Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id CB6F8429E25 for ; Fri, 23 Dec 2011 19:44:04 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ps2GtRYRzG6T for ; Fri, 23 Dec 2011 19:44:03 -0800 (PST) Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.36]) by olra.theworths.org (Postfix) with ESMTP id 47FBA431FB6 for ; Fri, 23 Dec 2011 19:44:03 -0800 (PST) X-AuditID: 12074424-b7fae6d000000906-20-4ef54a81b326 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id EE.7C.02310.18A45FE4; Fri, 23 Dec 2011 22:44:01 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id pBO3i0hV024065; Fri, 23 Dec 2011 22:44:01 -0500 Received: from awakening.csail.mit.edu (awakening.csail.mit.edu [18.26.4.91]) (authenticated bits=0) (User authenticated as amdragon@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id pBO3hxtT017625 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 23 Dec 2011 22:44:00 -0500 (EST) Received: from amthrax by awakening.csail.mit.edu with local (Exim 4.77) (envelope-from ) id 1ReIXc-0002Eb-EM; Fri, 23 Dec 2011 22:45:00 -0500 Date: Fri, 23 Dec 2011 22:45:00 -0500 From: Austin Clements To: Dmitry Kurochkin Subject: Re: [PATCH 2/4] Introduce a generic tree-like abstraction for MIME traversal. Message-ID: <20111224034500.GA1927@mit.edu> References: <1323027100-10307-1-git-send-email-amdragon@mit.edu> <1323460468-4030-1-git-send-email-amdragon@mit.edu> <1323460468-4030-3-git-send-email-amdragon@mit.edu> <87k46572f7.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87k46572f7.fsf@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkleLIzCtJLcpLzFFi42IR4hTV1m30+upncPywtsXVrf3sFtdvzmR2 YPLYOesuu8ezVbeYA5iiuGxSUnMyy1KL9O0SuDJWnVQo2KJesfjPQtYGxguyXYycHBICJhK7 mhuYIWwxiQv31rN1MXJxCAnsY5R4+OQPK4SzgVHi7KeJTCBVQgInmSSOrymBSCxhlJjft5m9 i5GDg0VAVWLdI3WQGjYBDYlt+5czgtgiAoYSty6+AtvALCAt8e13MxNIubBAhMTTHXUgYV4B bYkPi5dB7TrJKHH3TCsbREJQ4uTMJywQvVoSN/69BOsFmbP8HwdImFNAXWLm/nlgq0QFVCSm nNzGNoFRaBaS7llIumchdC9gZF7FKJuSW6Wbm5iZU5yarFucnJiXl1qka66Xm1mil5pSuokR FNLsLio7GJsPKR1iFOBgVOLhbVz6xU+INbGsuDL3EKMkB5OSKO9Vt69+QnxJ+SmVGYnFGfFF pTmpxYcYJTiYlUR4NZOAynlTEiurUovyYVLSHCxK4rwaWu/8hATSE0tSs1NTC1KLYLIyHBxK ErxPPIGGChalpqdWpGXmlCCkmTg4QYbzAA2fAlLDW1yQmFucmQ6RP8WoKCXOuw0kIQCSyCjN g+uFpZxXjOJArwjzvgSp4gGmK7juV0CDmYAGxxiBXF1ckoiQkmpgVAy24vtyR+TN5clRafLf Mq7YxzHaqitfP3q4vj1hz/MF27lCi/Zd8d0gfPuLSZqO4ILu9cYyJw/ypwZqhGrUpBwzWMAc 8SSG8ZWs6N+PZ7bd6eCdyLfS7bjTnN4N/7/GmS8SD7y174+32P6qfT9nzrJeezVtvtmGOIZZ fq5f2/bzFs5QEny0UomlOCPRUIu5qDgRANOBrYwUAwAA Cc: notmuch@notmuchmail.org X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2011 03:44:04 -0000 Thanks for the thorough review! Quoth Dmitry Kurochkin on Dec 10 at 3:25 am: > Hi Austin. > > + /* The number of children of this part. */ > + int children; > > Consider renaming to children_count or similar to make it clear that it > is a counter and not the actual children. Good point. Renamed to nchildren, which is shorter but still conveys that it's a count. > + notmuch_bool_t decrypt_success; > > Perhaps s/decrypt_success/is_decrypted/ for consistency with > is_encrypted? I actually got rid of is_encrypted/is_signed in the new version (see below). > +mime_node_child (const mime_node_t *parent, int child); > + > #include "command-line-arguments.h" > #endif > > #include should go above declarations. That one's bremner's fault. I'll follow up with a patch to move this. > + mime_node_t *out = talloc_zero (parent, mime_node_t); > > Perhaps s/out/node/? Done. > + /* this violates RFC 3156 section 4, so we won't bother with it. */ > + fprintf (stderr, "Error: %d