failedNames;
for (auto att: attachments)
{
int err = 0;
const auto dispName = att->get_display_name ();
if (dispName.empty())
{
log_error ("%s:%s: Ignoring attachment without display name.",
SRCNAME, __func__);
continue;
}
wchar_t* wchar_name = utf8_to_wchar (dispName.c_str());
if (!wchar_name)
{
log_error ("%s:%s: Failed to convert '%s' to wchar.",
SRCNAME, __func__, anonstr (dispName.c_str()));
continue;
}
HANDLE hFile;
wchar_t* wchar_file = get_tmp_outfile (wchar_name,
&hFile);
if (!wchar_file)
{
log_error ("%s:%s: Failed to obtain a tmp filename for: %s",
SRCNAME, __func__, anonstr (dispName.c_str()));
err = 1;
}
if (!err && copy_attachment_to_file (att, hFile))
{
log_error ("%s:%s: Failed to copy attachment %s to temp file",
SRCNAME, __func__, anonstr (dispName.c_str()));
err = 1;
}
if (!err && add_oom_attachment (m_mailitem, wchar_file, wchar_name,
addErrStr, &addErrCode))
{
log_error ("%s:%s: Failed to add attachment: %s",
SRCNAME, __func__, anonstr (dispName.c_str()));
failedNames.push_back (dispName);
err = 1;
}
if (hFile && hFile != INVALID_HANDLE_VALUE)
{
CloseHandle (hFile);
}
if (wchar_file && !DeleteFileW (wchar_file))
{
log_error ("%s:%s: Failed to delete tmp attachment for: %s",
SRCNAME, __func__, anonstr (dispName.c_str()));
err = 1;
}
xfree (wchar_file);
xfree (wchar_name);
if (!err)
{
log_debug ("%s:%s: Added attachment '%s'",
SRCNAME, __func__, anonstr (dispName.c_str()));
err = fixup_last_attachment_o (m_mailitem, att);
}
if (err)
{
anyError = true;
}
}
if (anyError)
{
std::string msg = _("Not all attachments can be shown.\n\n"
"The hidden attachments are:");
msg += "\n";
std::string filenames;
join (failedNames, "\n", filenames);
msg += filenames;
msg += "\n\n";
if (addErrCode == 0x80004005)
{
msg += _("The mail exceeds the maximum size GpgOL "
"can handle on this server.");
}
else
{
msg += _("Reason:");
msg += " " + addErrStr;
}
gpgol_message_box (getWindow (),
msg.c_str (), _("GpgOL"), MB_OK);
}
m_disable_att_remove_warning = false;
TRETURN anyError;
}
GPGRT_LOCK_DEFINE(parser_lock);
static DWORD WINAPI
do_parsing (LPVOID arg)
{
TSTART;
gpgol_lock (&dtor_lock);
/* We lock with mail dtors so we can be sure the mail->parser
call is valid. */
Mail *mail = (Mail *)arg;
if (!Mail::isValidPtr (mail))
{
log_debug ("%s:%s: canceling parsing for: %p already deleted",
SRCNAME, __func__, arg);
gpgol_unlock (&dtor_lock);
TRETURN 0;
}
blockInv ();
/* This takes a shared ptr of parser. So the parser is
still valid when the mail is deleted. */
auto parser = mail->parser ();
gpgol_unlock (&dtor_lock);
gpgol_lock (&parser_lock);
/* We lock the parser here to avoid too many
decryption attempts if there are
multiple mailobjects which might have already
been deleted (e.g. by quick switches of the mailview.)
Let's rather be a bit slower.
*/
log_debug ("%s:%s: preparing the parser for: %p",
SRCNAME, __func__, arg);
if (!Mail::isValidPtr (mail))
{
log_debug ("%s:%s: cancel for: %p already deleted",
SRCNAME, __func__, arg);
gpgol_unlock (&parser_lock);
unblockInv();
TRETURN 0;
}
if (!parser)
{
log_error ("%s:%s: no parser found for mail: %p",
SRCNAME, __func__, arg);
gpgol_unlock (&parser_lock);
unblockInv();
TRETURN -1;
}
parser->parse();
if (!opt.sync_dec)
{
do_in_ui_thread (PARSING_DONE, arg);
}
gpgol_unlock (&parser_lock);
unblockInv();
TRETURN 0;
}
/* How encryption is done:
There are two modes of encryption. Synchronous and Async.
If async is used depends on the value of mail->async_crypt_disabled.
Synchronous crypto:
> Send Event < | State NoCryptMail
Needs Crypto ? (get_gpgol_draft_info_flags != 0)
-> No:
Pass send -> unencrypted mail.
-> Yes:
mail->update_oom_data
State = Mail::NeedsFirstAfterWrite
checkSyncCrypto_o
invoke_oom_method (m_object, "Save", NULL);
> Write Event <
Pass because is_crypto_mail is false (not a decrypted mail)
> AfterWrite Event < | State NeedsFirstAfterWrite
State = NeedsActualCrypo
encrypt_sign_start
collect_input_data
-> Check if Inline PGP should be used
do_crypt
-> Resolve keys / do crypto
State = NeedsUpdateInMAPI
update_crypt_mapi
crypter->update_mail_mapi
if (inline) (Meaning PGP/Inline)
<-- do nothing.
else
build MSOXSMIME attachment and clear body / attachments.
State = NeedsUpdateInOOM
<- Back to Send Event
update_crypt_oom
-> Cleans body or sets PGP/Inline body. (inline_body_to_body)
State = WantsSendMIME or WantsSendInline
-> Saftey check "has_crypted_or_empty_body"
-> If MIME Mail do the T3656 check.
Send.
State order for "inline_response" (sync) Mails.
NoCryptMail
NeedsFirstAfterWrite
NeedsActualCrypto
NeedsUpdateInMAPI
NeedsUpdateInOOM
WantsSendMIME (or inline for PGP Inline)
-> Send.
State order for async Mails
NoCryptMail
NeedsFirstAfterWrite
NeedsActualCrypto
-> Cancel Send.
Windowmessages -> Crypto Done
NeedsUpdateInOOM
NeedsSecondAfterWrite
trigger Save.
NeedsUpdateInMAPI
WantsSendMIME
trigger Send.
*/
static DWORD WINAPI
do_crypt (LPVOID arg)
{
TSTART;
gpgol_lock (&dtor_lock);
/* We lock with mail dtors so we can be sure the mail->parser
call is valid. */
Mail *mail = (Mail *)arg;
if (!Mail::isValidPtr (mail))
{
log_debug ("%s:%s: canceling crypt for: %p already deleted",
SRCNAME, __func__, arg);
gpgol_unlock (&dtor_lock);
TRETURN 0;
}
if (mail->cryptState () != Mail::NeedsActualCrypt)
{
log_debug ("%s:%s: invalid state %i",
SRCNAME, __func__, mail->cryptState ());
mail->enableWindow ();
gpgol_unlock (&dtor_lock);
TRETURN -1;
}
/* This takes a shared ptr of crypter. So the crypter is
still valid when the mail is deleted. */
auto crypter = mail->cryper ();
gpgol_unlock (&dtor_lock);
if (!crypter)
{
log_error ("%s:%s: no crypter found for mail: %p",
SRCNAME, __func__, arg);
gpgol_unlock (&parser_lock);
mail->enableWindow ();
TRETURN -1;
}
GpgME::Error err;
std::string diag;
int rc = crypter->do_crypto(err, diag);
gpgol_lock (&dtor_lock);
if (!Mail::isValidPtr (mail))
{
log_debug ("%s:%s: aborting crypt for: %p already deleted",
SRCNAME, __func__, arg);
gpgol_unlock (&dtor_lock);
TRETURN 0;
}
mail->enableWindow ();
if (rc == -1 || err)
{
mail->resetCrypter ();
crypter = nullptr;
if (err)
{
char *buf = nullptr;
gpgrt_asprintf (&buf, _("Crypto operation failed:\n%s"),
err.asString());
std::string msg = buf;
memdbg_alloc (buf);
xfree (buf);
if (!diag.empty())
{
msg += "\n\n";
msg += _("Diagnostics");
msg += ":\n";
msg += diag;
}
gpgol_message_box (mail->getWindow (), msg.c_str (),
_("GpgOL"), MB_OK);
}
else
{
gpgol_bug (mail->getWindow (),
ERR_CRYPT_RESOLVER_FAILED);
}
}
if (rc || err.isCanceled())
{
log_debug ("%s:%s: crypto failed for: %p with: %i err: %i",
SRCNAME, __func__, arg, rc, err.code());
mail->setCryptState (Mail::NoCryptMail);
mail->setIsDraftEncrypt (false);
mail->resetCrypter ();
crypter = nullptr;
gpgol_unlock (&dtor_lock);
TRETURN rc;
}
if (!mail->isAsyncCryptDisabled ())
{
mail->setCryptState (Mail::NeedsUpdateInOOM);
gpgol_unlock (&dtor_lock);
// This deletes the Mail in Outlook 2010
do_in_ui_thread (CRYPTO_DONE, arg);
log_debug ("%s:%s: UI thread finished for %p",
SRCNAME, __func__, arg);
}
else if (mail->isDraftEncrypt ())
{
mail->setCryptState (Mail::NeedsUpdateInMAPI);
mail->updateCryptMAPI_m ();
mail->setIsDraftEncrypt (false);
mail->setCryptState (Mail::NoCryptMail);
log_debug ("%s:%s: Synchronous draft encrypt finished for %p",
SRCNAME, __func__, arg);
gpgol_unlock (&dtor_lock);
}
else
{
mail->setCryptState (Mail::NeedsUpdateInMAPI);
mail->updateCryptMAPI_m ();
if (mail->cryptState () == Mail::WantsSendMIME)
{
// For sync crypto we need to switch this.
mail->setCryptState (Mail::NeedsUpdateInOOM);
}
else
{
// A bug!
log_debug ("%s:%s: Resetting crypter because of state mismatch. %p",
SRCNAME, __func__, arg);
crypter = nullptr;
mail->resetCrypter ();
}
gpgol_unlock (&dtor_lock);
}
/* This works around a bug in pinentry that it might
bring the wrong window to front. So after encryption /
signing we bring outlook back to front.
See GnuPG-Bug-Id: T3732
*/
do_in_ui_thread_async (BRING_TO_FRONT, nullptr, 250);
log_debug ("%s:%s: crypto thread for %p finished",
SRCNAME, __func__, arg);
TRETURN 0;
}
bool
Mail::isCryptoMail () const
{
TSTART;
if (m_type == MSGTYPE_UNKNOWN || m_type == MSGTYPE_GPGOL ||
m_type == MSGTYPE_SMIME)
{
/* Not a message for us. */
TRETURN false;
}
TRETURN true;
}
int
Mail::decryptVerify_o ()
{
TSTART;
if (!isCryptoMail ())
{
log_debug ("%s:%s: Decrypt Verify for non crypto mail: %p.",
SRCNAME, __func__, m_mailitem);
TRETURN 0;
}
m_decrypt_again = false;
if (isSMIME_m ())
{
LPMESSAGE oom_message = get_oom_message (m_mailitem);
if (oom_message)
{
char *old_class = mapi_get_old_message_class (oom_message);
char *current_class = mapi_get_message_class (oom_message);
if (current_class)
{
/* Store our own class for an eventual close */
m_gpgol_class = current_class;
xfree (current_class);
current_class = nullptr;
}
if (old_class)
{
const char *new_class = old_class;
/* Workaround that our own class might be the original */
if (!strcmp (old_class, "IPM.Note.GpgOL.OpaqueEncrypted"))
{
new_class = "IPM.Note.SMIME";
}
else if (!strcmp (old_class, "IPM.Note.GpgOL.MultipartSigned"))
{
new_class = "IPM.Note.SMIME.MultipartSigned";
}
log_debug ("%s:%s:Restoring message class to %s in decverify.",
SRCNAME, __func__, new_class);
put_oom_string (m_mailitem, "MessageClass", new_class);
xfree (old_class);
setPassWrite (true);
/* Sync to MAPI */
invoke_oom_method (m_mailitem, "Save", nullptr);
setPassWrite (false);
}
gpgol_release (oom_message);
}
}
check_html_preferred ();
auto cipherstream = get_attachment_stream_o (m_mailitem, m_moss_position);
if (!cipherstream)
{
m_is_junk = is_junk_mail (m_mailitem);
if (m_is_junk)
{
log_debug ("%s:%s: Detected: %p as junk",
SRCNAME, __func__, m_mailitem);
auto mngr = CategoryManager::instance ();
m_store_id = mngr->addCategoryToMail (this,
CategoryManager::getJunkMailCategory (),
3 /* peach */);
installFolderEventHandler_o ();
TRETURN 0;
}
log_debug ("%s:%s: Failed to get cipherstream. Aborting handling.",
SRCNAME, __func__);
m_type = MSGTYPE_UNKNOWN;
TRETURN 1;
}
setUUID_o ();
m_processed = true;
m_pass_write = false;
/* Insert placeholder */
char *placeholder_buf = nullptr;
if (m_type == MSGTYPE_GPGOL_WKS_CONFIRMATION)
{
gpgrt_asprintf (&placeholder_buf, opt.prefer_html ? decrypt_template_html :
decrypt_template,
"OpenPGP",
_("Pubkey directory confirmation"),
_("This is a confirmation request to publish your Pubkey in the "
"directory for your domain.\n\n"
"If you did not request to publish your Pubkey in your providers "
"directory, simply ignore this message.
\n"));
}
else if (gpgrt_asprintf (&placeholder_buf, opt.prefer_html ? decrypt_template_html :
decrypt_template,
isSMIME_m () ? "S/MIME" : "OpenPGP",
_("message"),
_("Please wait while the message is being decrypted / verified...")) == -1)
{
log_error ("%s:%s: Failed to format placeholder.",
SRCNAME, __func__);
TRETURN 1;
}
if (opt.prefer_html)
{
char *tmp = get_oom_string (m_mailitem, "HTMLBody");
if (!tmp)
{
TRACEPOINT;
TRETURN 1;
}
m_orig_body = tmp;
xfree (tmp);
if (put_oom_string (m_mailitem, "HTMLBody", placeholder_buf))
{
log_error ("%s:%s: Failed to modify html body of item.",
SRCNAME, __func__);
}
put_oom_int (m_mailitem, "BodyFormat", 2);
}
else
{
char *tmp = get_oom_string (m_mailitem, "Body");
if (!tmp)
{
TRACEPOINT;
TRETURN 1;
}
m_orig_body = tmp;
xfree (tmp);
if (put_oom_string (m_mailitem, "Body", placeholder_buf))
{
log_error ("%s:%s: Failed to modify body of item.",
SRCNAME, __func__);
}
put_oom_int (m_mailitem, "BodyFormat", 1);
}
memdbg_alloc (placeholder_buf);
xfree (placeholder_buf);
if (m_type == MSGTYPE_GPGOL_WKS_CONFIRMATION)
{
WKSHelper::instance ()->handle_confirmation_read (this, cipherstream);
TRETURN 0;
}
m_parser = std::shared_ptr (new ParseController (cipherstream, m_type));
m_parser->setSender(GpgME::UserID::addrSpecFromString(getSender_o ().c_str()));
if (opt.autoimport)
{
/* Handle autocrypt header. As we want to have the import
of the header in the same thread as the parser we leave it
to the parser. */
auto message = MAKE_SHARED (get_oom_message (m_mailitem));
if (!message)
{
/* Hmmm */
STRANGEPOINT;
}
else
{
autocrypt_s ainfo;
if (!mapi_get_header_info ((LPMESSAGE)message.get(), ainfo))
{
STRANGEPOINT;
}
else if (ainfo.exists)
{
m_parser->setAutocryptInfo (ainfo);
}
}
}
log_data ("%s:%s: Parser for \"%s\" is %p",
SRCNAME, __func__, getSubject_o ().c_str(), m_parser.get());
gpgol_release (cipherstream);
/* Printing happens in two steps. First a Mail is loaded after the
BeforePrint event, then it is loaded a second time when the actual print
happens. We have to catch both. */
if (!m_printing)
{
m_printing = checkIfMailIsChildOfPrintMail_o ();
}
if (!opt.sync_dec && !m_printing)
{
HANDLE parser_thread = CreateThread (NULL, 0, do_parsing, (LPVOID) this, 0,
NULL);
if (!parser_thread)
{
log_error ("%s:%s: Failed to create decrypt / verify thread.",
SRCNAME, __func__);
}
CloseHandle (parser_thread);
TRETURN 0;
}
else
{
/* Parse synchronously */
do_parsing ((LPVOID) this);
parsing_done ();
TRETURN 0;
}
}
void find_and_replace(std::string& source, const std::string &find,
const std::string &replace)
{
TSTART;
for(std::string::size_type i = 0; (i = source.find(find, i)) != std::string::npos;)
{
source.replace(i, find.length(), replace);
i += replace.length();
}
TRETURN;
}
static void
set_body (LPDISPATCH item, const std::string &plain, const std::string &html)
{
if (opt.prefer_html && !html.empty())
{
if (put_oom_string (item, "HTMLBody", html.c_str ()))
{
log_error ("%s:%s: Failed to modify html body of item.",
SRCNAME, __func__);
if (!plain.empty ())
{
if (put_oom_string (item, "Body", plain.c_str ()))
{
log_error ("%s:%s: Failed to put plaintext into body of item.",
SRCNAME, __func__);
}
put_oom_int (item, "BodyFormat", 1);
}
else
{
if (put_oom_string (item, "HTMLBody", plain.c_str ()))
{
log_error ("%s:%s: Failed to put plaintext into html of item.",
SRCNAME, __func__);
}
put_oom_int (item, "BodyFormat", 2);
}
}
else
{
put_oom_int (item, "BodyFormat", 2);
}
}
else if (!plain.empty ())
{
if (put_oom_string (item, "Body", plain.c_str ()))
{
log_error ("%s:%s: Failed to put plaintext into body of item.",
SRCNAME, __func__);
}
put_oom_int (item, "BodyFormat", 1);
}
}
void
Mail::updateBody_o ()
{
TSTART;
if (!m_parser)
{
TRACEPOINT;
TRETURN;
}
const auto error = m_parser->get_formatted_error ();
if (!error.empty())
{
set_body (m_mailitem, error, error);
TRETURN;
}
if (m_verify_result.error())
{
log_error ("%s:%s: Verification failed. Restoring Body.",
SRCNAME, __func__);
set_body (m_mailitem, m_orig_body, m_orig_body);
TRETURN;
}
// No need to carry body anymore
m_orig_body = std::string();
auto html = m_parser->get_html_body ();
auto body = m_parser->get_body ();
/** Outlook does not show newlines if \r\r\n is a newline. We replace
these as apparently some other buggy MUA sends this. */
find_and_replace (html, "\r\r\n", "\r\n");
if (opt.prefer_html && !html.empty())
{
if (!m_block_html)
{
const auto charset = m_parser->get_html_charset();
int codepage = 0;
if (charset.empty())
{
codepage = get_oom_int (m_mailitem, "InternetCodepage");
log_debug ("%s:%s: Did not find html charset."
