#-- # CyborgHood, a distributed system management software. # Copyright (c) 2009 Marc Dequènes (Duck) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #++ # add Rails load path for Debian, until rails framework is split properly DEB_RAILS_PATH = "/usr/share/rails" unless Object.constants.include?("DEB_RAILS_PATH") Dir.new(DEB_RAILS_PATH).each do |file| next if file =~ /^\./ path = File.join(DEB_RAILS_PATH, file, "lib") $: << path if File.directory?(path) end require 'cyborghood/base' require 'delegate' require 'tmail' require 'tmail_gpg' require 'action_mailer/quoting' require 'action_mailer/utils' require 'net/smtp' require 'fileutils' require 'digest/md5' # This class handles RFC3156 signed messages, validates them, and extract orders properly. # Encrypted content are not implemented yet. module CyborgHood class Order attr_accessor :ok, :message, :system_message, :user, :commands, :references attr_writer = :warn_sender def initialize(ok, message = nil, system_message = nil) @ok = ok @message = message @system_message = system_message end def warn_sender # send reply message if user is identified or in selected situations # (@warn_sender acts as an override) @warn_sender || @user end end class Mail < Delegator include ActionMailer::Quoting include ActionMailer::Utils include GetText MAX_DRIFT_TIME = 600 attr_accessor :user, :signature_timestamp def initialize(msg = nil) @config = Config.instance if msg.nil? @mail = TMail::Mail.new set_custom_headers elsif msg.is_a? TMail::Mail @mail = msg else # unquote headers and transform into TMail object @mail = TMail::Mail.parse(TMail::Unquoter.unquote_and_convert_to(msg, "UTF-8")) end end def __getobj__ @mail end def parse if is_marked? return Order.new(false, "Replay detected.") end return parse_signed() if is_pgp_signed? return parse_encrypted() if is_pgp_encrypted? # don't parse commands if user is not identified return parse_plain if self.user Order.new(false, "Mail not RFC3156 compliant.") end def create_reply tmail_reply = @mail.create_reply tmail_reply.from_addrs = TMail::Address.parse(@config.mail.from_address || self.to.first) reply = self.class.new(tmail_reply.to_s) reply.set_custom_headers reply.user = self.user reply end def create_simple_reject_reply(msg) reply = create_reply() reply.set_content_type("text", "plain", {'charset' => "utf-8"}) reply.set_disposition("inline") reply.quoted_printable_body = msg reply.sign reply.crypt(reply.user.keyFingerPrint) unless reply.user.nil? reply end def set_custom_headers @mail['Organization'] = @config.mail.organization end def check_headers @mail.header.keys.each do |h| @mail[h] = quote_address_if_necessary(@mail[h].to_s, "utf-8") end end def deliver check_headers smtp_server = @config.mail.smtp_server || "localhost" smtp_port = @config.mail.smtp_port || 25 smtp_from = @mail.from_addrs.collect{|a| a.address}.join(", ") smtp_to = @mail.to_addrs.collect{|a| a.address} Net::SMTP.start(smtp_server, smtp_port) do |smtp| #p @mail.to_s smtp.send_message(@mail.to_s, smtp_from, smtp_to) end end def to_s @mail.to_s end def crypt(fingerprint) @mail = @mail.create_encrypted(fingerprint) end def sign # we don't check the uid, as their is only one signer @mail = @mail.create_signed(@config.mail.key_id) do |uid_hint, passphrase_info, prev_was_bad| @config.mail.key_passphrase end end def sign_and_crypt(fingerprint) # not using sign_and_crypt(), to avoid repeating code sign() crypt(fingerprint) end def quoted_printable_body=(txt) @mail.transfer_encoding = "quoted-printable" @mail.body = [normalize_new_lines(txt)].pack("M*") end private def parse_plain command_txt = nil if multipart? if parts[0].content_type == "text/plain" command_txt = self.parts[0].body refs = self.parts.collect{|p| p.dup } end else command_txt = self.body if self.content_type == "text/plain" refs = [] end unless command_txt order = Order.new(false, N_("Mail does not contain a proper text part for commands.")) order.user = self.user return order end commands = [] command_txt.each_line do |line| line.chomp! sline = line.strip # skip empty lines and comments next if sline == "" or sline[0, 1] == "#" # stop processing when detecting message signature break if line == "-- " commands << sline end logger.debug "Mail OK" mark_processed(self.signature_timestamp) order = Order.new(true) order.user = self.user order.commands = commands order.refs = refs end def parse_signed sigs_check = verify_pgp_signature() return Order.new(false, N_("Mail not formatted correctly (signed part).")) if sigs_check.nil? or sigs_check.size != 1 sig_check = sigs_check.first return Order.new(false, N_("Mail content tampered or badly signed: ") + sig_check.to_s) unless sig_check.status == 0 logger.info "Mail content was properly signed by key #{sig_check.fingerprint}" user = Person.find_by_fingerprint(sig_check.fingerprint) if user.nil? order = Order.new(false, N_("Mail is from an unknown person.")) order.warn_sender = true return order end logger.info "Mail is from user #{user.uid} (#{user.cn})" self.user = user drift = Time.new.to_i - sig_check.timestamp.to_i logger.debug "Signature drift time: #{drift}" unless drift.abs < MAX_DRIFT_TIME if drift > 0 order = Order.new(false, N_("The signature was made too long ago (check your system clock). Rejected message to avoid replay attacks.")) order.user = self.user else # mark message to prevent later replay of the message mark_processed(sig_check.timestamp) order = Order.new(false, N_("The signature was made in the future (check your system clock). Rejected message to avoid replay attacks.")) order.user = self.user end return order end signed_content = pgp_signed_part() # create a fake mail and chain parsing operations plain_mail = self.class.new(signed_content) plain_mail.user = self.user plain_mail.signature_timestamp = sig_check.timestamp # propagate message_id to be able to mark messages (replay protection) plain_mail.message_id = @mail.message_id return plain_mail.parse end def parse_encrypted catch :notforme do begin # block is not passed to delegate (limitation ?) clear_message = @mail.pgp_decrypt do |uid_hint, passphrase_info, prev_was_bad| logger.info "Mail crypted for #{uid_hint}" # check if requesting passphrase for the expected key key_id = passphrase_info.split(" ")[1] throw :notforme if key_id != @config.mail.key_id[-(key_id.size)..-1] # sending key @config.mail.key_passphrase end # create a fake mail and chain parsing operations clear_mail = self.class.new(clear_message) clear_mail.user = self.user # propagate message_id to be able to mark messages (replay protection) clear_mail.message_id = @mail.message_id return clear_mail.parse rescue GPGME::Error, NotImplementedError => e raise CyberError.new(:unrecoverable, "protocol/mail", e.message) end end Order.new(false, N_("Mail not formatted correctly (encrypted part).")) end def mark_dir File.join(@config.work_dir, "marks") end def mark_filename File.join(mark_dir(), Digest::MD5.hexdigest(self.message_id)) end def mark_processed(time) FileUtils.mkdir_p(mark_dir()) File.open(mark_filename(), "w") do |fp| fp.write self.message_id end File.utime(Time.now.to_i, time.to_i, mark_filename()) end def is_marked? File.exists?(mark_filename()) end end end