1 /* notmuch - Not much of an email program, (just index and search)
3 * Copyright © 2009 Carl Worth
4 * Copyright © 2009 Keith Packard
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see https://www.gnu.org/licenses/ .
19 * Authors: Carl Worth <cworth@cworth.org>
20 * Keith Packard <keithp@keithp.com>
21 * Austin Clements <aclements@csail.mit.edu>
24 #include <sys/types.h>
28 #include "notmuch-client.h"
30 /* Context that gets inherited from the root node. */
31 typedef struct mime_node_context {
32 /* Per-message resources. These are allocated internally and must
36 GMimeMessage *mime_message;
37 _notmuch_message_crypto_t *msg_crypto;
39 /* repaired/unmangled parts that will need to be cleaned up */
40 GSList *repaired_parts;
42 /* Context provided by the caller. */
43 _notmuch_crypto_t *crypto;
44 } mime_node_context_t;
47 _mime_node_context_free (mime_node_context_t *res)
49 if (res->mime_message)
50 g_object_unref (res->mime_message);
53 g_object_unref (res->parser);
56 g_object_unref (res->stream);
58 if (res->repaired_parts)
59 g_slist_free_full (res->repaired_parts, g_object_unref);
64 /* keep track of objects that need to be destroyed when the mime node
65 * context goes away. */
67 _mime_node_context_track_repaired_part (mime_node_context_t *ctx, GMimeObject *part)
70 ctx->repaired_parts = g_slist_prepend (ctx->repaired_parts, part);
73 const _notmuch_message_crypto_t *
74 mime_node_get_message_crypto_status (mime_node_t *node)
76 return node->ctx->msg_crypto;
80 mime_node_open (const void *ctx, notmuch_message_t *message,
81 _notmuch_crypto_t *crypto, mime_node_t **root_out)
83 const char *filename = notmuch_message_get_filename (message);
84 mime_node_context_t *mctx;
86 notmuch_status_t status;
89 root = talloc_zero (ctx, mime_node_t);
91 fprintf (stderr, "Out of memory.\n");
92 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
96 /* Create the tree-wide context */
97 mctx = talloc_zero (root, mime_node_context_t);
99 fprintf (stderr, "Out of memory.\n");
100 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
103 talloc_set_destructor (mctx, _mime_node_context_free);
106 fd = open (filename, O_RDONLY);
108 /* Slow path - for some reason the first file in the list is
109 * not available anymore. This is clearly a problem in the
110 * database, but we are not going to let this problem be a
112 notmuch_filenames_t *filenames;
113 for (filenames = notmuch_message_get_filenames (message);
114 notmuch_filenames_valid (filenames);
115 notmuch_filenames_move_to_next (filenames)) {
116 filename = notmuch_filenames_get (filenames);
117 fd = open (filename, O_RDONLY);
122 talloc_free (filenames);
125 fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
126 status = NOTMUCH_STATUS_FILE_ERROR;
131 mctx->stream = g_mime_stream_gzfile_new (fd);
132 if (! mctx->stream) {
133 fprintf (stderr, "Out of memory.\n");
134 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
138 mctx->parser = g_mime_parser_new_with_stream (mctx->stream);
139 if (! mctx->parser) {
140 fprintf (stderr, "Out of memory.\n");
141 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
145 mctx->mime_message = g_mime_parser_construct_message (mctx->parser, NULL);
146 if (! mctx->mime_message) {
147 fprintf (stderr, "Failed to parse %s\n", filename);
148 status = NOTMUCH_STATUS_FILE_ERROR;
152 mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
154 mctx->crypto = crypto;
156 /* Create the root node */
157 root->part = GMIME_OBJECT (mctx->mime_message);
158 root->envelope_file = message;
164 root->next_child = 0;
165 root->next_part_num = 1;
168 return NOTMUCH_STATUS_SUCCESS;
175 /* Signature list destructor */
177 _signature_list_free (GMimeSignatureList **proxy)
179 g_object_unref (*proxy);
183 /* Set up signature list destructor */
185 set_signature_list_destructor (mime_node_t *node)
187 GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
190 *proxy = node->sig_list;
191 talloc_set_destructor (proxy, _signature_list_free);
195 /* Unwrapped MIME part destructor */
197 _unwrapped_child_free (GMimeObject **proxy)