" Using internet Codepage %i.",
SRCNAME, __func__, codepage);
}
char *converted = ansi_charset_to_utf8 (charset.c_str(), html.c_str(),
html.size(), codepage);
TRACEPOINT;
int ret = put_oom_string (m_mailitem, "HTMLBody", converted ?
converted : "");
xfree (converted);
put_oom_int (m_mailitem, "BodyFormat", 2);
TRACEPOINT;
if (ret)
{
log_error ("%s:%s: Failed to modify html body of item.",
SRCNAME, __func__);
}
TRETURN;
}
else if (!body.empty())
{
/* We had a multipart/alternative mail but html should be
blocked. So we prefer the text/plain part and warn
once about this so that we hopefully don't get too
many bugreports about this. */
if (!opt.smime_html_warn_shown)
{
std::string caption = _("GpgOL") + std::string (": ") +
std::string (_("HTML display disabled."));
std::string buf = _("HTML content in unsigned S/MIME mails "
"is insecure.");
buf += "\n";
buf += _("GpgOL will only show such mails as text.");
buf += "\n\n";
buf += _("This message is shown only once.");
gpgol_message_box (getWindow (), buf.c_str(), caption.c_str(),
MB_OK);
opt.smime_html_warn_shown = true;
write_options ();
}
}
}
if (body.empty () && m_block_html && !html.empty())
{
#if 0
Sadly the following code still offers to load external references
it might also be too dangerous if Outlook somehow autoloads the
references as soon as the Body is put into HTML
// Fallback to show HTML as plaintext if HTML display
// is blocked.
log_error ("%s:%s: No text body. Putting HTML into plaintext.",
SRCNAME, __func__);
char *converted = ansi_charset_to_utf8 (m_parser->get_html_charset().c_str(),
html.c_str(), html.size());
int ret = put_oom_string (m_mailitem, "HTMLBody", converted ? converted : "");
xfree (converted);
if (ret)
{
log_error ("%s:%s: Failed to modify html body of item.",
SRCNAME, __func__);
body = html;
}
else
{
char *plainBody = get_oom_string (m_mailitem, "Body");
if (!plainBody)
{
log_error ("%s:%s: Failed to obtain converted plain body.",
SRCNAME, __func__);
body = html;
}
else
{
ret = put_oom_string (m_mailitem, "HTMLBody", plainBody);
xfree (plainBody);
if (ret)
{
log_error ("%s:%s: Failed to put plain into html body of item.",
SRCNAME, __func__);
body = html;
}
else
{
TRETURN;
}
}
}
#endif
body = html;
std::string caption = _("GpgOL") + std::string (": ") +
std::string (_("HTML display disabled."));
std::string buf = _("HTML content in unsigned S/MIME mails "
"is insecure.");
buf += "\n";
buf += _("GpgOL will only show such mails as text.");
buf += "\n\n";
buf += _("Please ask the sender to sign the message or\n"
"to send it with a plain text alternative.");
gpgol_message_box (getWindow (), buf.c_str(), caption.c_str(),
MB_OK);
}
find_and_replace (body, "\r\r\n", "\r\n");
const auto plain_charset = m_parser->get_body_charset();
int codepage = 0;
if (plain_charset.empty())
{
codepage = get_oom_int (m_mailitem, "InternetCodepage");
log_debug ("%s:%s: Did not find body charset. "
"Using internet Codepage %i.",
SRCNAME, __func__, codepage);
}
char *converted = ansi_charset_to_utf8 (plain_charset.c_str(),
body.c_str(), body.size(),
codepage);
TRACEPOINT;
int ret = put_oom_string (m_mailitem, "Body", converted ? converted : "");
put_oom_int (m_mailitem, "BodyFormat", 1);
TRACEPOINT;
xfree (converted);
if (ret)
{
log_error ("%s:%s: Failed to modify body of item.",
SRCNAME, __func__);
}
TRETURN;
}
+void
+Mail::updateHeaders_o ()
+{
+ TSTART;
+ if (!m_parser)
+ {
+ STRANGEPOINT;
+ TRETURN;
+ }
+
+ const auto subject = m_parser->get_protected_header ("Subject");
+ if (!subject.empty ())
+ {
+ put_oom_string (m_mailitem, "Subject", subject.c_str ());
+ }
+
+ const auto to = m_parser->get_protected_header ("To");
+ if (!to.empty())
+ {
+ put_oom_string (m_mailitem, "To", to.c_str ());
+ }
+
+ const auto cc = m_parser->get_protected_header ("Cc");
+ if (!cc.empty())
+ {
+ put_oom_string (m_mailitem, "CC", cc.c_str ());
+ }
+
+ /* TODO: What about Date ? */
+
+ const auto reply_to = m_parser->get_protected_header ("Reply-To");
+ const auto followup_to = m_parser->get_protected_header ("Followup-To");
+ if (!reply_to.empty () || !followup_to.empty())
+ {
+ auto recipients = MAKE_SHARED (get_oom_object (m_mailitem, "ReplyRecipents"));
+ if (recipients)
+ {
+ if (!reply_to.empty ())
+ {
+ invoke_oom_method_with_string (recipients.get (), "Add",
+ reply_to.c_str ());
+ }
+ if (!followup_to.empty ())
+ {
+ invoke_oom_method_with_string (recipients.get (), "Add",
+ followup_to.c_str ());
+ }
+ }
+ }
+
+ const auto from = m_parser->get_protected_header ("From");
+ if (!from.empty ())
+ {
+ LPDISPATCH sender = get_oom_object (m_mailitem, "Sender");
+ if (!sender)
+ {
+ log_debug ("%s:%s: Sender not found. From not set.", SRCNAME, __func__);
+ TRETURN;
+ }
+
+ /* Declare that the address is SMTP */
+ put_oom_int (sender, "AddressEntryUserType", 30);
+ const auto mail_start = from.find (" <");
+ if (mail_start == std::string::npos)
+ {
+ put_oom_string (sender, "Address", from.c_str ());
+ put_oom_string (sender, "Name", "");
+ }
+ else
+ {
+ put_oom_string (sender, "Address",
+ GpgME::UserID::addrSpecFromString (from.c_str ()).c_str ());
+ put_oom_string (sender, "Name", from.substr (0,
+ mail_start).c_str ());
+ }
+ gpgol_release (sender);
+ }
+}
+
static int parsed_count;
void
Mail::parsing_done()
{
TSTART;
TRACEPOINT;
log_oom ("Mail %p Parsing done for parser num %i: %p",
this, parsed_count++, m_parser.get());
if (!m_parser)
{
/* This should not happen but it happens when outlook
sends multiple ItemLoad events for the same Mail
Object. In that case it could happen that one
parser was already done while a second is now
returning for the wrong mail (as it's looked up
by uuid.)
We have a check in get_uuid that the uuid was
not in the map before (and the parser is replaced).
So this really really should not happen. We
handle it anyway as we crash otherwise.
It should not happen because the parser is only
created in decrypt_verify which is called in the
read event. And even in there we check if the parser
was set.
*/
log_error ("%s:%s: No parser obj. For mail: %p",
SRCNAME, __func__, this);
TRETURN;
}
/* Store the results. */
m_decrypt_result = m_parser->decrypt_result ();
m_verify_result = m_parser->verify_result ();
- const auto subject = m_parser->get_internal_subject ();
- if (!subject.empty ())
- {
- put_oom_string (m_mailitem, "Subject", subject.c_str ());
- }
+ /* Handle protected headers */
+ updateHeaders_o ();
+
m_crypto_flags = 0;
if (!m_decrypt_result.isNull())
{
m_crypto_flags |= 1;
}
if (m_verify_result.numSignatures())
{
m_crypto_flags |= 2;
}
TRACEPOINT;
updateSigstate ();
m_needs_wipe = !m_is_send_again;
TRACEPOINT;
/* Set categories according to the result. */
updateCategories_o ();
TRACEPOINT;
m_block_html = m_parser->shouldBlockHtml ();
if (m_block_html)
{
// Just to be careful.
setBlockStatus_m ();
}
TRACEPOINT;
/* Update the body */
updateBody_o ();
TRACEPOINT;
/* When printing we have already shown the warning. So we
should not show it again but silently remove any attachments
that are not hidden before our add_attachments. This
also fixes an issue that when printing sometimes the
child mails which are created for preview and print already
have the decrypted attachments. */
checkAttachments_o (isPrint ());
/* Update attachments */
if (add_attachments_o (m_parser->get_attachments()))
{
log_error ("%s:%s: Failed to update attachments.",
SRCNAME, __func__);
}
if (m_is_send_again)
{
log_debug ("%s:%s: I think that this is the send again of a crypto mail.",
SRCNAME, __func__);
/* We no longer want to be treated like a crypto mail. */
m_type = MSGTYPE_UNKNOWN;
LPMESSAGE msg = get_oom_base_message (m_mailitem);
if (!msg)
{
TRACEPOINT;
}
else
{
set_gpgol_draft_info_flags (msg, m_crypto_flags);
gpgol_release (msg);
}
removeOurAttachments_o ();
}
installFolderEventHandler_o ();
log_debug ("%s:%s: Delayed invalidate to update sigstate.",
SRCNAME, __func__);
CloseHandle(CreateThread (NULL, 0, delayed_invalidate_ui, (LPVOID) 300, 0,
NULL));
TRACEPOINT;
TRETURN;
}
int
Mail::encryptSignStart_o ()
{
TSTART;
if (m_crypt_state != NeedsActualCrypt)
{
log_debug ("%s:%s: invalid state %i",
SRCNAME, __func__, m_crypt_state);
TRETURN -1;
}
int flags = 0;
if (!needs_crypto_m ())
{
TRETURN 0;
}
LPMESSAGE message = get_oom_base_message (m_mailitem);
if (!message)
{
log_error ("%s:%s: Failed to get base message.",
SRCNAME, __func__);
TRETURN -1;
}
flags = get_gpgol_draft_info_flags (message);
gpgol_release (message);
const auto window = get_active_hwnd ();
if (m_is_gsuite)
{
auto att_table = mapi_create_attach_table (message, 0);
int n_att_usable = count_usable_attachments (att_table);
mapi_release_attach_table (att_table);
/* Check for attachments if we have some abort. */
if (n_att_usable)
{
wchar_t *w_title = utf8_to_wchar (_(
"GpgOL: Oops, G Suite Sync account detected"));
wchar_t *msg = utf8_to_wchar (
_("G Suite Sync breaks outgoing crypto mails "
"with attachments.\nUsing crypto and attachments "
"with G Suite Sync is not supported.\n\n"
"See: https://dev.gnupg.org/T3545 for details."));
MessageBoxW (window,
msg,
w_title,
MB_ICONINFORMATION|MB_OK);
xfree (msg);
xfree (w_title);
TRETURN -1;
}
}
m_do_inline = m_is_draft_encrypt ? false :
m_is_gsuite ? true : opt.inline_pgp;
GpgME::Protocol proto = opt.enable_smime ? GpgME::UnknownProtocol: GpgME::OpenPGP;
m_crypter = std::shared_ptr (new CryptController (this, flags & 1,
flags & 2,
proto));
// Careful from here on we have to check every
// error condition with window enabling again.
disableWindow_o ();
if (m_crypter->collect_data ())
{
log_error ("%s:%s: Crypter for mail %p failed to collect data.",
SRCNAME, __func__, this);
enableWindow ();
TRETURN -1;
}
if (!m_async_crypt_disabled)
{
CloseHandle(CreateThread (NULL, 0, do_crypt,
(LPVOID) this, 0,
NULL));
}
else
{
log_debug ("%s:%s: Starting sync crypt",
SRCNAME, __func__);
do_crypt (this);
}
TRETURN 0;
}
int
Mail::needs_crypto_m () const
{
TSTART;
LPMESSAGE message = get_oom_message (m_mailitem);
int ret;
if (!message)
{
log_error ("%s:%s: Failed to get message.",
SRCNAME, __func__);
TRETURN false;
}
ret = get_gpgol_draft_info_flags (message);
gpgol_release(message);
TRETURN ret;
}
int
Mail::wipe_o (bool force)
{
TSTART;
if (!m_needs_wipe && !force)
{
TRETURN 0;
}
log_debug ("%s:%s: Removing plaintext from mailitem: %p.",
SRCNAME, __func__, m_mailitem);
if (put_oom_string (m_mailitem, "HTMLBody",
""))
{
if (put_oom_string (m_mailitem, "Body",
""))
{
log_debug ("%s:%s: Failed to wipe mailitem: %p.",
SRCNAME, __func__, m_mailitem);
TRETURN -1;
}
TRETURN -1;
}
else
{
put_oom_string (m_mailitem, "Body", "");
}
m_needs_wipe = false;
TRETURN 0;
}
int
Mail::updateOOMData_o (bool for_encryption)
{
TSTART;
char *buf = nullptr;
log_debug ("%s:%s", SRCNAME, __func__);
for_encryption |= !isCryptoMail();
if (for_encryption)
{
/* Update the body format. */
m_is_html_alternative = get_oom_int (m_mailitem, "BodyFormat") > 1;
/* Store the body. It was not obvious for me (aheinecke) how
to access this through MAPI. */
if (m_is_html_alternative)
{
log_debug ("%s:%s: Is html alternative mail.", SRCNAME, __func__);
xfree (m_cached_html_body);
m_cached_html_body = get_oom_string (m_mailitem, "HTMLBody");
}
xfree (m_cached_plain_body);
m_cached_plain_body = get_oom_string (m_mailitem, "Body");
m_cached_recipients = getRecipients_o ();
}
else
{
/* This is the case where we are reading a mail and not composing.
When composing we need to use the SendUsingAccount because if
you send from the folder of userA but change the from to userB
outlook will keep the SenderEmailAddress of UserA. This is all
so horrible. */
buf = get_sender_SenderEMailAddress (m_mailitem);
if (!buf)
{
/* Try the sender Object */
buf = get_sender_Sender (m_mailitem);
}
/* We also want to cache sent representing email address so that
we can use it for verification information. */
char *buf2 = get_sender_SentRepresentingAddress (m_mailitem);
if (buf2)
{
m_sent_on_behalf = buf2;
xfree (buf2);
}
}
if (!buf)
{
buf = get_sender_SendUsingAccount (m_mailitem, &m_is_gsuite);
}
if (!buf && !isCryptoMail ())
{
/* Try the sender Object */
buf = get_sender_Sender (m_mailitem);
}
if (!buf)
{
/* We don't have s sender object or SendUsingAccount,
well, in that case fall back to the current user. */
buf = get_sender_CurrentUser (m_mailitem);
}
if (!buf)
{
log_debug ("%s:%s: All fallbacks failed.",
SRCNAME, __func__);
TRETURN -1;
}
m_sender = buf;
xfree (buf);
TRETURN 0;
}
std::string
Mail::getSender_o ()
{
TSTART;
if (m_sender.empty())
updateOOMData_o ();
TRETURN m_sender;
}
std::string
Mail::getSender () const
{
TSTART;
TRETURN m_sender;
}
int
Mail::closeAllMails_o ()
{
TSTART;
int err = 0;
/* Detach Folder sinks */
for (auto fit = s_folder_events_map.begin(); fit != s_folder_events_map.end(); ++fit)
{
detach_FolderEvents_sink (fit->second);
gpgol_release (fit->second);
}
s_folder_events_map.clear();
std::map::iterator it;
TRACEPOINT;
gpgol_lock (&mail_map_lock);
std::map mail_map_copy = s_mail_map;
gpgol_unlock (&mail_map_lock);
for (it = mail_map_copy.begin(); it != mail_map_copy.end(); ++it)
{
/* XXX For non racy code the is_valid_ptr check should not
be necessary but we crashed sometimes closing a destroyed
mail. */
if (!isValidPtr (it->second))
{
log_debug ("%s:%s: Already deleted mail for %p",
SRCNAME, __func__, it->first);
continue;
}
if (!it->second->isCryptoMail ())
{
continue;
}
bool close_failed = false;
if (closeInspector_o (it->second))
{
log_error ("%s:%s: Failed to close mail inspector: %p ",
SRCNAME, __func__, it->first);
close_failed = true;
}
if (isValidPtr (it->second))
{
log_debug ("%s:%s: Inspector closed for %p closing object.",
SRCNAME, __func__, it->first);
if (it->second->close ())
{
log_error ("%s:%s: Failed to close mail itself: %p ",
SRCNAME, __func__, it->first);
close_failed = true;
}
}
else
{
log_debug ("%s:%s: Mail gone after inspector close.",
SRCNAME, __func__);
close_failed = false;
}
/* Beware: The close code removes our Plaintext from the
Outlook Object Model and temporary MAPI. If there
is an error we might put Plaintext into permanent
storage and leak it to the server. So we have
an extra safeguard below. The revert is likely
to fail if close and closeInspector fails but
to guard against a bug in our close code we
try it anyway as revert will also try to remove
the plaintext from memory and restore the original
message. */
if (close_failed)
{
if (isValidPtr (it->second) && it->second->revert_o ())
{
err++;
}
}
}
TRETURN err;
}
int
Mail::revertAllMails_o ()
{
TSTART;
int err = 0;
std::map::iterator it;
gpgol_lock (&mail_map_lock);
auto mail_map_copy = s_mail_map;
gpgol_unlock (&mail_map_lock);
for (it = mail_map_copy.begin(); it != mail_map_copy.end(); ++it)
{
if (it->second->revert_o ())
{
log_error ("Failed to revert mail: %p ", it->first);
err++;
continue;
}
it->second->setNeedsSave (true);
if (!invoke_oom_method (it->first, "Save", NULL))
{
log_error ("Failed to save reverted mail: %p ", it->second);
err++;
continue;
}
}
TRETURN err;
}
int
Mail::wipeAllMails_o ()
{
TSTART;
int err = 0;
std::map::iterator it;
gpgol_lock (&mail_map_lock);
auto mail_map_copy = s_mail_map;
gpgol_unlock (&mail_map_lock);
for (it = mail_map_copy.begin(); it != mail_map_copy.end(); ++it)
{
if (it->second->wipe_o ())
{
log_error ("Failed to wipe mail: %p ", it->first);
err++;
}
}
TRETURN err;
}
int
Mail::revert_o ()
{
TSTART;
int err = 0;
if (!m_processed)
{
TRETURN 0;
}
m_disable_att_remove_warning = true;
err = gpgol_mailitem_revert (m_mailitem);
if (err == -1)
{
log_error ("%s:%s: Message revert failed falling back to wipe.",
SRCNAME, __func__);
TRETURN wipe_o ();
}
/* We need to reprocess the mail next time around. */
m_processed = false;
m_needs_wipe = false;
m_disable_att_remove_warning = false;
TRETURN 0;
}
bool
Mail::isSMIME_m ()
{
TSTART;
msgtype_t msgtype;
LPMESSAGE message;
if (m_is_smime_checked)
{
TRETURN m_is_smime;
}
message = get_oom_message (m_mailitem);
if (!message)
{
log_error ("%s:%s: No message?",
SRCNAME, __func__);
TRETURN false;
}
msgtype = mapi_get_message_type (message);
m_is_smime = msgtype == MSGTYPE_GPGOL_OPAQUE_ENCRYPTED ||
msgtype == MSGTYPE_GPGOL_OPAQUE_SIGNED ||
msgtype == MSGTYPE_SMIME;
/* Check if it is an smime mail. Multipart signed can
also be true. */
if (!m_is_smime && msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED)
{
char *proto;
char *ct = mapi_get_message_content_type (message, &proto, NULL);
if (ct && proto)
{
m_is_smime = (!strcmp (proto, "application/pkcs7-signature") ||
!strcmp (proto, "application/x-pkcs7-signature"));
}
else
{
log_error ("%s:%s: No protocol in multipart / signed mail.",
SRCNAME, __func__);
}
xfree (proto);
xfree (ct);
}
gpgol_release (message);
m_is_smime_checked = true;
log_debug ("%s:%s: Detected %s mail",
SRCNAME, __func__,
m_is_smime ? "S/MIME" : "not S/MIME");
TRETURN m_is_smime;
}
static std::string
get_string_o (LPDISPATCH item, const char *str)
{
TSTART;
char *buf = get_oom_string (item, str);
if (!buf)
{
TRETURN std::string();
}
std::string ret = buf;
xfree (buf);
TRETURN ret;
}
std::string
Mail::getSubject_o () const
{
TSTART;
TRETURN get_string_o (m_mailitem, "Subject");
}
std::string
Mail::getBody_o () const
{
TSTART;
TRETURN get_string_o (m_mailitem, "Body");
}
std::vector
Mail::getRecipients_o () const
{
TSTART;
LPDISPATCH recipients = get_oom_object (m_mailitem, "Recipients");
if (!recipients)
{
TRACEPOINT;
std::vector();
}
bool err = false;
auto ret = get_oom_recipients (recipients, &err);
gpgol_release (recipients);
if (err)
{
log_debug ("%s:%s: Failed to resolve recipients at this time.",
SRCNAME, __func__);
}
TRETURN ret;
}
int
Mail::closeInspector_o (Mail *mail)
{
TSTART;
LPDISPATCH inspector = get_oom_object (mail->item(), "GetInspector");
HRESULT hr;
DISPID dispid;
if (!inspector)
{
log_debug ("%s:%s: No inspector.",
SRCNAME, __func__);
TRETURN -1;
}
dispid = lookup_oom_dispid (inspector, "Close");
if (dispid != DISPID_UNKNOWN)
{
VARIANT aVariant[1];
DISPPARAMS dispparams;
dispparams.rgvarg = aVariant;
dispparams.rgvarg[0].vt = VT_INT;
dispparams.rgvarg[0].intVal = 1;
dispparams.cArgs = 1;
dispparams.cNamedArgs = 0;
hr = inspector->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT,
DISPATCH_METHOD, &dispparams,
NULL, NULL, NULL);
if (hr != S_OK)
{
log_debug ("%s:%s: Failed to close inspector: %#lx",
SRCNAME, __func__, hr);
gpgol_release (inspector);
TRETURN -1;
}
}
gpgol_release (inspector);
TRETURN 0;
}
int
Mail::close (bool restoreSMIMEClass)
{
TSTART;
wm_after_move_data_t *move_data = nullptr;
VARIANT aVariant[1];
DISPPARAMS dispparams;
dispparams.rgvarg = aVariant;
dispparams.rgvarg[0].vt = VT_INT;
dispparams.rgvarg[0].intVal = 1;
dispparams.cArgs = 1;
dispparams.cNamedArgs = 0;
if (isSMIME_m ())
{
LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments");
LPMESSAGE mapi_msg = get_oom_message (m_mailitem);
if (!mapi_msg)
{
log_error ("%s:%s:Failed to obtain mapi message for %p on close.",
SRCNAME, __func__, m_mailitem);
}
if (m_gpgol_class.empty())
{
log_debug ("%s:%s: GpgOL Class empty for S/MIME Mail.",
SRCNAME, __func__);
}
/* This is strangely important. Because Outlook apparently treats
* S/MIME Mails differently we need to change our message class
* here again so that discard changes works properly. */
if (mapi_msg && !m_gpgol_class.empty ())
{
char *current = mapi_get_message_class (mapi_msg);
if (current && strcmp (current, m_gpgol_class.c_str ()))
{
log_debug ("%s:%s:Setting message class to %s on close.",
SRCNAME, __func__, m_gpgol_class.c_str ());
mapi_set_mesage_class (mapi_msg, m_gpgol_class.c_str ());
if (restoreSMIMEClass)
{
/* After the close we need to change the message class back
again so as to not break compatibility with other clients. */
move_data = (wm_after_move_data_t *)
xmalloc (sizeof (wm_after_move_data_t));
size_t entryIDLen = 0;
char *entryID = nullptr;
entryID = mapi_get_binary_prop (mapi_msg, PR_ENTRYID,
&entryIDLen);
LPDISPATCH folder = get_oom_object (m_mailitem, "Parent");
if (folder)
{
char *name = get_object_name ((LPUNKNOWN) folder);
if (!name || strcmp (name, "MAPIFolder"))
{
log_error ("%s:%s: Failed to obtain folder on close object is %s",
SRCNAME, __func__, name ? name : "(null)");
}
else
{
xfree (name);
move_data->target_folder = (LPMAPIFOLDER) get_oom_iunknown (
folder, "MAPIOBJECT");
if (!move_data->target_folder)
{
log_error ("%s:%s: Failed to obtain target folder.",
SRCNAME, __func__);
xfree (entryID);
xfree (current);
xfree (move_data);
move_data = nullptr;
}
else
{
memdbg_addRef (move_data->target_folder);
}
}
}
move_data->entry_id = entryID;
move_data->entry_id_len = entryIDLen;
move_data->old_class = current;
}
}
}
if (attachments)
{
int count = get_oom_int (attachments, "Count");
gpgol_release (attachments);
if (count)
{
/* On exchange Outlook sometimes detects that an S/MIME mail
* is an S/MIME Mail. When this mail is then modified by
* us and the mail should be moved or closed Outlook will try
* to save it. This fails and the user gets an error.