part(s) for a multipart/encrypted " > + "message (should be exactly 2)\n", > + out->children); > > Perhaps s/should be exactly/must be exactly/? That is what the > RFC says. Same for signature. Done. > + out->is_encrypted = TRUE; > + out->is_signed = TRUE; > > These are set only if we do decryption/verification. But their > names and comments imply that they should reflect properties of > the part and be set independently from whether we are actually > doing decryption or verification. Good point. I replaced these fields with new fields, decrypt_attempted and sig_attempted, which are used the way the old fields were, but actually reflect the desired semantics and the information that the callers need. I first tried keeping the is_* fields and making them reflect the purely structural properties of the message, but then I realized that that was both redundant with the type of the MIME part and wasn't what callers actually needed to know. As an added benefit, sig_attempted sidesteps the question of whether a multipart/{signed,encrypted} without any signatures is "signed" and makes it possible for callers to distinguish between unsigned parts, signature verification failures, and encrypted parts with no signers. > + /* For some reason the GMimeSignatureValidity returned > + * here is not a const (inconsistent with that > + * returned by > + * g_mime_multipart_encrypted_get_signature_validity, > + * and therefore needs to be properly disposed of. > + * Hopefully the API will become more consistent. */ > > Ouch. In gmime 2.6 this API has changed, but looks like the > issue is still there. Is there a bug for it? If yes, we should > add a reference to the comment. Otherwise, we should file the > bug and then add a reference to the comment :) It looks like they're both non-const in 2.6 (which makes more sense to me). I updated the comment to mention this. > Both decryption and verification use cryptoctx. But decryption > is done iff decrypt is true (without checking if cryptoctx is > set) and verification is done iff cryptoctx is set (without any > special flag). Why is it asymmetric? Do we need to check if > cryptoctx is set for decryption? Oops, it wasn't supposed to be asymmetric. Decryption now requires cryptoctx to be set (it probably would have crashed before without it). > In mime_node_child(): > > + GMimeMultipart *multipart = GMIME_MULTIPART (parent->part); > + if (child == 1 && parent->decrypted_child) > + return _mime_node_create (parent, parent->decrypted_child); > > Multipart is not needed here, please move it's declaration below > the condition. > > + GMimeObject *child = g_mime_message_get_mime_part (message); > > The child variable eclipses the (int child) parameter. Consider > using a different name for the variable (or parameter). The above two were superseded by the next change. > + return _mime_node_create (parent, parent->decrypted_child); > + return _mime_node_create (parent, g_mime_multipart_get_part (multipart, child)); > ... > + return _mime_node_create (parent, child); > > All returns are similar. Consider declaring a local variable for > storing the part and using a single return, i.e.: > > GMimeObject *part; > if (...) > part = ...; > else ... > part = ...; > > return _mime_node_create (parent, part); Good idea. This made things compact enough to simplify the rest of this function. > Regards, > Dmitry > -- Austin Clements MIT/'06/PhD/CSAIL amdragon@mit.edu http://web.mit.edu/amdragon Somewhere in the dream we call reality you will find me, searching for the reality we call dreams.