199 g_object_unref (*proxy);
203 /* Set up unwrapped MIME part destructor */
205 set_unwrapped_child_destructor (mime_node_t *node)
207 GMimeObject **proxy = talloc (node, GMimeObject *);
210 *proxy = node->unwrapped_child;
211 talloc_set_destructor (proxy, _unwrapped_child_free);
215 /* Verify a signed mime node */
217 node_verify (mime_node_t *node, GMimeObject *part)
220 notmuch_status_t status;
222 node->verify_attempted = true;
223 if (GMIME_IS_APPLICATION_PKCS7_MIME (part))
224 node->sig_list = g_mime_application_pkcs7_mime_verify (
225 GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err);
227 node->sig_list = g_mime_multipart_signed_verify (
228 GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
230 if (node->unwrapped_child) {
232 set_unwrapped_child_destructor (node);
236 set_signature_list_destructor (node);
238 fprintf (stderr, "Failed to verify signed part: %s\n",
239 err ? err->message : "no error explanation given");
244 status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
245 if (status) /* this is a warning, not an error */
246 fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
249 /* Decrypt and optionally verify an encrypted mime node */
251 node_decrypt_and_verify (mime_node_t *node, GMimeObject *part)
254 GMimeDecryptResult *decrypt_result = NULL;
255 notmuch_status_t status;
256 notmuch_message_t *message = NULL;
258 if (! node->unwrapped_child) {
259 for (mime_node_t *parent = node; parent; parent = parent->parent)
260 if (parent->envelope_file) {
261 message = parent->envelope_file;
265 node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
266 node->ctx->crypto->decrypt,
268 part, &decrypt_result, &err);
269 if (node->unwrapped_child)
270 set_unwrapped_child_destructor (node);
272 if (! node->unwrapped_child) {
273 fprintf (stderr, "Failed to decrypt part: %s\n",
274 err ? err->message : "no error explanation given");
278 node->decrypt_success = true;
279 status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
280 if (status) /* this is a warning, not an error */
281 fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
283 if (decrypt_result) {
284 /* This may be NULL if the part is not signed. */
285 node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
286 if (node->sig_list) {
287 node->verify_attempted = true;
288 g_object_ref (node->sig_list);
289 set_signature_list_destructor (node);
290 status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
291 if (status) /* this is a warning, not an error */
292 fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
295 if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
296 notmuch_database_t *db = notmuch_message_get_database (message);
297 const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
298 if (db && session_key)
299 print_status_message ("Failed to stash session key in the database",
301 notmuch_message_add_property (message, "session-key",
304 g_object_unref (decrypt_result);
313 _mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild);
316 _mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
318 mime_node_t *node = talloc_zero (parent, mime_node_t);
320 /* Set basic node properties */
321 node->ctx = parent->ctx;
322 if (! talloc_reference (node, node->ctx)) {
323 fprintf (stderr, "Out of memory.\n");
327 node->parent = parent;
328 node->part_num = node->next_part_num = -1;
329 node->next_child = 0;
331 if (_mime_node_set_up_part (node, part, numchild))
337 /* associate a MIME part with a node. */
339 _mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild)
341 /* Deal with the different types of parts */
342 if (GMIME_IS_PART (part)) {
345 } else if (GMIME_IS_MULTIPART (part)) {
346 GMimeObject *repaired_part = _notmuch_repair_mixed_up_mangled (part);
348 /* This was likely "Mixed Up" in transit! We replace it
349 * with the more likely-to-be-correct variant. */
350 _mime_node_context_track_repaired_part (node->ctx, repaired_part);
351 part = repaired_part;
354 node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part));
355 } else if (GMIME_IS_MESSAGE_PART (part)) {