*
* So we save here, which should not be dangerous as we do not
* put plaintext in mapi.
*
* Still better only do it if it is really
* necessary as the changed message class can hurt.
*
* Tests show no plaintext leaks. The save saves the
* message class and in that way outlook no longer
* thinks the mails are S/MIME mails and we can
* use our own handling. See T4525
*/
removeCategories_o ();
HRESULT hr = 0;
if (mapi_msg)
{
log_debug ("%s:%s: MAPI Save for: %p",
SRCNAME, __func__, m_mailitem);
mapi_msg->SaveChanges (KEEP_OPEN_READWRITE);
}
if (!mapi_msg || hr)
{
log_error ("%s:%s: Failed to save mapi for %p hr=%#lx",
SRCNAME, __func__, this, hr);
}
/* In case the mail is still visible in a different window */
updateCategories_o ();
}
}
gpgol_release (mapi_msg);
}
log_oom ("%s:%s: Invoking close for: %p",
SRCNAME, __func__, m_mailitem);
setCloseTriggered (true);
int rc = invoke_oom_method_with_parms (m_mailitem, "Close",
nullptr, &dispparams);
if (move_data)
{
log_debug ("%s:%s:Restoring message class to %s after close.",
SRCNAME, __func__, move_data->old_class);
do_in_ui_thread_async (AFTER_MOVE, move_data, 0);
}
setCloseTriggered (false);
if (!rc)
{
/* Saveguard against oom writes when our data is in OOM. This
* can happen when the mail was opened in a new window. But
* also shown in the preview.
* We get a close event and discard changes but the data is
* still in oom because it is still visible in the opened
* window.
*
* In that case we may not write! Otherwise the plaintext
* might be leaked back to the server if the folder is synced.
* */
char *body = get_oom_string (m_mailitem, "Body");
LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments");
if (body && strlen (body))
{
log_debug ("%s:%s: Close successful. But body found. "
"Mail still open.",
SRCNAME, __func__);
}
else if (count_visible_attachments (attachments))
{
log_debug ("%s:%s: Close successful. But attachments found. "
"Mail still open.",
SRCNAME, __func__);
}
else
{
setPassWrite (true);
log_debug ("%s:%s: Close successful. Next write may pass.",
SRCNAME, __func__);
}
gpgol_release (attachments);
xfree (body);
}
log_oom ("%s:%s: returned from close",
SRCNAME, __func__);
TRETURN rc;
}
void
Mail::setCloseTriggered (bool value)
{
TSTART;
m_close_triggered = value;
TRETURN;
}
bool
Mail::getCloseTriggered () const
{
TSTART;
TRETURN m_close_triggered;
}
static const UserID
get_uid_for_sender (const Key &k, const char *sender)
{
TSTART;
UserID ret;
if (!sender)
{
TRETURN ret;
}
if (!k.numUserIDs())
{
log_debug ("%s:%s: Key without uids",
SRCNAME, __func__);
TRETURN ret;
}
for (const auto uid: k.userIDs())
{
if (!uid.email() || !*(uid.email()))
{
/* This happens for S/MIME a lot */
log_debug ("%s:%s: skipping uid without email.",
SRCNAME, __func__);
continue;
}
auto normalized_uid = uid.addrSpec();
auto normalized_sender = UserID::addrSpecFromString(sender);
if (normalized_sender.empty() || normalized_uid.empty())
{
log_error ("%s:%s: normalizing '%s' or '%s' failed.",
SRCNAME, __func__, anonstr (uid.email()),
anonstr (sender));
continue;
}
if (normalized_sender == normalized_uid)
{
ret = uid;
}
}
TRETURN ret;
}
void
Mail::updateSigstate ()
{
TSTART;
std::string sender = getSender ();
if (sender.empty())
{
log_error ("%s:%s:%i", SRCNAME, __func__, __LINE__);
TRETURN;
}
if (m_verify_result.isNull())
{
log_debug ("%s:%s: No verify result.",
SRCNAME, __func__);
TRETURN;
}
if (m_verify_result.error())
{
log_debug ("%s:%s: verify error.",
SRCNAME, __func__);
TRETURN;
}
for (const auto sig: m_verify_result.signatures())
{
m_is_signed = true;
const auto key = KeyCache::instance ()->getByFpr (sig.fingerprint(),
true);
m_uid = get_uid_for_sender (key, sender.c_str());
if (m_uid.isNull() && !m_sent_on_behalf.empty ())
{
m_uid = get_uid_for_sender (key, m_sent_on_behalf.c_str ());
if (!m_uid.isNull())
{
log_debug ("%s:%s: Using sent on behalf '%s' instead of '%s'",
SRCNAME, __func__, anonstr (m_sent_on_behalf.c_str()),
anonstr (sender.c_str ()));
}
}
/* Sigsum valid or green is somehow not set in this case.
* Which is strange as AFAIK this worked in the past. */
if ((sig.summary() & Signature::Summary::Valid) &&
m_uid.origin() == GpgME::Key::OriginWKD &&
(sig.validity() == Signature::Validity::Unknown ||
sig.validity() == Signature::Validity::Marginal))
{
// WKD is a shortcut to Level 2 trust.
log_debug ("%s:%s: Unknown or marginal from WKD -> Level 2",
SRCNAME, __func__);
}
else if (m_uid.isNull() || (sig.validity() != Signature::Validity::Marginal &&
sig.validity() != Signature::Validity::Full &&
sig.validity() != Signature::Validity::Ultimate))
{
/* For our category we only care about trusted sigs. And
the UID needs to match.*/
continue;
}
else if (sig.validity() == Signature::Validity::Marginal)
{
const auto tofu = m_uid.tofuInfo();
if (!tofu.isNull() &&
(tofu.validity() != TofuInfo::Validity::BasicHistory &&
tofu.validity() != TofuInfo::Validity::LargeHistory))
{
/* Marginal is only good enough without tofu.
Otherwise we wait for basic trust. */
log_debug ("%s:%s: Discarding marginal signature."
"With too little history.",
SRCNAME, __func__);
continue;
}
}
log_debug ("%s:%s: Classified sender as verified uid validity: %i origin: %i",
SRCNAME, __func__, m_uid.validity(), m_uid.origin());
m_sig = sig;
m_is_valid = true;
TRETURN;
}
log_debug ("%s:%s: No signature with enough trust. Using first",
SRCNAME, __func__);
m_sig = m_verify_result.signature(0);
TRETURN;
}
bool
Mail::isValidSig () const
{
TSTART;
TRETURN m_is_valid;
}
void
Mail::removeCategories_o ()
{
TSTART;
if (!m_store_id.empty () && !m_verify_category.empty ())
{
log_oom ("%s:%s: Unreffing verify category",
SRCNAME, __func__);
CategoryManager::instance ()->removeCategory (this,
m_verify_category);
}
if (!m_store_id.empty () && !m_decrypt_result.isNull())
{
log_oom ("%s:%s: Unreffing dec category",
SRCNAME, __func__);
CategoryManager::instance ()->removeCategory (this,
CategoryManager::getEncMailCategory ());
}
if (m_is_junk)
{
log_oom ("%s:%s: Unreffing junk category",
SRCNAME, __func__);
CategoryManager::instance ()->removeCategory (this,
CategoryManager::getJunkMailCategory ());
}
TRETURN;
}
/* Now for some tasty hack: Outlook sometimes does
not show the new categories properly but instead
does some weird scrollbar thing. This can be
avoided by resizing the message a bit. But somehow
this only needs to be done once.
Weird isn't it? But as this workaround worked let's
do it programatically. Fun. Wan't some tomato sauce
with this hack? */
static void
resize_active_window ()
{
TSTART;
HWND wnd = get_active_hwnd ();
static std::vector resized_windows;
if(std::find(resized_windows.begin(), resized_windows.end(), wnd) != resized_windows.end()) {
/* We only need to do this once per window. XXX But sometimes we also
need to do this once per view of the explorer. So for now this might
break but we reduce the flicker. A better solution would be to find
the current view and track that. */
TRETURN;
}
if (!wnd)
{
TRACEPOINT;
TRETURN;
}
RECT oldpos;
if (!GetWindowRect (wnd, &oldpos))
{
TRACEPOINT;
TRETURN;
}
if (!SetWindowPos (wnd, nullptr,
(int)oldpos.left,
(int)oldpos.top,
/* Anything smaller then 19 was ignored when the window was
* maximized on Windows 10 at least with a 1980*1024
* resolution. So I assume it's at least 1 percent.
* This is all hackish and ugly but should work for 90%...
* hopefully.
*/
(int)oldpos.right - oldpos.left - 20,
(int)oldpos.bottom - oldpos.top, 0))
{
TRACEPOINT;
TRETURN;
}
if (!SetWindowPos (wnd, nullptr,
(int)oldpos.left,
(int)oldpos.top,
(int)oldpos.right - oldpos.left,
(int)oldpos.bottom - oldpos.top, 0))
{
TRACEPOINT;
TRETURN;
}
resized_windows.push_back(wnd);
TRETURN;
}
#if 0
static std::string
pretty_id (const char *keyId)
{
/* Three spaces, four quads and a NULL */
char buf[20];
buf[19] = '\0';
if (!keyId)
{
return std::string ("null");
}
size_t len = strlen (keyId);
if (!len)
{
return std::string ("empty");
}
if (len < 16)
{
return std::string (_("Invalid Key"));
}
const char *p = keyId + (len - 16);
int j = 0;
for (size_t i = 0; i < 16; i++)
{
if (i && i % 4 == 0)
{
buf[j++] = ' ';
}
buf[j++] = *(p + i);
}
return std::string (buf);
}
#endif
void
Mail::updateCategories_o ()
{
TSTART;
if (m_printing)
{
log_debug ("%s:%s: Not updating categories as we are printing.",
SRCNAME, __func__);
return;
}
auto mngr = CategoryManager::instance ();
if (isValidSig ())
{
char *buf;
/* Resolve to the primary fingerprint */
#if 0
const auto sigKey = KeyCache::instance ()->getByFpr (m_sig.fingerprint (),
true);
const char *sigFpr;
if (sigKey.isNull())
{
sigFpr = m_sig.fingerprint ();
}
else
{
sigFpr = sigKey.primaryFingerprint ();
}
#endif
/* If m_uid addrSpec would not return a result we would never
* have gotten the UID. */
int lvl = get_signature_level ();
/* TRANSLATORS: The first placeholder is for tranlsation of "Level".
The second one is for the level number. The third is for the
translation of "trust in" and the last one is for the mail
address used for verification. The result is used as the
text on the green bar for signed mails. e.g.:
"GpgOL: Level 3 trust in 'john.doe@example.org'" */
gpgrt_asprintf (&buf, "GpgOL: %s %i %s '%s'", _("Level"), lvl,
_("trust in"),
m_uid.addrSpec ().c_str ());
memdbg_alloc (buf);
int color = 0;
if (lvl == 2)
{
color = 7; /* Olive */
}
if (lvl == 3)
{
color = 5; /* Green */
}
if (lvl == 4)
{
color = 20; /* Dark Green */
}
m_store_id = mngr->addCategoryToMail (this, buf, color);
m_verify_category = buf;
xfree (buf);
}
else
{
remove_category (m_mailitem, "GpgOL: ", false);
}
if (!m_decrypt_result.isNull())
{
const auto id = mngr->addCategoryToMail (this,
CategoryManager::getEncMailCategory (),
8 /* Blue */);
if (m_store_id.empty())
{
m_store_id = id;
}
if (m_store_id != id)
{
log_error ("%s:%s unexpected store mismatch "
"between '%s' and dec cat '%s'",
SRCNAME, __func__, m_store_id.c_str(), id.c_str());
}
}
else
{
/* As a small safeguard against fakes we remove our
categories */
remove_category (m_mailitem,
CategoryManager::getEncMailCategory ().c_str (),
true);
}
resize_active_window();
TRETURN;
}
bool
Mail::isSigned () const
{
TSTART;
TRETURN m_verify_result.numSignatures() > 0;
}
bool
Mail::isEncrypted () const
{
TSTART;
TRETURN !m_decrypt_result.isNull();
}
int
Mail::setUUID_o ()
{
TSTART;
char *uuid;
if (!m_uuid.empty())
{
/* This codepath is reached by decrypt again after a
close with discard changes. The close discarded
the uuid on the OOM object so we have to set
it again. */
log_debug ("%s:%s: Resetting uuid for %p to %s",
SRCNAME, __func__, this,
m_uuid.c_str());
uuid = get_unique_id (m_mailitem, 1, m_uuid.c_str());
}
else
{
uuid = get_unique_id (m_mailitem, 1, nullptr);
log_debug ("%s:%s: uuid for %p set to %s",
SRCNAME, __func__, this, uuid);
}
if (!uuid)
{
log_debug ("%s:%s: Failed to get/set uuid for %p",
SRCNAME, __func__, m_mailitem);
TRETURN -1;
}
if (m_uuid.empty())
{
m_uuid = uuid;
Mail *other = getMailForUUID (uuid);
if (other)
{
/* According to documentation this should not
happen as this means that multiple ItemLoad
events occured for the same mailobject without
unload / destruction of the mail.
But it happens. If you invalidate the UI
in the selection change event Outlook loads a
new mailobject for the mail. Might happen in
other surprising cases. We replace in that
case as experiments have shown that the last
mailobject is the one that is visible.
Still troubling state so we log this as an error.
*/
log_error ("%s:%s: There is another mail for %p "
"with uuid: %s replacing it.",
SRCNAME, __func__, m_mailitem, uuid);
delete other;
}
gpgol_lock (&uid_map_lock);
s_uid_map.insert (std::pair (m_uuid, this));
gpgol_unlock (&uid_map_lock);
log_debug ("%s:%s: uuid for %p is now %s",
SRCNAME, __func__, this,
m_uuid.c_str());
}
xfree (uuid);
TRETURN 0;
}
/* TRETURNs 2 if the userid is ultimately trusted.
