From b7771e2149a035adf737f591f0a27c5286073eeb Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 20 Jan 2016 21:52:36 +1900 Subject: [PATCH] [PATCH v2 03/16] make shared crypto code behave library-like --- 89/a666708ff5a131d10b408b611c1e0c0149b8bf | 241 ++++++++++++++++++++++ 1 file changed, 241 insertions(+) create mode 100644 89/a666708ff5a131d10b408b611c1e0c0149b8bf diff --git a/89/a666708ff5a131d10b408b611c1e0c0149b8bf b/89/a666708ff5a131d10b408b611c1e0c0149b8bf new file mode 100644 index 000000000..b1e763ca2 --- /dev/null +++ b/89/a666708ff5a131d10b408b611c1e0c0149b8bf @@ -0,0 +1,241 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id EB9006DE13FB + for ; Tue, 19 Jan 2016 18:53:18 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.023 +X-Spam-Level: +X-Spam-Status: No, score=-0.023 tagged_above=-999 required=5 + tests=[AWL=-0.023] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id ipU96bG_aBQ0 for ; + Tue, 19 Jan 2016 18:53:15 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id 5C4F36DE1403 + for ; Tue, 19 Jan 2016 18:53:15 -0800 (PST) +Received: from fifthhorseman.net (unknown [38.109.115.130]) + by che.mayfirst.org (Postfix) with ESMTPSA id 617FDF986 + for ; Tue, 19 Jan 2016 21:53:10 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id D174520229; Tue, 19 Jan 2016 18:53:10 -0800 (PST) +From: Daniel Kahn Gillmor +To: Notmuch Mail +Subject: [PATCH v2 03/16] make shared crypto code behave library-like +Date: Tue, 19 Jan 2016 21:52:36 -0500 +Message-Id: <1453258369-7366-4-git-send-email-dkg@fifthhorseman.net> +X-Mailer: git-send-email 2.7.0.rc3 +In-Reply-To: <1453258369-7366-1-git-send-email-dkg@fifthhorseman.net> +References: <1453258369-7366-1-git-send-email-dkg@fifthhorseman.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Wed, 20 Jan 2016 02:53:19 -0000 + +If we're going to reuse the crypto code across both the library and +the client, then it needs to report error states properly and not +write to stderr. +--- + lib/database.cc | 6 ++++++ + lib/notmuch.h | 17 +++++++++++++++++ + mime-node.c | 7 ++++++- + util/crypto.c | 55 +++++++++++++++++++++++++------------------------------ + util/crypto.h | 6 ++++-- + 5 files changed, 58 insertions(+), 33 deletions(-) + +diff --git a/lib/database.cc b/lib/database.cc +index 3b342f1..0d4dc9b 100644 +--- a/lib/database.cc ++++ b/lib/database.cc +@@ -349,6 +349,12 @@ notmuch_status_to_string (notmuch_status_t status) + return "Operation requires a database upgrade"; + case NOTMUCH_STATUS_PATH_ERROR: + return "Path supplied is illegal for this function"; ++ case NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL: ++ return "Crypto protocol missing, malformed, or unintelligible"; ++ case NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION: ++ return "Crypto engine initialization failure"; ++ case NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL: ++ return "Unknown crypto protocol"; + default: + case NOTMUCH_STATUS_LAST_STATUS: + return "Unknown error status value"; +diff --git a/lib/notmuch.h b/lib/notmuch.h +index 310a8b8..00002f1 100644 +--- a/lib/notmuch.h ++++ b/lib/notmuch.h +@@ -171,6 +171,23 @@ typedef enum _notmuch_status { + */ + NOTMUCH_STATUS_PATH_ERROR, + /** ++ * A MIME object claimed to have cryptographic protection which ++ * notmuch tried to handle, but the protocol was not specified in ++ * an intelligible way. ++ */ ++ NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL, ++ /** ++ * Notmuch attempted to do crypto processing, but could not ++ * initialize the engine needed to do so. ++ */ ++ NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION, ++ /** ++ * A MIME object claimed to have cryptographic protection, and ++ * notmuch attempted to process it, but the specific protocol was ++ * something that notmuch doesn't know how to handle. ++ */ ++ NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL, ++ /** + * Not an actual status value. Just a way to find out how many + * valid status values there are. + */ +diff --git a/mime-node.c b/mime-node.c +index a8f5670..59c0da2 100644 +--- a/mime-node.c ++++ b/mime-node.c +@@ -244,7 +244,12 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part) + || (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify)) { + GMimeContentType *content_type = g_mime_object_get_content_type (part); + const char *protocol = g_mime_content_type_get_parameter (content_type, "protocol"); +- cryptoctx = _notmuch_crypto_get_gmime_context (node->ctx->crypto, protocol); ++ notmuch_status_t status; ++ status = _notmuch_crypto_get_gmime_ctx_for_protocol (node->ctx->crypto, ++ protocol, &cryptoctx); ++ if (status) /* this is a warning, not an error */ ++ fprintf (stderr, "Warning: %s (%s).