake mail and chain parsing operations
|
||
... | ... | |
plain_mail.signature_timestamp = sig_check.timestamp
|
||
# propagate message_id to be able to mark messages (replay protection)
|
||
plain_mail.message_id = @mail.message_id
|
||
return plain_mail.parse
|
||
|
||
MailReport.new(:user => user, :message => plain_mail)
|
||
end
|
||
|
||
def parse_encrypted
|
||
def process_encrypted
|
||
catch :notforme do
|
||
begin
|
||
# block is not passed to delegate (limitation ?)
|
||
... | ... | |
clear_mail.user = self.user
|
||
# propagate message_id to be able to mark messages (replay protection)
|
||
clear_mail.message_id = @mail.message_id
|
||
return clear_mail.parse
|
||
return clear_mail.process
|
||
rescue GPGME::Error, NotImplementedError => e
|
||
raise CyberError.new(:unrecoverable, "protocol/mail", e.message)
|
||
end
|
||
end
|
||
|
||
Order.new(false, N_("Mail not formatted correctly (encrypted part)."))
|
||
MailReport.new(:error => "Mail not formatted correctly (encrypted part).")
|
||
end
|
||
|
||
def mark_dir
|
Also available in: Unified diff
[evol] commands management rework #2: moved command parsing out of the Mail class and created new classes to handle it