TRETURNs 1 if the userid is fully trusted but has
a signature by a key for which we have a secret
and which is ultimately trusted. (Direct trust)
0 otherwise */
static int
level_4_check (const UserID &uid)
{
TSTART;
if (uid.isNull())
{
TRETURN 0;
}
if (uid.validity () == UserID::Validity::Ultimate)
{
TRETURN 2;
}
if (uid.validity () == UserID::Validity::Full)
{
const auto ultimate_keys = KeyCache::instance()->getUltimateKeys ();
for (const auto sig: uid.signatures ())
{
const char *sigID = sig.signerKeyID ();
if (sig.isNull() || !sigID)
{
/* should not happen */
TRACEPOINT;
continue;
}
/* Direct trust information is not available
through gnupg so we cached the keys with ultimate
trust during parsing and now see if we find a direct
trust path.*/
for (const auto secKey: ultimate_keys)
{
/* Check that the Key id of the key matches */
const char *secKeyID = secKey.keyID ();
if (!secKeyID || strcmp (secKeyID, sigID))
{
continue;
}
/* Check that the userID of the signature is the ultimately
trusted one. */
const char *sig_uid_str = sig.signerUserID();
if (!sig_uid_str)
{
/* should not happen */
TRACEPOINT;
continue;
}
for (const auto signer_uid: secKey.userIDs ())
{
if (signer_uid.validity() != UserID::Validity::Ultimate)
{
TRACEPOINT;
continue;
}
const char *signer_uid_str = signer_uid.id ();
if (!sig_uid_str)
{
/* should not happen */
TRACEPOINT;
continue;
}
if (!strcmp(sig_uid_str, signer_uid_str))
{
/* We have a match */
log_debug ("%s:%s: classified %s as ultimate because "
"it was signed by uid %s of key %s",
SRCNAME, __func__, anonstr (signer_uid_str),
anonstr (sig_uid_str),
anonstr (secKeyID));
TRETURN 1;
}
}
}
}
}
TRETURN 0;
}
std::string
Mail::getCryptoSummary () const
{
TSTART;
const int level = get_signature_level ();
bool enc = isEncrypted ();
if (level == 4 && enc)
{
TRETURN _("Security Level 4");
}
if (level == 4)
{
TRETURN _("Trust Level 4");
}
if (level == 3 && enc)
{
TRETURN _("Security Level 3");
}
if (level == 3)
{
TRETURN _("Trust Level 3");
}
if (level == 2 && enc)
{
TRETURN _("Security Level 2");
}
if (level == 2)
{
TRETURN _("Trust Level 2");
}
if (enc)
{
TRETURN _("Encrypted");
}
if (isSigned ())
{
/* Even if it is signed, if it is not validly
signed it's still completly insecure as anyone
could have signed this. So we avoid the label
"signed" here as this word already implies some
security. */
TRETURN _("Insecure");
}
TRETURN _("Insecure");
}
std::string
Mail::getCryptoOneLine () const
{
TSTART;
bool sig = isSigned ();
bool enc = isEncrypted ();
if (sig || enc)
{
if (sig && enc)
{
TRETURN _("Signed and encrypted message");
}
else if (sig)
{
TRETURN _("Signed message");
}
else if (enc)
{
TRETURN _("Encrypted message");
}
}
TRETURN _("Insecure message");
}
std::string
Mail::getCryptoDetails_o ()
{
TSTART;
std::string message;
/* No signature with keys but error */
if (!isEncrypted () && !isSigned () && m_verify_result.error())
{
message = _("You cannot be sure who sent, "
"modified and read the message in transit.");
message += "\n\n";
message += _("The message was signed but the verification failed with:");
message += "\n";
message += m_verify_result.error().asString();
TRETURN message;
}
/* No crypo, what are we doing here? */
if (!isEncrypted () && !isSigned ())
{
TRETURN _("You cannot be sure who sent, "
"modified and read the message in transit.");
}
/* Handle encrypt only */
if (isEncrypted () && !isSigned ())
{
if (in_de_vs_mode ())
{
if (m_sig.isDeVs())
{
message += _("The encryption was VS-NfD-compliant.");
}
else
{
message += _("The encryption was not VS-NfD-compliant.");
}
}
message += "\n\n";
message += _("You cannot be sure who sent the message because "
"it is not signed.");
TRETURN message;
}
bool keyFound = true;
const auto sigKey = KeyCache::instance ()->getByFpr (m_sig.fingerprint (),
true);
bool isOpenPGP = sigKey.isNull() ? !isSMIME_m () :
sigKey.protocol() == Protocol::OpenPGP;
char *buf;
bool hasConflict = false;
int level = get_signature_level ();
log_debug ("%s:%s: Formatting sig. Validity: %x Summary: %x Level: %i",
SRCNAME, __func__, m_sig.validity(), m_sig.summary(),
level);
if (level == 4)
{
/* level 4 check for direct trust */
int four_check = level_4_check (m_uid);
if (four_check == 2 && sigKey.hasSecret ())
{
message = _("You signed this message.");
}
else if (four_check == 1)
{
message = _("The senders identity was certified by yourself.");
}
else if (four_check == 2)
{
message = _("The sender is allowed to certify identities for you.");
}
else
{
log_error ("%s:%s:%i BUG: Invalid sigstate.",
SRCNAME, __func__, __LINE__);
TRETURN message;
}
}
else if (level == 3 && isOpenPGP)
{
/* Level three is only reachable through web of trust and no
direct signature. */
message = _("The senders identity was certified by several trusted people.");
}
else if (level == 3 && !isOpenPGP)
{
/* Level three is the only level for trusted S/MIME keys. */
gpgrt_asprintf (&buf, _("The senders identity is certified by the trusted issuer:\n'%s'\n"),
sigKey.issuerName());
memdbg_alloc (buf);
message = buf;
xfree (buf);
}
else if (level == 2 && m_uid.origin () == GpgME::Key::OriginWKD)
{
message = _("The mail provider of the recipient served this key.");
}
else if (level == 2 && m_uid.tofuInfo ().isNull ())
{
/* Marginal trust through pgp only */
message = _("Some trusted people "
"have certified the senders identity.");
}
else if (level == 2)
{
unsigned long first_contact = std::max (m_uid.tofuInfo().signFirst(),
m_uid.tofuInfo().encrFirst());
char *time = format_date_from_gpgme (first_contact);
/* i18n note signcount is always pulral because with signcount 1 we
* would not be in this branch. */
gpgrt_asprintf (&buf, _("The senders address is trusted, because "
"you have established a communication history "
"with this address starting on %s.\n"
"You encrypted %i and verified %i messages since."),
time, m_uid.tofuInfo().encrCount(),
m_uid.tofuInfo().signCount ());
memdbg_alloc (buf);
xfree (time);
message = buf;
xfree (buf);
}
else if (level == 1)
{
/* This could be marginal trust through pgp, or tofu with little
history. */
if (m_uid.tofuInfo ().signCount() == 1)
{
message += _("The senders signature was verified for the first time.");
}
else if (m_uid.tofuInfo ().validity() == TofuInfo::Validity::LittleHistory)
{
unsigned long first_contact = std::max (m_uid.tofuInfo().signFirst(),
m_uid.tofuInfo().encrFirst());
char *time = format_date_from_gpgme (first_contact);
gpgrt_asprintf (&buf, _("The senders address is not trustworthy yet because "
"you only verified %i messages and encrypted %i messages to "
"it since %s."),
m_uid.tofuInfo().signCount (),
m_uid.tofuInfo().encrCount (), time);
memdbg_alloc (buf);
xfree (time);
message = buf;
xfree (buf);
}
}
else
{
/* Now we are in level 0, this could be a technical problem, no key
or just unkown. */
message = isEncrypted () ? _("But the sender address is not trustworthy because:") :
_("The sender address is not trustworthy because:");
message += "\n";
keyFound = !(m_sig.summary() & Signature::Summary::KeyMissing);
bool general_problem = true;
/* First the general stuff. */
if (m_sig.summary() & Signature::Summary::Red)
{
message += _("The signature is invalid: \n");
if (m_sig.status().code() == GPG_ERR_BAD_SIGNATURE)
{
message += std::string("\n") + _("The signature does not match.");
return message;
}
}
else if (m_sig.summary() & Signature::Summary::SysError ||
m_verify_result.numSignatures() < 1)
{
message += _("There was an error verifying the signature.\n");
const auto err = m_sig.status ();
if (err)
{
message += err.asString () + std::string ("\n");
}
}
else if (m_sig.summary() & Signature::Summary::SigExpired)
{
message += _("The signature is expired.\n");
}
else
{
message += isOpenPGP ? _("The used key") : _("The used certificate");
message += " ";
general_problem = false;
}
/* Now the key problems */
if ((m_sig.summary() & Signature::Summary::KeyMissing))
{
message += _("is not available.");
}
else if ((m_sig.summary() & Signature::Summary::KeyRevoked))
{
message += _("is revoked.");
}
else if ((m_sig.summary() & Signature::Summary::KeyExpired))
{
message += _("is expired.");
}
else if ((m_sig.summary() & Signature::Summary::BadPolicy))
{
message += _("is not meant for signing.");
}
else if ((m_sig.summary() & Signature::Summary::CrlMissing))
{
message += _("could not be checked for revocation.");
}
else if ((m_sig.summary() & Signature::Summary::CrlTooOld))
{
message += _("could not be checked for revocation.");
}
else if ((m_sig.summary() & Signature::Summary::TofuConflict) ||
m_uid.tofuInfo().validity() == TofuInfo::Conflict)
{
message += _("is not the same as the key that was used "
"for this address in the past.");
hasConflict = true;
}
else if (m_uid.isNull())
{
gpgrt_asprintf (&buf, _("does not claim the address: \"%s\"."),
getSender_o ().c_str());
memdbg_alloc (buf);
message += buf;
xfree (buf);
}
else if (((m_sig.validity() & Signature::Validity::Undefined) ||
(m_sig.validity() & Signature::Validity::Unknown) ||
(m_sig.summary() == Signature::Summary::None) ||
(m_sig.validity() == 0))&& !general_problem)
{
/* Bit of a catch all for weird results. */
if (isOpenPGP)
{
message += _("is not certified by any trustworthy key.");
}
else
{
message += _("is not certified by a trustworthy Certificate Authority or the Certificate Authority is unknown.");
}
}
else if (m_uid.isRevoked())
{
message += _("The sender marked this address as revoked.");
}
else if ((m_sig.validity() & Signature::Validity::Never))
{
message += _("is marked as not trustworthy.");
}
}
message += "\n\n";
if (in_de_vs_mode ())
{
if (isSigned ())
{
if (m_sig.isDeVs ())
{
message += _("The signature is VS-NfD-compliant.");
}
else
{
message += _("The signature is not VS-NfD-compliant.");
}
message += "\n";
}
if (isEncrypted ())
{
if (m_decrypt_result.isDeVs ())
{
message += _("The encryption is VS-NfD-compliant.");
}
else
{
message += _("The encryption is not VS-NfD-compliant.");
}
message += "\n\n";
}
else
{
message += "\n";
}
}
if (hasConflict)
{
message += _("Click here to change the key used for this address.");
}
else if (keyFound)
{
message += isOpenPGP ? _("Click here for details about the key.") :
_("Click here for details about the certificate.");
}
else
{
message += isOpenPGP ? _("Click here to search the key on the configured keyserver.") :
_("Click here to search the certificate on the configured X509 keyserver.");
}
TRETURN message;
}
int
Mail::get_signature_level () const
{
TSTART;
if (!m_is_signed)
{
TRETURN 0;
}
if (m_uid.isNull ())
{
/* No m_uid matches our sender. */
TRETURN 0;
}
if (m_is_valid && (m_uid.validity () == UserID::Validity::Ultimate ||
(m_uid.validity () == UserID::Validity::Full &&
level_4_check (m_uid))) && (!in_de_vs_mode () || m_sig.isDeVs()))
{
TRETURN 4;
}
if (m_is_valid && m_uid.validity () == UserID::Validity::Full &&
(!in_de_vs_mode () || m_sig.isDeVs()))
{
TRETURN 3;
}
if (m_is_valid)
{
TRETURN 2;
}
if (m_sig.validity() == Signature::Validity::Marginal)
{
TRETURN 1;
}
if (m_sig.summary() & Signature::Summary::TofuConflict ||
m_uid.tofuInfo().validity() == TofuInfo::Conflict)
{
TRETURN 0;
}
TRETURN 0;
}
int
Mail::getCryptoIconID () const
{
TSTART;
int level = get_signature_level ();
int offset = isEncrypted () ? ENCRYPT_ICON_OFFSET : 0;
TRETURN IDI_LEVEL_0 + level + offset;
}
const char*
Mail::getSigFpr () const
{
TSTART;
if (!m_is_signed || m_sig.isNull())
{
TRETURN nullptr;
}
TRETURN m_sig.fingerprint();
}
/** Try to locate the keys for all recipients */
void
Mail::locateKeys_o ()
{
TSTART;
if (m_locate_in_progress)
{
/** XXX
The strangest thing seems to happen here:
In get_recipients the lookup for "AddressEntry" on
an unresolved address might cause network traffic.
So Outlook somehow "detaches" this call and keeps
processing window messages while the call is running.
So our do_delayed_locate might trigger a second locate.
If we access the OOM in this call while we access the
same object in the blocked "detached" call we crash.
(T3931)
After the window message is handled outlook retunrs
in the original lookup.
A better fix here might be a non recursive lock
of the OOM. But I expect that if we lock the handling
of the Windowmessage we might deadlock.
*/
log_debug ("%s:%s: Locate for %p already in progress.",
SRCNAME, __func__, this);
TRETURN;
}
m_locate_in_progress = true;
Addressbook::check_o (this);
if (opt.autoresolve)
{
// First update oom data to have recipients and sender updated.
updateOOMData_o ();
KeyCache::instance()->startLocateSecret (getSender_o ().c_str (), this);
KeyCache::instance()->startLocate (getSender_o ().c_str (), this);
KeyCache::instance()->startLocate (getCachedRecipients (), this);
}
autosecureCheck ();
m_locate_in_progress = false;
TRETURN;
}
bool
Mail::isHTMLAlternative () const
{
TSTART;
TRETURN m_is_html_alternative;
}
char *
Mail::takeCachedHTMLBody ()
{
TSTART;
char *ret = m_cached_html_body;
m_cached_html_body = nullptr;
TRETURN ret;
}
char *
Mail::takeCachedPlainBody ()
{
TSTART;
char *ret = m_cached_plain_body;
m_cached_plain_body = nullptr;
TRETURN ret;
}
int
Mail::getCryptoFlags () const
{
TSTART;
TRETURN m_crypto_flags;
}
void
Mail::setNeedsEncrypt (bool value)
{
TSTART;
m_needs_encrypt = value;
TRETURN;
}
bool
Mail::getNeedsEncrypt () const
{
TSTART;
TRETURN m_needs_encrypt;
}
std::vector
Mail::getCachedRecipients ()
{
TSTART;
TRETURN m_cached_recipients;
}
void
Mail::appendToInlineBody (const std::string &data)
{
TSTART;
m_inline_body += data;
TRETURN;
}
int
Mail::inlineBodyToBody_o ()
{
TSTART;
if (!m_crypter)
{
log_error ("%s:%s: No crypter.",
SRCNAME, __func__);
TRETURN -1;
}
const auto body = m_crypter->get_inline_data ();
if (body.empty())
{
TRETURN 0;
}
/* For inline we always work with UTF-8 */
put_oom_int (m_mailitem, "InternetCodepage", 65001);
int ret = put_oom_string (m_mailitem, "Body",
body.c_str ());
TRETURN ret;
}
void
Mail::updateCryptMAPI_m ()
{
TSTART;
log_debug ("%s:%s: Update crypt mapi",
SRCNAME, __func__);
if (m_crypt_state != NeedsUpdateInMAPI)
{
log_debug ("%s:%s: invalid state %i",
SRCNAME, __func__, m_crypt_state);
TRETURN;
}
if (!m_crypter)
{
if (!m_mime_data.empty())
{
log_debug ("%s:%s: Have override mime data creating dummy crypter",
SRCNAME, __func__);
m_crypter = std::shared_ptr (new CryptController (this, false,
false,
GpgME::UnknownProtocol));
}
else
{
log_error ("%s:%s: No crypter.",
SRCNAME, __func__);
m_crypt_state = NoCryptMail;
TRETURN;
}
}
if (m_crypter->update_mail_mapi ())
{
log_error ("%s:%s: Failed to update MAPI after crypt",
SRCNAME, __func__);
m_crypt_state = NoCryptMail;
}
else
{
m_crypt_state = WantsSendMIME;
}
/** If sync we need the crypter in update_crypt_oom */
if (!isAsyncCryptDisabled ())
{
// We don't need the crypter anymore.
resetCrypter ();
}
TRETURN;
}
/** Checks in OOM if the body is either
empty or contains the -----BEGIN tag.
pair.first -> true if body starts with -----BEGIN
pair.second -> true if body is empty. */
static std::pair
has_crypt_or_empty_body_oom (Mail *mail)
{
TSTART;
auto body = mail->getBody_o ();
std::pair ret;
ret.first = false;
ret.second = false;
ltrim (body);
if (body.size() > 10 && !strncmp (body.c_str(), "-----BEGIN", 10))
{
ret.first = true;
TRETURN ret;
}
if (!body.size())
{
ret.second = true;
}
else
{
log_data ("%s:%s: Body found in %p : \"%s\"",
SRCNAME, __func__, mail, body.c_str ());
}
TRETURN ret;
}
void
Mail::updateCryptOOM_o ()
{
TSTART;
log_debug ("%s:%s: Update crypt oom for %p",
SRCNAME, __func__, this);
if (m_crypt_state != NeedsUpdateInOOM)
{
log_debug ("%s:%s: invalid state %i",
SRCNAME, __func__, m_crypt_state);
resetCrypter ();
TRETURN;
}
if (getDoPGPInline ())
{
if (inlineBodyToBody_o ())
{
log_error ("%s:%s: Inline body to body failed %p.",
SRCNAME, __func__, this);
gpgol_bug (get_active_hwnd(), ERR_INLINE_BODY_TO_BODY);
m_crypt_state = NoCryptMail;
TRETURN;
}
}
if (m_crypter->get_protocol () == GpgME::CMS && m_crypter->is_encrypter ())
{
/* We put the PIDNameContentType headers here for exchange
because this is the only way we found to inject the
smime-type. */
if (put_pa_string (m_mailitem,
PR_PIDNameContentType_DASL,
"application/pkcs7-mime;smime-type=\"enveloped-data\";name=smime.p7m"))
{
log_debug ("%s:%s: Failed to put PIDNameContentType for %p.",
SRCNAME, __func__, this);
}
}
/** When doing async update_crypt_mapi follows and needs
the crypter. */
if (isAsyncCryptDisabled ())
{
resetCrypter ();
}
const auto pair = has_crypt_or_empty_body_oom (this);
if (pair.first)
{
log_debug ("%s:%s: Looks like inline body. You can pass %p.",
SRCNAME, __func__, this);
m_crypt_state = WantsSendInline;
TRETURN;
}
/* Draft encryption we do not want to wipe the oom but we have
to modify it to trigger the wirte / second after write. */
if (m_is_draft_encrypt)
{
char *subject = get_oom_string (m_mailitem, "Subject");
put_oom_string (m_mailitem, "Subject", subject ? subject : "");
xfree (subject);
}
// We are in MIME land. Wipe the body.
if (!m_is_draft_encrypt && wipe_o (true))
{
log_debug ("%s:%s: Cancel send for %p.",
SRCNAME, __func__, this);
wchar_t *title = utf8_to_wchar (_("GpgOL: Encryption not possible!"));
wchar_t *msg = utf8_to_wchar (_(
"Outlook returned an error when trying to send the encrypted mail.\n\n"
"Please restart Outlook and try again.\n\n"
"If it still fails consider using an encrypted attachment or\n"
"switching to PGP/Inline in GpgOL's options."));
MessageBoxW (get_active_hwnd(), msg, title,
MB_ICONERROR | MB_OK);
xfree (msg);
xfree (title);
m_crypt_state = NoCryptMail;
TRETURN;
}
m_crypt_state = NeedsSecondAfterWrite;
TRETURN;
}
void
Mail::enableWindow ()
{
TSTART;
if (!m_window)
{
log_error ("%s:%s:enable window which was not disabled",
SRCNAME, __func__);
}
log_debug ("%s:%s: enable window %p",
SRCNAME, __func__, m_window);
EnableWindow (m_window, TRUE);
TRETURN;
}
void
Mail::disableWindow_o ()
{
TSTART;
m_window = get_active_hwnd ();
log_debug ("%s:%s: disable window %p",
SRCNAME, __func__, m_window);
EnableWindow (m_window, FALSE);
TRETURN;
}
bool
Mail::isActiveInlineResponse_o ()
{
const auto subject = getSubject_o ();
bool ret = false;
LPDISPATCH app = GpgolAddin::get_instance ()->get_application ();
if (!app)
{
TRACEPOINT;
TRETURN false;
}
LPDISPATCH explorer = get_oom_object (app, "ActiveExplorer");
if (!explorer)
{
TRACEPOINT;
TRETURN false;
}
LPDISPATCH inlineResponse = get_oom_object (explorer, "ActiveInlineResponse");
gpgol_release (explorer);
if (!inlineResponse)
{
TRETURN false;
}
// We have inline response
// Check if we are it. It's a bit naive but meh. Worst case
// is that we think inline response too often and do sync
// crypt where we could do async crypt.
char * inlineSubject = get_oom_string (inlineResponse, "Subject");
gpgol_release (inlineResponse);
if (inlineResponse && !subject.empty() && !strcmp (subject.c_str (), inlineSubject))
{
log_debug ("%s:%s: Detected inline response for '%p'",
SRCNAME, __func__, this);
ret = true;
}
xfree (inlineSubject);
TRETURN ret;
}
bool
Mail::checkSyncCrypto_o ()
{
TSTART;
/* Async sending is known to cause instabilities. So we keep
a hidden option to disable it. */
if (opt.sync_enc)
{
m_async_crypt_disabled = true;
TRETURN m_async_crypt_disabled;
}
m_async_crypt_disabled = false;
const auto subject = getSubject_o ();
/* Check for an empty subject. Otherwise the question for it
might be hidden behind our overlay. */
if (subject.empty())
{
log_debug ("%s:%s: Detected empty subject. "
"Disabling async crypt due to T4150.",
SRCNAME, __func__);
m_async_crypt_disabled = true;
TRETURN m_async_crypt_disabled;
}
LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments");
if (attachments)
{
/* This is horrible. But. For some kinds of attachments (we
got reports about Office attachments the write in the
send event triggered by our crypto done code fails with
an exception. There does not appear to be a detectable
pattern when this happens.