356 /* Promote part to an envelope and open it */
357 GMimeMessagePart *message_part = GMIME_MESSAGE_PART (part);
358 GMimeMessage *message = g_mime_message_part_get_message (message_part);
359 node->envelope_part = message_part;
360 node->part = GMIME_OBJECT (message);
363 fprintf (stderr, "Warning: Unknown mime part type: %s.\n",
364 g_type_name (G_OBJECT_TYPE (part)));
368 /* Handle PGP/MIME parts (by definition not cryptographic payload parts) */
369 if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
370 if (node->nchildren != 2) {
371 /* this violates RFC 3156 section 4, so we won't bother with it. */
372 fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
373 "message (must be exactly 2)\n",
376 node_decrypt_and_verify (node, part);
378 } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) {
379 if (node->nchildren != 2) {
380 /* this violates RFC 3156 section 5, so we won't bother with it. */
381 fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
382 "(must be exactly 2)\n",
385 node_verify (node, part);
387 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
388 GMIME_SECURE_MIME_TYPE_SIGNED_DATA == g_mime_application_pkcs7_mime_get_smime_type (GMIME_APPLICATION_PKCS7_MIME (part))) {
389 /* If node->ctx->crypto->verify is false, it would be better
390 * to just unwrap (instead of verifying), but
391 * https://github.com/jstedfast/gmime/issues/67 */
392 node_verify (node, part);
393 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
394 GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA == g_mime_application_pkcs7_mime_get_smime_type (GMIME_APPLICATION_PKCS7_MIME (part)) &&
395 (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
396 node_decrypt_and_verify (node, part);
397 if (node->unwrapped_child && node->nchildren == 0)
400 if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ? node->parent->part : NULL, numchild) &&
401 node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
402 GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part);
403 if (clean_payload != part) {
404 /* only one layer of recursion is possible here
405 * because there can be only a single cryptographic
407 return _mime_node_set_up_part (node, clean_payload, numchild);
416 mime_node_child (mime_node_t *parent, int child)
421 if (! parent || ! parent->part || child < 0 || child >= parent->nchildren)
424 if (GMIME_IS_MULTIPART (parent->part)) {
425 if (child == GMIME_MULTIPART_ENCRYPTED_CONTENT && parent->unwrapped_child)
426 sub = parent->unwrapped_child;
428 sub = g_mime_multipart_get_part (
429 GMIME_MULTIPART (parent->part), child);
430 } else if (GMIME_IS_MESSAGE (parent->part)) {
431 sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
432 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (parent->part) &&
433 parent->unwrapped_child &&
435 sub = parent->unwrapped_child;
437 /* This should have been caught by _mime_node_set_up_part */
438 INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
439 g_type_name (G_OBJECT_TYPE (parent->part)));
441 node = _mime_node_create (parent, sub, child);
443 if (child == parent->next_child && parent->next_part_num != -1) {
444 /* We're traversing in depth-first order. Record the child's
445 * depth-first numbering. */
446 node->part_num = parent->next_part_num;
447 node->next_part_num = node->part_num + 1;
449 /* Prepare the parent for its next depth-first child. */
450 parent->next_child++;
451 parent->next_part_num = -1;
453 if (node->nchildren == 0) {
454 /* We've reached a leaf, so find the parent that has more
455 * children and set it up to number its next child. */
456 mime_node_t *iter = node->parent;
457 while (iter && iter->next_child == iter->nchildren)
460 iter->next_part_num = node->part_num + 1;
468 _mime_node_seek_dfs_walk (mime_node_t *node, int *n)
476 for (i = 0; i < node->nchildren; i++) {
477 mime_node_t *child = mime_node_child (node, i);
478 mime_node_t *ret = _mime_node_seek_dfs_walk (child, n);
488 mime_node_seek_dfs (mime_node_t *node, int n)
492 return _mime_node_seek_dfs_walk (node, &n);