\n", notmuch_status_to_string (status), ++ protocol ? protocol : "(NULL)"); + } + + /* Handle PGP/MIME parts */ +diff --git a/util/crypto.c b/util/crypto.c +index 1712347..c18c82c 100644 +--- a/util/crypto.c ++++ b/util/crypto.c +@@ -26,55 +26,53 @@ + #define ARRAY_SIZE(arr) (sizeof (arr) / sizeof (arr[0])) + + /* Create a GPG context (GMime 2.6) */ +-static GMimeCryptoContext* +-create_gpg_context (_notmuch_crypto_t *crypto) ++static notmuch_status_t ++get_gpg_context (_notmuch_crypto_t *crypto, GMimeCryptoContext **ctx) + { +- GMimeCryptoContext *gpgctx; ++ if (ctx == NULL || crypto == NULL) ++ return NOTMUCH_STATUS_NULL_POINTER; + + if (crypto->gpgctx) { +- return crypto->gpgctx; ++ *ctx = crypto->gpgctx; ++ return NOTMUCH_STATUS_SUCCESS; + } + + /* TODO: GMimePasswordRequestFunc */ +- gpgctx = g_mime_gpg_context_new (NULL, crypto->gpgpath ? crypto->gpgpath : "gpg"); +- if (! gpgctx) { +- fprintf (stderr, "Failed to construct gpg context.\n"); +- return NULL; ++ crypto->gpgctx = g_mime_gpg_context_new (NULL, crypto->gpgpath ? crypto->gpgpath : "gpg"); ++ if (! crypto->gpgctx) { ++ return NOTMUCH_STATUS_FAILED_CRYPTO_CONTEXT_CREATION; + } +- crypto->gpgctx = gpgctx; + +- g_mime_gpg_context_set_use_agent ((GMimeGpgContext *) gpgctx, TRUE); +- g_mime_gpg_context_set_always_trust ((GMimeGpgContext *) gpgctx, FALSE); ++ g_mime_gpg_context_set_use_agent ((GMimeGpgContext *) crypto->gpgctx, TRUE); ++ g_mime_gpg_context_set_always_trust ((GMimeGpgContext *) crypto->gpgctx, FALSE); + +- return crypto->gpgctx; ++ *ctx = crypto->gpgctx; ++ return NOTMUCH_STATUS_SUCCESS; + } + + static const struct { + const char *protocol; +- GMimeCryptoContext *(*get_context) (_notmuch_crypto_t *crypto); ++ notmuch_status_t (*get_context) (_notmuch_crypto_t *crypto, GMimeCryptoContext **ctx); + } protocols[] = { + { + .protocol = "application/pgp-signature", +- .get_context = create_gpg_context, ++ .get_context = get_gpg_context, + }, + { + .protocol = "application/pgp-encrypted", +- .get_context = create_gpg_context, ++ .get_context = get_gpg_context, + }, + }; + + /* for the specified protocol return the context pointer (initializing + * if needed) */ +-GMimeCryptoContext * +-_notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protocol) ++notmuch_status_t ++_notmuch_crypto_get_gmime_ctx_for_protocol (_notmuch_crypto_t *crypto, ++ const char *protocol, ++ GMimeCryptoContext **ctx) + { +- GMimeCryptoContext *cryptoctx = NULL; +- size_t i; +- +- if (! protocol) { +- fprintf (stderr, "Cryptographic protocol is empty.\n"); +- return cryptoctx; +- } ++ if (! protocol) ++ return NOTMUCH_STATUS_MALFORMED_CRYPTO_PROTOCOL; + + /* As per RFC 1847 section 2.1: "the [protocol] value token is + * comprised of the type and sub-type tokens of the Content-Type". +@@ -82,15 +80,12 @@ _notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protoc + * parameter names as defined in this document are + * case-insensitive." Thus, we use strcasecmp for the protocol. + */ +- for (i = 0; i < ARRAY_SIZE (protocols); i++) { ++ for (size_t i = 0; i < ARRAY_SIZE (protocols); i++) { + if (strcasecmp (protocol, protocols[i].protocol) == 0) +- return protocols[i].get_context (crypto); ++ return protocols[i].get_context (crypto, ctx); + } + +- fprintf (stderr, "Unknown or unsupported cryptographic protocol %s.\n", +- protocol); +- +- return NULL; ++ return NOTMUCH_STATUS_UNKNOWN_CRYPTO_PROTOCOL; + } + + void +diff --git a/util/crypto.h b/util/crypto.h +index 0e65472..92357b4 100644 +--- a/util/crypto.h ++++ b/util/crypto.h +@@ -12,8 +12,10 @@ typedef struct _notmuch_crypto { + } _notmuch_crypto_t; + + +-GMimeCryptoContext * +-_notmuch_crypto_get_gmime_context (_notmuch_crypto_t *crypto, const char *protocol); ++notmuch_status_t ++_notmuch_crypto_get_gmime_ctx_for_protocol (_notmuch_crypto_t *crypto, ++ const char *protocol, ++ GMimeCryptoContext **ctx); + + void + _notmuch_crypto_cleanup (_notmuch_crypto_t *crypto); +-- +2.7.0.rc3 + -- 2.26.2