As we can't be sure and do not know for which attachments
this really happens we do not use async crypt for any
mails with attachments. :-/
Better be save (not crash) instead of nice (async).
TODO: Figure this out.
The log goes like this. We pass the send event. That triggers
a write, which we pass. And then that fails. So it looks like
moving to Outbox fails. Because we can save as much as we
like before that.
Using the IMessage::SubmitMessage MAPI interface works, but
as it is unstable in our current implementation we do not
want to use it.
mailitem-events.cpp:Invoke: Passing send event for mime-encrypted message 12B7C6E0.
application-events.cpp:Invoke: Unhandled Event: f002
mailitem-events.cpp:Invoke: Write : 0ED4D058
mailitem-events.cpp:Invoke: Passing write event.
oomhelp.cpp:invoke_oom_method_with_parms_type: Method 'Send' invokation failed: 0x80020009
oomhelp.cpp:dump_excepinfo: Exception:
wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: The operation failed. The messaging interfaces have returned an unknown error. If the problem persists, restart Outlook.
help: null
helpCtx: 0x0
deferredFill: 00000000
scode: 0x80040119
*/
int count = get_oom_int (attachments, "Count");
gpgol_release (attachments);
if (count)
{
m_async_crypt_disabled = true;
log_debug ("%s:%s: Detected attachments. "
"Disabling async crypt due to T4131.",
SRCNAME, __func__);
TRETURN m_async_crypt_disabled;
}
}
if (isActiveInlineResponse_o ())
{
m_async_crypt_disabled = true;
}
TRETURN m_async_crypt_disabled;
}
// static
Mail *
Mail::getLastMail ()
{
TSTART;
if (!s_last_mail || !isValidPtr (s_last_mail))
{
s_last_mail = nullptr;
}
TRETURN s_last_mail;
}
// static
void
Mail::clearLastMail ()
{
TSTART;
s_last_mail = nullptr;
TRETURN;
}
// static
void
Mail::locateAllCryptoRecipients_o ()
{
TSTART;
gpgol_lock (&mail_map_lock);
std::map::iterator it;
auto mail_map_copy = s_mail_map;
gpgol_unlock (&mail_map_lock);
for (it = mail_map_copy.begin(); it != mail_map_copy.end(); ++it)
{
if (it->second->needs_crypto_m ())
{
it->second->locateKeys_o ();
}
}
TRETURN;
}
int
Mail::removeAllAttachments_o ()
{
TSTART;
int ret = 0;
LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments");
if (!attachments)
{
TRACEPOINT;
TRETURN 0;
}
int count = get_oom_int (attachments, "Count");
LPDISPATCH to_delete[count];
/* Populate the array so that we don't get in an index mess */
for (int i = 1; i <= count; i++)
{
auto item_str = std::string("Item(") + std::to_string (i) + ")";
to_delete[i-1] = get_oom_object (attachments, item_str.c_str());
}
gpgol_release (attachments);
/* Now delete all attachments */
for (int i = 0; i < count; i++)
{
LPDISPATCH attachment = to_delete[i];
if (!attachment)
{
log_error ("%s:%s: No such attachment %i",
SRCNAME, __func__, i);
ret = -1;
}
/* Delete the attachments that are marked to delete */
if (invoke_oom_method (attachment, "Delete", NULL))
{
log_error ("%s:%s: Deleting attachment %i",
SRCNAME, __func__, i);
ret = -1;
}
gpgol_release (attachment);
}
TRETURN ret;
}
int
Mail::removeOurAttachments_o ()
{
TSTART;
LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments");
if (!attachments)
{
TRACEPOINT;
TRETURN 0;
}
int count = get_oom_int (attachments, "Count");
LPDISPATCH to_delete[count];
int del_cnt = 0;
for (int i = 1; i <= count; i++)
{
auto item_str = std::string("Item(") + std::to_string (i) + ")";
LPDISPATCH attachment = get_oom_object (attachments, item_str.c_str());
if (!attachment)
{
TRACEPOINT;
continue;
}
attachtype_t att_type;
if (get_pa_int (attachment, GPGOL_ATTACHTYPE_DASL, (int*) &att_type))
{
/* Not our attachment. */
gpgol_release (attachment);
continue;
}
if (att_type == ATTACHTYPE_PGPBODY || att_type == ATTACHTYPE_MOSS ||
att_type == ATTACHTYPE_MOSSTEMPL)
{
/* One of ours to delete. */
to_delete[del_cnt++] = attachment;
/* Dont' release yet */
continue;
}
gpgol_release (attachment);
}
gpgol_release (attachments);
int ret = 0;
for (int i = 0; i < del_cnt; i++)
{
LPDISPATCH attachment = to_delete[i];
/* Delete the attachments that are marked to delete */
if (invoke_oom_method (attachment, "Delete", NULL))
{
log_error ("%s:%s: Error: deleting attachment %i",
SRCNAME, __func__, i);
ret = -1;
}
gpgol_release (attachment);
}
TRETURN ret;
}
/* We are very verbose because if we fail it might mean
that we have leaked plaintext -> critical. */
bool
Mail::hasCryptedOrEmptyBody_o ()
{
TSTART;
const auto pair = has_crypt_or_empty_body_oom (this);
if (pair.first /* encrypted marker */)
{
log_debug ("%s:%s: Crypt Marker detected in OOM body. Return true %p.",
SRCNAME, __func__, this);
TRETURN true;
}
if (!pair.second)
{
log_debug ("%s:%s: Unexpected content detected. Return false %p.",
SRCNAME, __func__, this);
TRETURN false;
}
// Pair second == true (is empty) can happen on OOM error.
LPMESSAGE message = get_oom_base_message (m_mailitem);
if (!message && pair.second)
{
if (message)
{
gpgol_release (message);
}
TRETURN true;
}
size_t r_nbytes = 0;
char *mapi_body = mapi_get_body (message, &r_nbytes);
gpgol_release (message);
if (!mapi_body || !r_nbytes)
{
// Body or bytes are null. we are empty.
xfree (mapi_body);
log_debug ("%s:%s: MAPI error or empty message. Return true. %p.",
SRCNAME, __func__, this);
TRETURN true;
}
if (r_nbytes > 10 && !strncmp (mapi_body, "-----BEGIN", 10))
{
// Body is crypt.
log_debug ("%s:%s: MAPI Crypt marker detected. Return true. %p.",
SRCNAME, __func__, this);
xfree (mapi_body);
TRETURN true;
}
xfree (mapi_body);
log_debug ("%s:%s: Found mapi body. Return false. %p.",
SRCNAME, __func__, this);
TRETURN false;
}
std::string
Mail::getVerificationResultDump ()
{
TSTART;
std::stringstream ss;
ss << m_verify_result;
TRETURN ss.str();
}
void
Mail::setBlockStatus_m ()
{
TSTART;
SPropValue prop;
LPMESSAGE message = get_oom_base_message (m_mailitem);
prop.ulPropTag = PR_BLOCK_STATUS;
prop.Value.l = 1;
HRESULT hr = message->SetProps (1, &prop, NULL);
if (hr)
{
log_error ("%s:%s: can't set block value: hr=%#lx\n",
SRCNAME, __func__, hr);
}
gpgol_release (message);
TRETURN;
}
void
Mail::setBlockHTML (bool value)
{
TSTART;
m_block_html = value;
TRETURN;
}
void
Mail::incrementLocateCount ()
{
TSTART;
m_locate_count++;
TRETURN;
}
void
Mail::decrementLocateCount ()
{
TSTART;
m_locate_count--;
if (m_locate_count < 0)
{
log_error ("%s:%s: locate count mismatch.",
SRCNAME, __func__);
m_locate_count = 0;
}
if (!m_locate_count)
{
autosecureCheck ();
}
TRETURN;
}
void
Mail::autosecureCheck ()
{
TSTART;
if (!opt.autosecure || !opt.autoresolve || m_manual_crypto_opts ||
m_locate_count)
{
TRETURN;
}
bool ret = KeyCache::instance()->isMailResolvable (this);
log_debug ("%s:%s: status %i",
SRCNAME, __func__, ret);
/* As we are safe to call at any time, because we need
* to be triggered by the locator threads finishing we
* need to actually set the draft info flags in
* the ui thread. */
do_in_ui_thread_async (ret ? DO_AUTO_SECURE : DONT_AUTO_SECURE,
this);
TRETURN;
}
void
Mail::setDoAutosecure_m (bool value)
{
TSTART;
TRACEPOINT;
LPMESSAGE msg = get_oom_base_message (m_mailitem);
if (!msg)
{
TRACEPOINT;
TRETURN;
}
/* We need to set a uuid so that autosecure can
be disabled manually */
setUUID_o ();
int old_flags = get_gpgol_draft_info_flags (msg);
if (old_flags && m_first_autosecure_check &&
/* Someone with always sign and autosecure active
* will want to get autoencryption. */
!(old_flags == 2 && opt.sign_default))
{
/* They were set explicily before us. This can be
* because they were a draft (which is bad) or
* because they are a reply/forward to a crypto mail
* or because there are conflicting settings. */
log_debug ("%s:%s: Mail %p had already flags set.",
SRCNAME, __func__, m_mailitem);
m_first_autosecure_check = false;
m_manual_crypto_opts = true;
gpgol_release (msg);
TRETURN;
}
m_first_autosecure_check = false;
set_gpgol_draft_info_flags (msg, value ? 3 : opt.sign_default ? 2 : 0);
gpgol_release (msg);
gpgoladdin_invalidate_ui();
TRETURN;
}
bool
Mail::decryptedSuccessfully () const
{
return m_decrypt_result.isNull() || !m_decrypt_result.error();
}
void
Mail::installFolderEventHandler_o()
{
TSTART;
TRACEPOINT;
LPDISPATCH folder = get_oom_object (m_mailitem, "Parent");
if (!folder)
{
TRACEPOINT;
TRETURN;
}
char *objName = get_object_name (folder);
if (!objName || strcmp (objName, "MAPIFolder"))
{
log_debug ("%s:%s: Mail %p parent is not a mapi folder.",
SRCNAME, __func__, m_mailitem);
xfree (objName);
gpgol_release (folder);
TRETURN;
}
xfree (objName);
char *path = get_oom_string (folder, "FullFolderPath");
if (!path)
{
TRACEPOINT;
path = get_oom_string (folder, "FolderPath");
}
if (!path)
{
log_error ("%s:%s: Mail %p parent has no folder path.",
SRCNAME, __func__, m_mailitem);
gpgol_release (folder);
TRETURN;
}
std::string strPath (path);
xfree (path);
if (s_folder_events_map.find (strPath) == s_folder_events_map.end())
{
log_debug ("%s:%s: Install folder events watcher for %s.",
SRCNAME, __func__, anonstr (strPath.c_str()));
const auto sink = install_FolderEvents_sink (folder);
s_folder_events_map.insert (std::make_pair (strPath, sink));
}
/* Folder already registered */
gpgol_release (folder);
TRETURN;
}
void
Mail::refCurrentItem()
{
TSTART;
if (m_currentItemRef)
{
log_debug ("%s:%s: Current item multi ref. Bug?",
SRCNAME, __func__);
TRETURN;
}
/* This prevents a crash in Outlook 2013 when sending a mail as it
* would unload too early.
*
* As it didn't crash when the mail was opened in Outlook Spy this
* mimics that the mail is inspected somewhere else. */
m_currentItemRef = get_oom_object (m_mailitem, "GetInspector.CurrentItem");
TRETURN;
}
void
Mail::releaseCurrentItem()
{
TSTART;
if (!m_currentItemRef)
{
TRETURN;
}
log_oom ("%s:%s: releasing CurrentItem ref %p",
SRCNAME, __func__, m_currentItemRef);
LPDISPATCH tmp = m_currentItemRef;
m_currentItemRef = nullptr;
/* This can cause our destruction */
gpgol_release (tmp);
TRETURN;
}
void
Mail::decryptPermanently_o()
{
TSTART;
if (!m_needs_wipe)
{
log_debug ("%s:%s: Mail does not yet need wipe. Called to early?",
SRCNAME, __func__);
TRETURN;
}
if (!m_decrypt_result.isNull() && m_decrypt_result.error())
{
log_debug ("%s:%s: Decrypt result had error. Can't decrypt permanently.",
SRCNAME, __func__);
TRETURN;
}
/* Remove the existing categories */
removeCategories_o ();
/* Drop our state variables */
m_decrypt_result = GpgME::DecryptionResult();
m_verify_result = GpgME::VerificationResult();
m_needs_wipe = false;
m_processed = false;
m_is_smime = false;
m_type = MSGTYPE_UNKNOWN;
/* Remove our own attachments */
removeOurAttachments_o ();
updateSigstate();
auto msg = MAKE_SHARED (get_oom_base_message (m_mailitem));
if (!msg)
{
STRANGEPOINT;
TRETURN;
}
mapi_delete_gpgol_tags ((LPMESSAGE)msg.get());
mapi_set_mesage_class ((LPMESSAGE)msg.get(), "IPM.Note");
if (invoke_oom_method (m_mailitem, "Save", NULL))
{
log_error ("Failed to save decrypted mail: %p ", m_mailitem);
}
log_debug ("%s:%s: Delayed invalidate to update sigstate after perm dec.",
SRCNAME, __func__);
CloseHandle(CreateThread (NULL, 0, delayed_invalidate_ui, (LPVOID) 300, 0,
NULL));
TRETURN;
}
void
Mail::prepareCrypto_o ()
{
TSTART;
// Check inline response state to fill out asynccryptdisabled.
checkSyncCrypto_o ();
if (!isAsyncCryptDisabled())
{
/* Obtain a reference of the current item. This prevents
* an early unload which would crash Outlook 2013
*
* As it didn't crash when the mail was opened in Outlook Spy this
* mimics that the mail is inspected somewhere else. */
refCurrentItem ();
}
// First contact with a mail to encrypt update
// state and oom data.
updateOOMData_o (true);
setCryptState (Mail::NeedsFirstAfterWrite);
TRETURN;
}
/* Printing happens in two steps. First a Mail is loaded after the
BeforePrint event, then it is loaded a second time when the actual print
happens. We have to catch both.
This functions looks over all mails and checks if one is currently
printing. If so we compare our EntryID's and if they match. Bingo,
we are printing, too.*/
bool
Mail::checkIfMailIsChildOfPrintMail_o ()
{
gpgol_lock (&mail_map_lock);
for (auto it = s_mail_map.begin(); it != s_mail_map.end(); ++it)
{
auto mail = it->second;
if (mail->isPrint ())
{
/* This happens so rarely that we only fetch our
entry id if we are in here. */
char *entryID = get_oom_string (mail->item (), "EntryID");
if (!entryID)
{
log_error ("%s:%s: Printing mail %p has no EntryID",
SRCNAME, __func__, mail);
continue;
}
char *ourID = get_oom_string (m_mailitem, "EntryID");
if (!ourID)
{
log_error ("%s:%s: Mail %p has no EntryID",
SRCNAME, __func__, this);
xfree (entryID);
continue;
}
int cmp = strcmp (ourID, entryID);
xfree (ourID);
xfree (entryID);
if (cmp)
{
log_debug ("%s:%s: The current print is not us.",
SRCNAME, __func__);
continue;
}
gpgrt_lock_unlock (&mail_map_lock);
log_debug ("%s:%s: Mail %p is the actual print of %p.",
SRCNAME, __func__, this, mail);
return true;
}
}
gpgrt_lock_unlock (&mail_map_lock);
return false;
}
diff --git a/src/mail.h b/src/mail.h
index c0bdfdb..bf3cc81 100644
--- a/src/mail.h
+++ b/src/mail.h
@@ -1,713 +1,716 @@
/* @file mail.h
* @brief High level class to work with Outlook Mailitems.
*
* Copyright (C) 2015, 2016 by Bundesamt für Sicherheit in der Informationstechnik
* Software engineering by Intevation GmbH
*
* This file is part of GpgOL.
*
* GpgOL is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* GpgOL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
#ifndef MAIL_H
#define MAIL_H
#include "oomhelp.h"
#include "mapihelp.h"
#include "gpgme++/verificationresult.h"
#include "gpgme++/decryptionresult.h"
#include "gpgme++/key.h"
#include
#include
class ParseController;
class CryptController;
class Attachment;
/** @brief Data wrapper around a mailitem.
*
* This class is intended to bundle all that we know about
* a Mail. Due to the restrictions in Outlook we sometimes may
* need additional information that is not available at the time
* like the sender address of an exchange account in the afterWrite
* event.
*
* This class bundles such information and also provides a way to
* access the event handler of a mail.
*
* Naming conventions of the suffixes:
* _o functions that work on OOM and possibly also MAPI.
* _m functions that work on MAPI.
* _s functions that only work on internal data and are safe to call
* from any thread.
*
* O and M functions _must_ only be called from the main thread. Use
* a WindowMessage to signal the Main thread. But be wary. A WindowMessage
* might be handled while an OOM call in the main thread waits for completion.
*
* An example for this is how update_oom_data can work:
*
* Main Thread:
* call update_oom_data
* └> internally invokes an OOM function that might do network access e.g.
* to connect to the exchange server to fetch the address.
*
* Counterintutively the Main thread does not return from that function or
* blocks for it's completion but handles windowmessages.
*
* After a windowmessage was handled and if the OOM invocation is
* completed the invocation returns and normal execution continues.
*
* So if the window message handler's includes for example
* also a call to lookup recipients we crash. Note that it's usually
* safe to do OOM / MAPI calls from a window message.
*
*
* While this seems impossible, remember that we do not work directly
* with functions but everything is handled through COM. Without this
* logic Outlook would probably become unusable because as any long running
* call to the OOM would block it completely and freeze the UI.
* (no windowmessages handled).
*
* So be wary when accessing the OOM from a Window Message.
*/
class Mail
{
public:
enum CryptState
{
NoCryptMail,
NeedsFirstAfterWrite,
NeedsActualCrypt,
NeedsUpdateInOOM,
NeedsSecondAfterWrite,
NeedsUpdateInMAPI,
WantsSendInline,
WantsSendMIME,
};
/** @brief Construct a mail object for the item.
*
* This also installs the event sink for this item.
*
* The mail object takes ownership of the mailitem
* reference. Do not Release it! */
Mail (LPDISPATCH mailitem);
~Mail ();
/** @brief looks for existing Mail objects for the OOM mailitem.
@returns A reference to an existing mailitem or NULL in case none
could be found.
*/
static Mail* getMailForItem (LPDISPATCH mailitem);
/** @brief looks for existing Mail objects in the uuid map.
Only objects for which set_uid has been called can be found
in the uid map. Get the Unique ID of a mailitem thorugh get_unique_id
@returns A reference to an existing mailitem or NULL in case none
could be found.
*/
static Mail* getMailForUUID (const char *uuid);
/** @brief Get the last created mail.
@returns A reference to the last created mail or null.
*/
static Mail* getLastMail ();
/** @brief voids the last mail variable. */
static void clearLastMail ();
/** @brief Lock mail deletion.
Mails are heavily accessed multi threaded. E.g. when locating
keys. Due to bad timing it would be possible that between
a check for "is_valid_ptr" to see if a map is still valid
and the usage of the mail a delete would happen.
This lock can be used to prevent that. Changes made to the
mail will of course have no effect as the mail is already in
the process of beeing unloaded. And calls that access MAPI
or OOM still might crash. But this at least gurantees that
the member variables of the mail exist while the lock is taken.
Use it in your thread like:
Mail::lockDelete ();
Mail::isValidPtr (mail);
mail->set_or_check_something ();
Mail::unlockDelete ();
Still be carefull when it is a mapi or oom function.
*/
static void lockDelete ();
static void unlockDelete ();
/** @brief looks for existing Mail objects.
@returns A reference to an existing mailitem or NULL in case none
could be found. Can be used to check if a mail object was destroyed.
*/
static bool isValidPtr (const Mail *mail);
/** @brief wipe the plaintext from all known Mail objects.
*
* This is intended as a "cleanup" call to be done on unload
* to avoid leaking plaintext in case we are deactivated while
* some mails still have their plaintext inserted.
*
* @returns the number of errors that occured.
*/
static int wipeAllMails_o ();
/** @brief revert all known Mail objects.
*
* Similar to wipe but works on MAPI to revert our attachment
* dance and restore an original MIME mail.
*
* @returns the number of errors that occured.
*/
static int revertAllMails_o ();
/** @brief close all known Mail objects.
*
* Close our mail with discard changes set to true.
* This discards the plaintext / attachments. Afterwards
* it calls save if neccessary to sync back the collected
* property changes.
*
* This is the nicest of our three "Clean plaintext"
* functions. Will fallback to revert if closing fails.
* Closed mails are deleted.
*
* @returns the number of errors that occured.
*/
static int closeAllMails_o ();
/** @brief closes the inspector for a mail
*
* @returns true on success.
*/
static int closeInspector_o (Mail *mail);
/** Call close with discard changes to discard
plaintext. returns the value of the oom close
call. This may have delete the mail if the close
triggers an unload.
Set restoreSMIMEClass to resotre the S/MIME
Message class IPM.Note.SMIME etc. for S/MIME
mails.
*/
int close (bool restoreSMIMEClass = true);
/** @brief locate recipients for all crypto mails
*
* To avoid lookups of recipients for non crypto mails we only
* locate keys when a crypto action is already selected.
*
* As the user can do this after recipients were added but
* we don't know for which mail the crypt button was triggered.
* we march over all mails and if they are crypto mails we check
* that the recipents were located.
*/
static void locateAllCryptoRecipients_o ();
/** @brief Reference to the mailitem. Do not Release! */
LPDISPATCH item () { return m_mailitem; }
/** @brief Pre process the message. Ususally to be called from BeforeRead.
*
* This function assumes that the base message interface can be accessed
* and calles the MAPI Message handling which changes the message class
* to enable our own handling.
*
* @returns 0 on success.
*/
int preProcessMessage_m ();
/** @brief Decrypt / Verify the mail.
*
* Sets the needs_wipe and was_encrypted variable.
*
* @returns 0 on success. */
int decryptVerify_o ();
/** @brief start crypto operations as selected by the user.
*
* Initiates the crypto operations according to the gpgol
* draft info flags.
*
* @returns 0 on success. */
int encryptSignStart_o ();
/** @brief Necessary crypto operations were completed successfully. */
bool wasCryptoSuccessful_m () { return m_crypt_successful || !needs_crypto_m (); }
/** @brief Message should be encrypted and or signed.
0: No
1: Encrypt
2: Sign
3: Encrypt & Sign
*/
int needs_crypto_m () const;
/** @brief wipe the plaintext from the message and encrypt attachments.
*
* @returns 0 on success; */
int wipe_o (bool force = false);
/** @brief revert the message to the original mail before our changes.
*
* @returns 0 on success; */
int revert_o ();
/** @brief update some data collected from the oom
*
* This updates cached values from the OOM that are not available
* in MAPI events like after Write.
*
* For Exchange 2013 at least we don't have any other way to get the
* senders SMTP address then through the object model. So we have to
* store the sender address for later events that do not allow us to
* access the OOM but enable us to work with the underlying MAPI structure.
*
* for_encryption can be used to override that data should be collected
* for encryption. Otherwise it depends on "isCryptoMail" to decide which
* data should be collected.
*
* It also updated the is_html_alternative value.
*
* @returns 0 on success */
int updateOOMData_o (bool for_encryption = false);
/** @brief get sender SMTP address (UTF-8 encoded).
*
* If the sender address has not been set through update_sender this
* calls update_sender before returning the sender.
*
* @returns A reference to the utf8 sender address. Or an empty string. */
std::string getSender_o ();
/** @brief get sender SMTP address (UTF-8 encoded).
*
* Like get_sender but ensures not to touch oom or mapi
*
* @returns A reference to the utf8 sender address. Or an empty string. */
std::string getSender () const;
/** @brief get the subject string (UTF-8 encoded).
*
* @returns the subject or an empty string. */
std::string getSubject_o () const;
/** @brief Is this a crypto mail handled by gpgol.
*
* Calling this is only valid after a message has been processed.
*
* @returns true if the mail was either signed or encrypted and we processed
* it.
*/
bool isCryptoMail () const;
/** @brief This mail needs to be actually written.
*
* @returns true if the next write event should not be canceled.
*/
bool needsSave () { return m_needs_save; }
/** @brief set the needs save state.
*/
void setNeedsSave (bool val) { m_needs_save = val; }
/** @brief is this mail an S/MIME mail.
*
* @returns true for smime messages.
*/
bool isSMIME_m ();
/** @brief get the associated parser.
only valid while the actual parsing happens. */
std::shared_ptr parser () { return m_parser; }
/** @brief get the associated cryptcontroller.
only valid while the crypting happens. */
std::shared_ptr cryper () { return m_crypter; }
/** To be called from outside once the paser was done.
In Qt this would be a slot that is called once it is finished
we hack around that a bit by calling it from our windowmessages
handler.
*/
void parsing_done ();
/** Returns true if the mail was verified and has at least one
signature. Regardless of the validity of the mail */
bool isSigned () const;
/** Returns true if the mail is encrypted to at least one
recipient. Regardless if it could be decrypted. */
bool isEncrypted () const;
/** Are we "green" */
bool isValidSig () const;
/** Get UID gets UniqueID property of this mail. Returns
an empty string if the uid was not set with set uid.*/
const std::string & getUUID () const { return m_uuid; }
/** Returns 0 on success if the mail has a uid alrady or sets
the uid. Setting only succeeds if the OOM is currently
accessible. Returns -1 on error. */
int setUUID_o ();
/** Returns a localized string describing in one or two
words the crypto status of this mail. */
std::string getCryptoSummary () const;
/** Returns a localized string describing the detailed
crypto state of this mail. */
std::string getCryptoDetails_o ();
/** Returns a localized string describing a one line
summary of the crypto state. */
std::string getCryptoOneLine () const;
/** Get the icon id of the appropiate icon for this mail */
int getCryptoIconID () const;
/** Get the fingerprint of an associated signature or null
if it is not signed. */
const char *getSigFpr () const;
/** Remove all categories of this mail */
void removeCategories_o ();
/** Get the body of the mail */
std::string getBody_o () const;
/** Get the recipients. */
std::vector getRecipients_o () const;
/** Try to locate the keys for all recipients.
This also triggers the Addressbook integration, which we
treat as locate jobs. */
void locateKeys_o ();
/** State variable to check if a close was triggerd by us. */
void setCloseTriggered (bool value);
bool getCloseTriggered () const;
/** Check if the mail should be sent as html alternative mail.
Only valid if update_oom_data was called before. */
bool isHTMLAlternative () const;
/** Get the html body. It is updated in update_oom_data.
Caller takes ownership of the string and has to free it.
*/
char *takeCachedHTMLBody ();
/** Get the plain body. It is updated in update_oom_data.
Caller takes ownership of the string and has to free it.
*/
char *takeCachedPlainBody ();
/** Get the cached recipients. It is updated in update_oom_data.*/
std::vector getCachedRecipients ();
/** Returns 1 if the mail was encrypted, 2 if signed, 3 if both.
Only valid after decrypt_verify.
*/
int getCryptoFlags () const;
/** Returns true if the mail should be encrypted in the
after write event. */
bool getNeedsEncrypt () const;
void setNeedsEncrypt (bool val);
/** Gets the level of the signature. See:
https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption for
a definition of the levels. */
int get_signature_level () const;
/** Check if all attachments are hidden and show a warning
message appropiate to the crypto state if necessary.
If silent is true it will not show a warning but silently
remove the bad attachments.
*/
int checkAttachments_o (bool silent);
/** Check if the mail should be encrypted "inline" */
bool getDoPGPInline () const {return m_do_inline;}
/** Check if the mail should be encrypted "inline" */
void setDoPGPInline (bool value) {m_do_inline = value;}
/** Append data to a cached inline body. Helper to do this
on MAPI level and later add it through OOM */
void appendToInlineBody (const std::string &data);
/** Set the inline body as OOM body property. */
int inlineBodyToBody_o ();
/** Get the crypt state */
CryptState cryptState () const {return m_crypt_state;}
/** Set the crypt state */
void setCryptState (CryptState state) {m_crypt_state = state;}
/** Update MAPI data after encryption. */
void updateCryptMAPI_m ();
/** Update OOM data after encryption.
Checks for plain text leaks and
does not advance crypt state if body can't be cleaned.
*/
void updateCryptOOM_o ();
/** Enable / Disable the window of this mail.
When the window gets disabled the
handle is stored for a later enable. */
void disableWindow_o ();
void enableWindow ();
/** Determine if the mail is an inline response.
Call check_inline_response first to update the state
from the OOM.
We need synchronous encryption for inline responses. */
bool isAsyncCryptDisabled () { return m_async_crypt_disabled; }
/** Check through OOM if the current mail is an inline
response. Meaning editable in the message list.
*/
bool isActiveInlineResponse_o ();
/* Check if we can't do async crypto. E.g. for inline responses.
Caches the state which can then be queried through
isAsyncCryptDisabled;
*/
bool checkSyncCrypto_o ();
/** Get the window for the mail. Caution! This is only
really valid in the time that the window is disabled.
Use with care and can be null or invalid.
*/
HWND getWindow () { return m_window; }
/** Cleanup any attached crypter object. Useful
on error. */
void resetCrypter () { m_crypter = nullptr; }
/** Set special crypto mime data that should be used as the
mime structure when sending. */
void setOverrideMIMEData (const std::string &data) {m_mime_data = data;}
/** Get the mime data that should be used when sending. */
std::string get_override_mime_data () const { return m_mime_data; }
bool hasOverrideMimeData() const { return !m_mime_data.empty(); }
/** Set if this is a forward of a crypto mail. */
void setIsForwardedCryptoMail (bool value) { m_is_forwarded_crypto_mail = value; }
bool is_forwarded_crypto_mail () { return m_is_forwarded_crypto_mail; }
/** Set if this is a reply of a crypto mail. */
void setIsReplyCryptoMail (bool value) { m_is_reply_crypto_mail = value; }
bool is_reply_crypto_mail () { return m_is_reply_crypto_mail; }
/** Remove the hidden GpgOL attachments. This is needed when forwarding
without encryption so that our attachments are not included in the forward.
Returns 0 on success. Works in OOM. */
int removeOurAttachments_o ();
/** Remove all attachments. Including our own. This is needed for
forwarding of unsigned S/MIME mails (Efail).
Returns 0 on success. Works in OOM. */
int removeAllAttachments_o ();
/** Check both OOM and MAPI if the body is either empty or
encrypted. Won't abort on OOM or MAPI errors, so it can be
used in both states. But will return false if a body
was detected or in the OOM the MAPI Base Message. This
is intended as a saveguard before sending a mail.
This function should not be used to detected the necessity
of encryption and is only an extra check to catch unexpected
errors.
*/
bool hasCryptedOrEmptyBody_o ();
void updateBody_o ();
+ /** Update information from protected headers in OOM */
+ void updateHeaders_o ();
+
/** Set if this mail looks like the send again of a crypto mail.
This will mean that after it is decrypted it is treated
like an unencrypted mail so that it can be encrypted again
or sent unencrypted.
*/
void setIsSendAgain (bool value) { m_is_send_again = value; }
/* Attachment removal state variables. */
bool attachmentRemoveWarningDisabled () { return m_disable_att_remove_warning; }
/* Gets the string dump of the verification result. */
std::string getVerificationResultDump ();
/* Block loading HTML content */
void setBlockHTML (bool value);
bool isBlockHTML () const { return m_block_html; }
/* Remove automatic loading of HTML references setting. */
void setBlockStatus_m ();
/* Crypto options (sign/encrypt) have been set manually. */
void setCryptoSelectedManually (bool v) { m_manual_crypto_opts = v; }
// bool is_crypto_selected_manually () const { return m_manual_crypto_opts; }
/* Reference that a resolver thread is running for this mail. */
void incrementLocateCount ();
/* To be called when a resolver thread is done. If there are no running
resolver threads we can check the recipients to see if we should
toggle / untoggle the secure state.
*/
void decrementLocateCount ();
/* Check if the keys can be resolved automatically and trigger
* setting the crypto flags accordingly.
*/
void autosecureCheck ();
/* Set if a mail should be secured (encrypted and signed)
*
* Only save to call from a place that may access mapi.
*/
void setDoAutosecure_m (bool value);
/* Install an event handler for the folder of this mail. */
void installFolderEventHandler_o ();
/* Marker for a "Move" of this mail */
bool passWrite () { return m_pass_write; }
void setPassWrite(bool value) { m_pass_write = value; }
/* Releases the current item ref obtained in update oom data */
void releaseCurrentItem ();
/* Gets an additional reference for GetInspector.CurrentItem */
void refCurrentItem ();
/* Get the storeID for this mail */
std::string storeID() { return m_store_id; }
/* Remove encryption permanently. */
void decryptPermanently_o ();
/* Prepare for encrypt / sign. Updates data. */
void prepareCrypto_o ();
/* State variable to check if we are about to encrypt a draft. */
void setIsDraftEncrypt (bool value) { m_is_draft_encrypt = value; }
bool isDraftEncrypt () { return m_is_draft_encrypt; }
/* Was this mail decrypted without error. Also returns true
if the mail was not encrypted. */
bool decryptedSuccessfully () const;
/* The mail should be decrypted again after the next
* encryption. So that we can save it for example and
* still work on it. */
void setDecryptAgain (bool value) { m_decrypt_again = value; }
bool isDecryptAgain () const { return m_decrypt_again; }
/* The type of the message. */
msgtype_t msgtype () const { return m_type; }
/* The mail was loaded after we have seen a BeforePrint event. */
void setIsPrint (bool value) { m_printing = value; }
bool isPrint () const { return m_printing; }
/* Update the catgories (encrypted / trust in) based on the
crypt results. */
void updateCategories_o ();
private:
bool checkIfMailIsChildOfPrintMail_o ();
void updateSigstate ();
int add_attachments_o (std::vector > attachments);
LPDISPATCH m_mailitem;
LPDISPATCH m_event_sink;
LPDISPATCH m_currentItemRef;
bool m_processed, /* The message has been porcessed by us. */
m_needs_wipe, /* We have added plaintext to the mesage. */
m_needs_save, /* A property was changed but not by us. */
m_crypt_successful, /* We successfuly performed crypto on the item. */
m_is_smime, /* This is an smime mail. */
m_is_smime_checked, /* it was checked if this is an smime mail */
m_is_signed, /* Mail is signed */
m_is_valid, /* Mail is valid signed. */
m_close_triggered, /* We have programtically triggered a close */
m_is_html_alternative, /* Body Format is not plain text */
m_needs_encrypt; /* Send was triggered we want to encrypt. */
int m_moss_position; /* The number of the original message attachment. */
int m_crypto_flags;
std::string m_sender;
std::string m_sent_on_behalf;
char *m_cached_html_body; /* Cached html body. */
char *m_cached_plain_body; /* Cached plain body. */
std::vector m_cached_recipients;
msgtype_t m_type; /* Our messagetype as set in mapi */
std::shared_ptr m_parser;
std::shared_ptr m_crypter;
GpgME::VerificationResult m_verify_result;
GpgME::DecryptionResult m_decrypt_result;
GpgME::Signature m_sig;
GpgME::UserID m_uid;
std::string m_uuid;
std::string m_orig_body;
bool m_do_inline;
bool m_is_gsuite; /* Are we on a gsuite account */
std::string m_inline_body;
CryptState m_crypt_state;
HWND m_window;
bool m_async_crypt_disabled;
std::string m_mime_data;
bool m_is_forwarded_crypto_mail; /* Is this a forward of a crypto mail */
bool m_is_reply_crypto_mail; /* Is this a reply to a crypto mail */
bool m_is_send_again; /* Is this a send again of a crypto mail */
bool m_disable_att_remove_warning; /* Should not warn about attachment removal. */
bool m_block_html; /* Force blocking of html content. e.g for unsigned S/MIME mails. */
bool m_manual_crypto_opts; /* Crypto options (sign/encrypt) have been set manually. */
bool m_first_autosecure_check; /* This is the first autoresolve check */
int m_locate_count; /* The number of key locates pending for this mail. */
bool m_pass_write; /* Danger the next write will be passed. This is for closed mails */
bool m_locate_in_progress; /* Simplified state variable for locate */
std::string m_store_id; /* Store id for categories */
std::string m_verify_category; /* The category string for the verify result */
bool m_is_junk; /* Mail is in the junk folder */
bool m_is_draft_encrypt; /* Mail is a draft that should be encrypted */
bool m_decrypt_again; /* Mail should be decrypted again if it sees
another beforeread */
bool m_printing; /* Mail is decrypted for printing */
std::string m_gpgol_class; /* The GpgOL Message class */
};
#endif // MAIL_H
diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp
index d5aa072..722be56 100644
--- a/src/mimedataprovider.cpp
+++ b/src/mimedataprovider.cpp
@@ -1,1162 +1,1229 @@
/* mimedataprover.cpp - GpgME dataprovider for mime data
* Copyright (C) 2016 by Bundesamt für Sicherheit in der Informationstechnik
* Software engineering by Intevation GmbH
*
* This file is part of GpgOL.
*
* GpgOL is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* GpgOL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
#include "config.h"
#include "common_indep.h"
#include "xmalloc.h"
#include
#include
#include
#include "mimedataprovider.h"
#include "rfc822parse.h"
#include "rfc2047parse.h"
#include "attachment.h"
#include "cpphelp.h"
#ifndef HAVE_W32_SYSTEM
#define stricmp strcasecmp
#endif
/* How much data is read at once in collect */
#define BUFSIZE 65536
/* The maximum length of a line we are able to process. RFC822 allows
only for 1000 bytes; thus 2000 seemed to be a reasonable value until
we worked with a MUA that sent whole HTML mails in a single line
now we read more at once and allow the line to be the full size of
our read. -1 */
#define LINEBUFSIZE (BUFSIZE - 1)
#include
/* To keep track of the MIME message structures we use a linked list
with each item corresponding to one part. */
struct mimestruct_item_s;
typedef struct mimestruct_item_s *mimestruct_item_t;
struct mimestruct_item_s
{
mimestruct_item_t next;
unsigned int level; /* Level in the hierarchy of that part. 0
indicates the outer body. */
char *filename; /* Malloced filename or NULL. */
char *cid; /* Malloced content id or NULL. */
char *charset; /* Malloced charset or NULL. */
char content_type[1]; /* String with the content type. */
};
/* The context object we use to track information. */
struct mime_context
{
rfc822parse_t msg; /* The handle of the RFC822 parser. */
int verify_mode; /* True if we want to verify a signature. */
int nesting_level; /* Current MIME nesting level. */
int in_data; /* We are currently in data (body or attachment). */
int body_seen; /* True if we have seen a part we consider the
body of the message. */
std::shared_ptr current_attachment; /* A pointer to the current
attachment */
int collect_body; /* True if we are collcting the body */
int collect_html_body; /* True if we are collcting the html body */
int collect_crypto_data; /* True if we are collecting the signed data. */
int collect_signature; /* True if we are collecting a signature. */
int pgp_marker_checked; /* Checked if the first body line is pgp marker*/
int is_encrypted; /* True if we are working on an encrypted mail. */
int start_hashing; /* Flag used to start collecting signed data. */
int hashing_level; /* MIME level where we started hashing. */
int is_qp_encoded; /* Current part is QP encoded. */
int is_base64_encoded; /* Current part is base 64 encoded. */
int is_body; /* The current part belongs to the body. */
protocol_t protocol; /* The detected crypto protocol. */
int part_counter; /* Counts the number of processed parts. */
int any_boundary; /* Indicates whether we have seen any
boundary which means that we are actually
working on a MIME message and not just on
plain rfc822 message. */
+ int in_protected_headers; /* Indicates if we are in a mime part that was
+ marked by a protected headers header. */
/* A linked list describing the structure of the mime message. This
list gets build up while parsing the message. */
mimestruct_item_t mimestruct;
mimestruct_item_t *mimestruct_tail;
mimestruct_item_t mimestruct_cur;
int any_attachments_created; /* True if we created a new atatchment. */
b64_state_t base64; /* The state of the Base-64 decoder. */
gpg_error_t parser_error; /* Indicates that we encountered a error from
the parser. */
};
typedef struct mime_context *mime_context_t;
/* Print the message event EVENT. */
static void
debug_message_event (rfc822parse_event_t event)
{
const char *s;
switch (event)
{
case RFC822PARSE_OPEN: s= "Open"; break;
case RFC822PARSE_CLOSE: s= "Close"; break;
case RFC822PARSE_CANCEL: s= "Cancel"; break;
case RFC822PARSE_T2BODY: s= "T2Body"; break;
case RFC822PARSE_FINISH: s= "Finish"; break;
case RFC822PARSE_RCVD_SEEN: s= "Rcvd_Seen"; break;
case RFC822PARSE_LEVEL_DOWN: s= "Level_Down"; break;
case RFC822PARSE_LEVEL_UP: s= "Level_Up"; break;
case RFC822PARSE_BOUNDARY: s= "Boundary"; break;
case RFC822PARSE_LAST_BOUNDARY: s= "Last_Boundary"; break;
case RFC822PARSE_BEGIN_HEADER: s= "Begin_Header"; break;
case RFC822PARSE_PREAMBLE: s= "Preamble"; break;
case RFC822PARSE_EPILOGUE: s= "Epilogue"; break;
default: s= "[unknown event]"; break;
}
log_data ("%s: rfc822 event %s\n", SRCNAME, s);
}
/* returns true if the BER encoded data in BUFFER is CMS signed data.
LENGTH gives the length of the buffer, for correct detection LENGTH
should be at least about 24 bytes. */
#if 0
static int
is_cms_signed_data (const char *buffer, size_t length)
{
TSTART;
const char *p = buffer;
size_t n = length;
tlvinfo_t ti;
if (parse_tlv (&p, &n, &ti))
{
TRETURN 0;
}
if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_SEQUENCE
&& ti.is_cons) )
TRETURN 0;
if (parse_tlv (&p, &n, &ti))
{
TRETURN 0;
}
if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_OBJECT_ID
&& !ti.is_cons && ti.length) || ti.length > n)
TRETURN 0;
if (ti.length == 9 && !memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9))
{
TRETURN 1;
}
TRETURN 0;
}
#endif
/* Process the transition to body event.
This means we have received the empty line indicating the body and
should now check the headers to see what to do about this part.
This is mostly a C style function because it was based on the old
c mimeparser.
*/
static int
t2body (MimeDataProvider *provider, rfc822parse_t msg)
{
TSTART;
rfc822parse_field_t field;
mime_context_t ctx = provider->mime_context ();
const char *ctmain, *ctsub;
const char *s;
size_t off;
char *p;
int is_text = 0;
int is_text_attachment = 0;
int is_protected_headers = 0;
char *filename = NULL;
char *cid = NULL;
char *charset = NULL;
bool ignore_cid = false;
/* Figure out the encoding. */
ctx->is_qp_encoded = 0;
ctx->is_base64_encoded = 0;
p = rfc822parse_get_field (msg, "Content-Transfer-Encoding", -1, &off);
if (p)
{
if (!stricmp (p+off, "quoted-printable"))
ctx->is_qp_encoded = 1;
else if (!stricmp (p+off, "base64"))
{
ctx->is_base64_encoded = 1;
b64_init (&ctx->base64);
}
xfree (p);
}
/* Get the filename from the header. */
field = rfc822parse_parse_field (msg, "Content-Disposition", -1);
if (field)
{
s = rfc822parse_query_parameter (field, "filename", 0);
if (s)
filename = rfc2047_parse (s);
s = rfc822parse_query_parameter (field, NULL, 1);
if (s && strstr (s, "attachment"))
{
log_debug ("%s:%s: Found Content-Disposition attachment."
" Ignoring content-id to avoid hiding.",
SRCNAME, __func__);
ignore_cid = true;
}
/* This is a bit of a taste matter how to treat inline
attachments. Outlook does not show them inline so we
should not put it in the body either as we have
no way to show that it was actually an attachment.
For something like an inline patch it is better
to add it as an attachment instead of just putting
it in the body.
The handling in the old parser was:
if (s && strcmp (s, "inline"))
not_inline_text = 1;
*/
if (ctx->body_seen)
{
/* Some MUA's like kontact e3.5 send the body as
an inline text attachment. So if we have not
seen the body yet we treat the first text/plain
element as the body and not as an inline attachment. */
is_text_attachment = 1;
}
rfc822parse_release_field (field);
}
/* Process the Content-type and all its parameters. */
ctmain = ctsub = NULL;
field = rfc822parse_parse_field (msg, "Content-Type", -1);
if (field)
ctmain = rfc822parse_query_media_type (field, &ctsub);
if (!ctmain)
{
/* Either there is no content type field or it is faulty; in
both cases we fall back to text/plain. */
ctmain = "text";
ctsub = "plain";
}
log_data ("%s:%s: ctx=%p, ct=`%s/%s'\n",
- SRCNAME, __func__, ctx, ctmain, ctsub);
+ SRCNAME, __func__, ctx, ctmain, ctsub);
s = rfc822parse_query_parameter (field, "charset", 0);
if (s)
charset = xstrdup (s);
if (!filename)
{
/* Check for Content-Type name if Content-Disposition filename
was not found */
s = rfc822parse_query_parameter (field, "name", 0);
if (s)
filename = rfc2047_parse (s);
}
/* Parse a Content Id header */
if (!ignore_cid)
{
p = rfc822parse_get_field (msg, "Content-Id", -1, &off);
if (p)
{
cid = xstrdup (p+off);
xfree (p);
}
}
/* Update our idea of the entire MIME structure. */
{
mimestruct_item_t ms;
ms = (mimestruct_item_t) xmalloc (sizeof *ms + strlen (ctmain) + 1 + strlen (ctsub));
ctx->mimestruct_cur = ms;
*ctx->mimestruct_tail = ms;
ctx->mimestruct_tail = &ms->next;
ms->next = NULL;
strcpy (stpcpy (stpcpy (ms->content_type, ctmain), "/"), ctsub);
ms->level = ctx->nesting_level;
ms->filename = filename;
ms->cid = cid;
filename = NULL;
ms->charset = charset;
charset = NULL;
}
if (!strcmp (ctmain, "multipart"))
{
/* We don't care about the top level multipart layer but wait
until it comes to the actual parts which then will get stored
as attachments.
For now encapsulated signed or encrypted containers are not
processed in a special way as they should. Except for the
simple verify mode. */
if (!provider->signature()
&& !strcmp (ctsub, "signed")
&& (s = rfc822parse_query_parameter (field, "protocol", 0)))
{
if (!strcmp (s, "application/pgp-signature"))
ctx->protocol = PROTOCOL_OPENPGP;
else if (!strcmp (s, "application/pkcs7-signature")
|| !strcmp (s, "application/x-pkcs7-signature"))
ctx->protocol = PROTOCOL_SMIME;
else
ctx->protocol = PROTOCOL_UNKNOWN;
/* Need to start the hashing after the next boundary. */
ctx->start_hashing = 1;
}
else if (!strcmp (ctsub, "encrypted") &&
(s = rfc822parse_query_parameter (field, "protocol", 0)))
{
if (!strcmp (s, "application/pgp-encrypted"))
ctx->protocol = PROTOCOL_OPENPGP;
/* We expect an encrypted mime part. */
ctx->is_encrypted = 1;
}
}
else if (!strcmp (ctmain, "text"))
{
is_text = !strcmp (ctsub, "html")? 2:1;
- is_protected_headers = (!strcmp (ctsub, "rfc822-headers") &&
- rfc822parse_query_parameter (field,
- "protected-headers", -1));
- if (is_protected_headers)
+ s = rfc822parse_query_parameter (field,
+ "protected-headers", -1);
+ if (s)
{
- log_data ("%s:%s: Found protected headers.",
- SRCNAME, __func__);
- provider->m_had_protected_headers = true;
+ log_data ("%s:%s: Found protected headers: '%s'",
+ SRCNAME, __func__, s);
+ if (!strncmp (s, "v", 1))
+ {
+ provider->m_protected_headers_version = atoi (s + 1);
+ }
+ is_protected_headers = 1;
+ }
+ else
+ {
+ is_protected_headers = 0;
}
}
else if (ctx->nesting_level == 1 && !provider->signature()
&& !strcmp (ctmain, "application")
&& ((ctx->protocol == PROTOCOL_OPENPGP
&& !strcmp (ctsub, "pgp-signature"))
|| (ctx->protocol == PROTOCOL_SMIME
&& (!strcmp (ctsub, "pkcs7-signature")
|| !strcmp (ctsub, "x-pkcs7-signature")))))
{
/* This is the second part of a MOSS signature. We only support
here full messages thus checking the nesting level is
sufficient. We do this only for the first signature (i.e. if
sig_data has not been set yet). We also do this only while
in verify mode because we don't want to write a full MUA. */
ctx->collect_signature = 1;
log_data ("%s:%s: Collecting signature.",
SRCNAME, __func__);
}
else if (ctx->nesting_level == 1 && ctx->is_encrypted
&& !strcmp (ctmain, "application")
&& (ctx->protocol == PROTOCOL_OPENPGP
&& !strcmp (ctsub, "octet-stream")))
{
log_data ("%s:%s: Collecting encrypted PGP data.",
SRCNAME, __func__);
ctx->collect_crypto_data = 1;
}
else /* Other type. */
{
/* Check whether this attachment is an opaque signed S/MIME
part. We use a counter to later check that there is only one
such part. */
if (!strcmp (ctmain, "application")
&& (!strcmp (ctsub, "pkcs7-mime")
|| !strcmp (ctsub, "x-pkcs7-mime")))
{
log_data ("%s:%s: Collecting crypted S/MIME data.",
SRCNAME, __func__);
ctx->collect_crypto_data = 1;
}
}
rfc822parse_release_field (field); /* (Content-type) */
- if (!is_protected_headers)
- {
- ctx->in_data = 1;
- }
+
+ /* Reset the in_data marker */
+ ctx->in_data = 1;
+
+ ctx->in_protected_headers = is_protected_headers;
log_data ("%s:%s: this body: nesting=%d partno=%d is_text=%d"
" charset=\"%s\"\n body_seen=%d is_text_attachment=%d"
" is_protected_headers=%d",
SRCNAME, __func__,
ctx->nesting_level, ctx->part_counter, is_text,
ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:"",
ctx->body_seen, is_text_attachment, is_protected_headers);
/* If this is a text part, decide whether we treat it as one
of our bodies.
*/
if ((is_text && !is_text_attachment))
{
if (is_text == 2)
{
ctx->body_seen = 2;
ctx->collect_html_body = 1;
ctx->collect_body = 0;
log_debug ("%s:%s: Collecting HTML body.",
SRCNAME, __func__);
/* We need this crutch because of one liner html
mails which would not be collected by the line
collector if they dont have a linefeed at the
end. */
provider->set_has_html_body (true);
}
else
{
log_debug ("%s:%s: Collecting text body.",
SRCNAME, __func__);
ctx->body_seen = 1;
ctx->collect_body = 1;
ctx->collect_html_body = 0;
}
}
else if (!ctx->collect_crypto_data && ctx->nesting_level >= 1)
{
/* Treat it as an attachment. */
ctx->current_attachment = provider->create_attachment();
ctx->collect_body = 0;
ctx->collect_html_body = 0;
log_data ("%s:%s: Collecting attachment.",
SRCNAME, __func__);
}
TRETURN 0;
}
static int
message_cb (void *opaque, rfc822parse_event_t event,
rfc822parse_t msg)
{
int retval = 0;
MimeDataProvider *provider = static_cast (opaque);
mime_context_t ctx = provider->mime_context();
debug_message_event (event);
if (event == RFC822PARSE_BEGIN_HEADER || event == RFC822PARSE_T2BODY)
{
/* We need to check here whether to start collecting signed data
because attachments might come without header lines and thus
we won't see the BEGIN_HEADER event. */
if (ctx->start_hashing == 1)
{
ctx->start_hashing = 2;
ctx->hashing_level = ctx->nesting_level;
ctx->collect_crypto_data = 1;
}
}
switch (event)
{
case RFC822PARSE_T2BODY:
retval = t2body (provider, msg);
break;
case RFC822PARSE_LEVEL_DOWN:
ctx->nesting_level++;
break;
case RFC822PARSE_LEVEL_UP:
if (ctx->nesting_level)
ctx->nesting_level--;
else
{
log_error ("%s: ctx=%p, invalid structure: bad nesting level\n",
SRCNAME, ctx);
ctx->parser_error = gpg_error (GPG_ERR_GENERAL);
}
break;
case RFC822PARSE_BOUNDARY:
case RFC822PARSE_LAST_BOUNDARY:
ctx->any_boundary = 1;
ctx->in_data = 0;
ctx->collect_body = 0;
if (ctx->start_hashing == 2 && ctx->hashing_level == ctx->nesting_level)
{
ctx->start_hashing = 3; /* Avoid triggering it again. */
ctx->collect_crypto_data = 0;
}
break;
case RFC822PARSE_BEGIN_HEADER:
ctx->part_counter++;
break;
default: /* Ignore all other events. */
break;
}
return retval;
}
MimeDataProvider::MimeDataProvider(bool no_headers) :
+ m_protected_headers_version(0),
m_signature(nullptr),
m_has_html_body(false),
m_collect_everything(no_headers)
{
TSTART;
memdbg_ctor ("MimeDataProvider");
m_mime_ctx = (mime_context_t) xcalloc (1, sizeof *m_mime_ctx);
m_mime_ctx->msg = rfc822parse_open (message_cb, this);
m_mime_ctx->mimestruct_tail = &m_mime_ctx->mimestruct;
TRETURN;
}
#ifdef HAVE_W32_SYSTEM
MimeDataProvider::MimeDataProvider(LPSTREAM stream, bool no_headers):
MimeDataProvider(no_headers)
{
TSTART;
if (stream)
{
stream->AddRef ();
memdbg_addRef (stream);
}
else
{
log_error ("%s:%s called without stream ", SRCNAME, __func__);
TRETURN;
}
log_data ("%s:%s Collecting data.", SRCNAME, __func__);
collect_data (stream);
log_data ("%s:%s Data collected.", SRCNAME, __func__);
gpgol_release (stream);
TRETURN;
}
#endif
MimeDataProvider::MimeDataProvider(FILE *stream, bool no_headers):
MimeDataProvider(no_headers)
{
TSTART;
log_data ("%s:%s Collecting data from file.", SRCNAME, __func__);
collect_data (stream);
log_data ("%s:%s Data collected.", SRCNAME, __func__);
TRETURN;
}
MimeDataProvider::~MimeDataProvider()
{
TSTART;
memdbg_dtor ("MimeDataProvider");
log_debug ("%s:%s", SRCNAME, __func__);
while (m_mime_ctx->mimestruct)
{
mimestruct_item_t tmp = m_mime_ctx->mimestruct->next;
xfree (m_mime_ctx->mimestruct->filename);
xfree (m_mime_ctx->mimestruct->charset);
xfree (m_mime_ctx->mimestruct->cid);
xfree (m_mime_ctx->mimestruct);
m_mime_ctx->mimestruct = tmp;
}
rfc822parse_close (m_mime_ctx->msg);
m_mime_ctx->current_attachment = NULL;
xfree (m_mime_ctx);
if (m_signature)
{
delete m_signature;
}
TRETURN;
}
bool
MimeDataProvider::isSupported(GpgME::DataProvider::Operation op) const
{
return op == GpgME::DataProvider::Read ||
op == GpgME::DataProvider::Seek ||
op == GpgME::DataProvider::Write ||
op == GpgME::DataProvider::Release;
}
ssize_t
MimeDataProvider::read(void *buffer, size_t size)
{
log_data ("%s:%s: Reading: " SIZE_T_FORMAT "Bytes",
SRCNAME, __func__, size);
ssize_t bRead = m_crypto_data.read (buffer, size);
if ((opt.enable_debug & DBG_DATA) && bRead)
{
std::string buf ((char *)buffer, bRead);
if (!is_binary (buf))
{
log_data ("%s:%s: Data: \n------\n%s\n------",
SRCNAME, __func__, buf.c_str());
}
else
{
log_data ("%s:%s: Hex Data: \n------\n%s\n------",
SRCNAME, __func__,
string_to_hex (buf).c_str ());
}
}
return bRead;
}
/* Split some raw data into lines and handle them accordingly.
Returns the amount of bytes not taken from the input buffer.
*/
size_t
MimeDataProvider::collect_input_lines(const char *input, size_t insize)
{
TSTART;
char linebuf[LINEBUFSIZE];
const char *s = input;
size_t pos = 0;
size_t nleft = insize;
size_t not_taken = nleft;
size_t len = 0;
/* Split the raw data into lines */
for (; nleft; nleft--, s++)
{
if (pos >= LINEBUFSIZE)
{
log_error ("%s:%s: rfc822 parser failed: line too long\n",
SRCNAME, __func__);
GpgME::Error::setSystemError (GPG_ERR_EIO);
TRETURN not_taken;
}
if (*s != '\n')
linebuf[pos++] = *s;
else
{
/* Got a complete line. Remove the last CR. */
not_taken -= pos + 1; /* Pos starts at 0 so + 1 for it */
if (pos && linebuf[pos-1] == '\r')
{
pos--;
}
log_data ("%s:%s: Parsing line=`%.*s'\n",
SRCNAME, __func__, (int)pos, linebuf);
/* Check the next state */
if (rfc822parse_insert (m_mime_ctx->msg,
(unsigned char*) linebuf,
pos))
{
log_error ("%s:%s: rfc822 parser failed: %s\n",
SRCNAME, __func__, strerror (errno));
TRETURN not_taken;
}
/* Check if the first line of the body is actually
a PGP Inline message. If so treat it as crypto data. */
if (!m_mime_ctx->pgp_marker_checked && m_mime_ctx->collect_body == 2)
{
m_mime_ctx->pgp_marker_checked = true;
if (pos >= 27 && !strncmp ("-----BEGIN PGP MESSAGE-----", linebuf, 27))
{
log_debug ("%s:%s: Found PGP Message in body.",
SRCNAME, __func__);
m_mime_ctx->collect_body = 0;
m_mime_ctx->collect_crypto_data = 1;
m_mime_ctx->start_hashing = 1;
m_collect_everything = true;
}
}
/* If we are currently in a collecting state actually
collect that line */
if (m_mime_ctx->collect_crypto_data && m_mime_ctx->start_hashing)
{
/* Save the signed data. Note that we need to delay
the CR/LF because the last line ending belongs to the
next boundary. */
if (m_mime_ctx->collect_crypto_data == 2)
{
m_crypto_data.write ("\r\n", 2);
}
log_data ("Writing raw crypto data: %.*s",
(int)pos, linebuf);
m_crypto_data.write (linebuf, pos);
m_mime_ctx->collect_crypto_data = 2;
}
if (m_mime_ctx->in_data && !m_mime_ctx->collect_signature &&
!m_mime_ctx->collect_crypto_data)
{
- /* We are inside of an attachment part. Write it out. */
+ /* We are inside of a plain part. Write it out. */
if (m_mime_ctx->in_data == 1) /* Skip the first line. */
m_mime_ctx->in_data = 2;
int slbrk = 0;
if (m_mime_ctx->is_qp_encoded)
len = qp_decode (linebuf, pos, &slbrk);
else if (m_mime_ctx->is_base64_encoded)
len = b64_decode (&m_mime_ctx->base64, linebuf, pos);
else
len = pos;
if (m_mime_ctx->collect_body)
{
+ /* For protected headers to filter out the legacy display part
+ we have to first collect it in its own buffer and then later
+ decide if it should be hidden or not. Depending on the
+ reset of the mime structure. The legacy display part must
+ be either text/plain or text/rfc822-headers so we only
+ have to handle this case and not the HTML case below. */
if (m_mime_ctx->collect_body == 2)
{
- m_body += std::string(linebuf, len);
+ std::string *target_buf =
+ (m_mime_ctx->in_protected_headers ? &m_ph_helpbuf : &m_body);
+ *target_buf += std::string(linebuf, len);
if (!m_mime_ctx->is_base64_encoded && !slbrk)
{
- m_body += "\r\n";
+ *target_buf += "\r\n";
}
}
if (m_body_charset.empty())
{
m_body_charset = m_mime_ctx->mimestruct_cur->charset ?
m_mime_ctx->mimestruct_cur->charset : "";
}
m_mime_ctx->collect_body = 2;
}
else if (m_mime_ctx->collect_html_body)
{
if (m_mime_ctx->collect_html_body == 2)
{
m_html_body += std::string(linebuf, len);
if (!m_mime_ctx->is_base64_encoded && !slbrk)
{
m_html_body += "\r\n";
}
}
if (m_html_charset.empty())
{
m_html_charset = m_mime_ctx->mimestruct_cur->charset ?
m_mime_ctx->mimestruct_cur->charset : "";
}
m_mime_ctx->collect_html_body = 2;
}
else if (m_mime_ctx->current_attachment && len)
{
m_mime_ctx->current_attachment->get_data().write(linebuf, len);
if (!m_mime_ctx->is_base64_encoded && !slbrk)
{
m_mime_ctx->current_attachment->get_data().write("\r\n", 2);
}
}
else
{
log_data ("%s:%s Collecting ended / failed.",
SRCNAME, __func__);
}
}
else if (m_mime_ctx->in_data && m_mime_ctx->collect_signature)
{
/* We are inside of a signature attachment part. */
if (m_mime_ctx->collect_signature == 1) /* Skip the first line. */
m_mime_ctx->collect_signature = 2;
else
{
int slbrk = 0;
if (m_mime_ctx->is_qp_encoded)
len = qp_decode (linebuf, pos, &slbrk);
else if (m_mime_ctx->is_base64_encoded)
len = b64_decode (&m_mime_ctx->base64, linebuf, pos);
else
len = pos;
if (!m_signature)
{
m_signature = new GpgME::Data();
}
if (len)
m_signature->write(linebuf, len);
if (!m_mime_ctx->is_base64_encoded && !slbrk)
m_signature->write("\r\n", 2);
}
}
else if (m_mime_ctx->in_data && !m_mime_ctx->start_hashing)
{
/* We are inside the data. That should be the actual
ciphertext in the given encoding. */
int slbrk = 0;
if (m_mime_ctx->is_qp_encoded)
len = qp_decode (linebuf, pos, &slbrk);
else if (m_mime_ctx->is_base64_encoded)
len = b64_decode (&m_mime_ctx->base64, linebuf, pos);
else
len = pos;
log_data ("Writing crypto data: %.*s",
(int)pos, linebuf);
if (len)
m_crypto_data.write(linebuf, len);
if (!m_mime_ctx->is_base64_encoded && !slbrk)
m_crypto_data.write("\r\n", 2);
}
/* Continue with next line. */
pos = 0;
}
}
TRETURN not_taken;
}
#ifdef HAVE_W32_SYSTEM
void
MimeDataProvider::collect_data(LPSTREAM stream)
{
TSTART;
if (!stream)
{
TRETURN;
}
HRESULT hr;
char buf[BUFSIZE];
ULONG bRead;
bool first_read = true;
bool is_pgp_message = false;
size_t allRead = 0;
while ((hr = stream->Read (buf, BUFSIZE, &bRead)) == S_OK ||
hr == S_FALSE)
{
if (!bRead)
{
log_data ("%s:%s: Input stream at EOF.",
SRCNAME, __func__);
break;
}
log_data ("%s:%s: Read %lu bytes.",
SRCNAME, __func__, bRead);
allRead += bRead;
if (first_read)
{
if (bRead > 12 && strncmp ("MIME-Version", buf, 12) == 0)
{
/* Fun! In case we have exchange or sent messages created by us
we get the mail attachment like it is before the MAPI to MIME
conversion. So it has our MIME structure. In that case
we have to expect MIME data even if the initial data check
suggests that we don't.
Checking if the content starts with MIME-Version appears
to be a robust way to check if we try to parse MIME data. */
m_collect_everything = false;
log_debug ("%s:%s: Found MIME-Version marker."
"Expecting headers even if type suggested not to.",
SRCNAME, __func__);
}
else if (bRead > 12 && !strncmp ("Content-Type:", buf, 13))
{
/* Similar as above but we messed with the order of the headers
for some s/mime mails. So also check for content type.
Want some cheese with that hack?
*/
m_collect_everything = false;
log_debug ("%s:%s: Found Content-Type header."
"Expecting headers even if type suggested not to.",
SRCNAME, __func__);
}
/* check for the PGP MESSAGE marker to see if we have it. */
if (bRead && m_collect_everything)
{
std::string tmp (buf, bRead);
std::size_t found = tmp.find ("-----BEGIN PGP MESSAGE-----");
if (found != std::string::npos)
{
log_debug ("%s:%s: found PGP Message marker,",
SRCNAME, __func__);
is_pgp_message = true;
}
}
}
first_read = false;
if (m_collect_everything)
{
/* For S/MIME, Clearsigned, PGP MESSAGES we just pass everything
on. Only the Multipart classes need parsing. And the output
of course. */
log_data ("%s:%s: Just copying data.",
SRCNAME, __func__);
m_crypto_data.write ((void*)buf, (size_t) bRead);
continue;
}
m_rawbuf += std::string (buf, bRead);
size_t not_taken = collect_input_lines (m_rawbuf.c_str(),
m_rawbuf.size());
if (not_taken == m_rawbuf.size())
{
log_error ("%s:%s: Collect failed to consume anything.\n"
"Buffer too small?",
SRCNAME, __func__);
break;
}
log_data ("%s:%s: Consumed: " SIZE_T_FORMAT " bytes",
SRCNAME, __func__, m_rawbuf.size() - not_taken);
m_rawbuf.erase (0, m_rawbuf.size() - not_taken);
}
if (is_pgp_message && allRead < (1024 * 100))
{
/* Sometimes received PGP Messsages contain extra whitespace /
newlines. To also accept such messages we fix up pgp inline
messages here. We only do this for messages which are smaller
then a hundred KByte for performance. */
log_debug ("%s:%s: Fixing up a possible broken message.",
SRCNAME, __func__);
/* Copy crypto data to string */
std::string data = m_crypto_data.toString();
m_crypto_data = GpgME::Data();
std::istringstream iss (data);
// Now parse it by line.
std::string line;
while (std::getline (iss, line))
{
trim (line);
if (line == "-----BEGIN PGP MESSAGE-----")
{
/* Finish an armor header */
line += "\n\n";
m_crypto_data.write (line.c_str (), line.size ());
continue;
}
/* Remove empty lines */
if (line.empty())
{
continue;
}
if (line.find (':') != std::string::npos)
{
log_data ("%s:%s: Removing comment '%s'.",
SRCNAME, __func__, line.c_str ());
continue;
}
line += '\n';
m_crypto_data.write (line.c_str (), line.size ());
}
}
TRETURN;
}
#endif
void
MimeDataProvider::collect_data(FILE *stream)
{
TSTART;
if (!stream)
{
TRETURN;
}
char buf[BUFSIZE];
size_t bRead;
while ((bRead = fread (buf, 1, BUFSIZE, stream)) > 0)
{
log_data ("%s:%s: Read " SIZE_T_FORMAT " bytes.",
SRCNAME, __func__, bRead);
if (m_collect_everything)
{
/* For S/MIME, Clearsigned, PGP MESSAGES we just pass everything
on. Only the Multipart classes need parsing. And the output
of course. */
log_data ("%s:%s: Making verbatim copy" SIZE_T_FORMAT " bytes.",
SRCNAME, __func__, bRead);
m_crypto_data.write ((void*)buf, bRead);
continue;
}
m_rawbuf += std::string (buf, bRead);
size_t not_taken = collect_input_lines (m_rawbuf.c_str(),
m_rawbuf.size());
if (not_taken == m_rawbuf.size())
{
log_error ("%s:%s: Collect failed to consume anything.\n"
"Buffer too small?",
SRCNAME, __func__);
TRETURN;
}
log_data ("%s:%s: Consumed: " SIZE_T_FORMAT " bytes",
SRCNAME, __func__, m_rawbuf.size() - not_taken);
m_rawbuf.erase (0, m_rawbuf.size() - not_taken);
}
TRETURN;
}
ssize_t MimeDataProvider::write(const void *buffer, size_t bufSize)
{
TSTART;
if (m_collect_everything)
{
/* Writing with collect everything one means that we are outputprovider.
In this case for inline messages we want to collect everything. */
log_data ("%s:%s: Using complete input as body " SIZE_T_FORMAT " bytes.",
SRCNAME, __func__, bufSize);
m_body += std::string ((const char *) buffer, bufSize);
TRETURN bufSize;
}
m_rawbuf += std::string ((const char*)buffer, bufSize);
size_t not_taken = collect_input_lines (m_rawbuf.c_str(),
m_rawbuf.size());
if (not_taken == m_rawbuf.size())
{
log_error ("%s:%s: Write failed to consume anything.\n"
"Buffer too small? or no newlines in text?",
SRCNAME, __func__);
TRETURN bufSize;
}
log_data ("%s:%s: Write Consumed: " SIZE_T_FORMAT " bytes",
SRCNAME, __func__, m_rawbuf.size() - not_taken);
m_rawbuf.erase (0, m_rawbuf.size() - not_taken);
TRETURN bufSize;
}
off_t
MimeDataProvider::seek(off_t offset, int whence)
{
return m_crypto_data.seek (offset, whence);
}
GpgME::Data *
MimeDataProvider::signature() const
{
TSTART;
TRETURN m_signature;
}
std::shared_ptr
MimeDataProvider::create_attachment()
{
TSTART;
log_data ("%s:%s: Creating attachment.",
SRCNAME, __func__);
auto attach = std::shared_ptr (new Attachment());
attach->set_attach_type (ATTACHTYPE_FROMMOSS);
m_mime_ctx->any_attachments_created = 1;
/* And now for the real name. We avoid storing the name "smime.p7m"
because that one is used at several places in the mapi conversion
functions. */
if (m_mime_ctx->mimestruct_cur && m_mime_ctx->mimestruct_cur->filename)
{
if (!strcmp (m_mime_ctx->mimestruct_cur->filename, "smime.p7m"))
{
attach->set_display_name ("x-smime.p7m");
}
else
{
log_data ("%s:%s: Attachment filename: %s",
SRCNAME, __func__, m_mime_ctx->mimestruct_cur->filename);
attach->set_display_name (m_mime_ctx->mimestruct_cur->filename);
}
}
if (m_mime_ctx->mimestruct_cur && m_mime_ctx->mimestruct_cur->cid)
{
attach->set_content_id (m_mime_ctx->mimestruct_cur->cid);
log_data ("%s:%s: content-id: %s",
SRCNAME, __func__, m_mime_ctx->mimestruct_cur->cid);
}
if (m_mime_ctx->mimestruct_cur && m_mime_ctx->mimestruct_cur->content_type)
{
attach->set_content_type (m_mime_ctx->mimestruct_cur->content_type);
log_data ("%s:%s: content-type: %s",
SRCNAME, __func__, m_mime_ctx->mimestruct_cur->content_type);
}
m_attachments.push_back (attach);
TRETURN attach;
/* TODO handle encoding */
}
+static std::string
+get_header (rfc822parse_t msg, const std::string &which)
+{
+ TSTART;
+ const char *buf = rfc822parse_get_field (msg,
+ which.c_str (), -1,
+ nullptr);
+ if (buf)
+ {
+ /* String is "which: " so the + 3 is the colon, the space and one
+ extra to ensure that we do not construct a std::string from null
+ below. */
+ if (strlen (buf) <= which.size() + 3)
+ {
+ log_error ("%s:%s: Invalid header value '%s'", SRCNAME, __func__,
+ buf);
+ TRETURN std::string ();
+ }
+ std::string ret = buf + which.size () + 2;
+ if (ret.size())
+ {
+ ret = rfc2047_parse (ret.c_str ());
+ }
+ TRETURN ret;
+ }
+ TRETURN std::string ();
+}
+
void MimeDataProvider::finalize ()
{
TSTART;
- if (m_had_protected_headers)
+ if (m_protected_headers_version)
{
- const char *subject = rfc822parse_get_field (m_mime_ctx->msg,
- "Subject", -1,
- nullptr);
- if (subject)
+ static std::vector user_headers = {"Subject", "From",
+ "To", "Cc", "Date",
+ "Reply-To",
+ "Followup-To"};
+ for (const auto &hdr: user_headers)
{
- log_debug ("%s:%s: Found subject %s", SRCNAME, __func__, subject);
- if (strlen (subject) <= strlen ("Subject: "))
- {
- STRANGEPOINT;
- }
- else
- {
- m_internal_subject = subject + strlen ("Subject: ");
- if (m_internal_subject.size())
- {
- m_internal_subject = rfc2047_parse (m_internal_subject.c_str ());
- }
- }
+ m_protected_headers.emplace (hdr, get_header (m_mime_ctx->msg, hdr));
}
}
+ /* Now check the mime strucutre for that legacy-display handling of
+ protected headers.
+
+ If the mime structure is:
+ multipart/mixed and the first subpart is text/plain or text/rfc822-headers
+ that we hide the first text part as we parsed the headers above
+ from that part. */
+ if (m_protected_headers_version == 1 && m_ph_helpbuf.size () &&
+ m_mime_ctx->mimestruct && m_mime_ctx->mimestruct->content_type &&
+ !strcmp (m_mime_ctx->mimestruct->content_type, "multipart/mixed") &&
+ m_mime_ctx->mimestruct->next && m_mime_ctx->mimestruct->next->content_type && (
+ !strcmp (m_mime_ctx->mimestruct->next->content_type, "text/plain") ||
+ !strcmp (m_mime_ctx->mimestruct->next->content_type, "text/rfc822-headers")))
+ {
+ log_debug ("%s:%s: Detected protected headers legacy part. It will be hidden.",
+ SRCNAME, __func__);
+ log_data ("%s:%s: PH legacy part: '%s'", SRCNAME, __func__, m_ph_helpbuf.c_str ());
+ }
+ else if (m_ph_helpbuf.size ())
+ {
+ log_debug ("%s:%s: Prepending protected headers part to buffer.",
+ SRCNAME, __func__);
+ m_body = m_ph_helpbuf + m_body;
+ }
+
if (m_rawbuf.size ())
{
m_rawbuf += "\r\n";
size_t not_taken = collect_input_lines (m_rawbuf.c_str(),
m_rawbuf.size());
m_rawbuf.erase (0, m_rawbuf.size() - not_taken);
if (m_rawbuf.size ())
{
log_error ("%s:%s: Collect left data in buffer.\n",
SRCNAME, __func__);
}
}
TRETURN;
}
const std::string &MimeDataProvider::get_body ()
{
TSTART;
TRETURN m_body;
}
const std::string &MimeDataProvider::get_html_body ()
{
TSTART;
TRETURN m_html_body;
}
const std::string &MimeDataProvider::get_html_charset() const
{
TSTART;
TRETURN m_html_charset;
}
const std::string &MimeDataProvider::get_body_charset() const
{
TSTART;
TRETURN m_body_charset;
}
-const std::string &MimeDataProvider::get_internal_subject () const
+std::string
+MimeDataProvider::get_protected_header (const std::string &which) const
{
TSTART;
- TRETURN m_internal_subject;
+ const auto it = m_protected_headers.find (which);
+ if (it != m_protected_headers.end ())
+ {
+ TRETURN it->second;
+ }
+ TRETURN std::string ();
}
diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h
index 17b5549..10e7808 100644
--- a/src/mimedataprovider.h
+++ b/src/mimedataprovider.h
@@ -1,163 +1,166 @@
/* mimedataprover.h - GpgME dataprovider for mime data
* Copyright (C) 2016 by Bundesamt für Sicherheit in der Informationstechnik
* Software engineering by Intevation GmbH
*
* This file is part of GpgOL.
*
* GpgOL is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* GpgOL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
#ifndef MIMEDATAPROVIDER_H
#define MIMEDATAPROVIDER_H
#include "config.h"
#include
#include
#include "rfc822parse.h"
#ifdef HAVE_W32_SYSTEM
#include "mapihelp.h"
#endif
#include
+#include