1 /* notmuch - Not much of an email program, (just index and search)
2 *
3 * Copyright © 2009 Carl Worth
4 * Copyright © 2009 Keith Packard
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see https://www.gnu.org/licenses/ .
18 *
19 * Authors: Carl Worth <cworth@cworth.org>
20 * Keith Packard <keithp@keithp.com>
21 * Austin Clements <aclements@csail.mit.edu>
22 */
23
24 #include <sys/types.h>
25 #include <sys/stat.h>
26 #include <fcntl.h>
27
28 #include "notmuch-client.h"
29
30 /* Context that gets inherited from the root node. */
31 typedef struct mime_node_context {
32 /* Per-message resources. These are allocated internally and must
33 * be destroyed. */
34 GMimeStream *stream;
35 GMimeParser *parser;
36 GMimeMessage *mime_message;
37 _notmuch_message_crypto_t *msg_crypto;
38
39 /* repaired/unmangled parts that will need to be cleaned up */
40 GSList *repaired_parts;
41
42 /* Context provided by the caller. */
43 _notmuch_crypto_t *crypto;
44 } mime_node_context_t;
45
46 static int
_mime_node_context_free(mime_node_context_t * res)47 _mime_node_context_free (mime_node_context_t *res)
48 {
49 if (res->mime_message)
50 g_object_unref (res->mime_message);
51
52 if (res->parser)
53 g_object_unref (res->parser);
54
55 if (res->stream)
56 g_object_unref (res->stream);
57
58 if (res->repaired_parts)
59 g_slist_free_full (res->repaired_parts, g_object_unref);
60
61 return 0;
62 }
63
64 /* keep track of objects that need to be destroyed when the mime node
65 * context goes away. */
66 static void
_mime_node_context_track_repaired_part(mime_node_context_t * ctx,GMimeObject * part)67 _mime_node_context_track_repaired_part (mime_node_context_t *ctx, GMimeObject *part)
68 {
69 if (part)
70 ctx->repaired_parts = g_slist_prepend (ctx->repaired_parts, part);
71 }
72
73 const _notmuch_message_crypto_t *
mime_node_get_message_crypto_status(mime_node_t * node)74 mime_node_get_message_crypto_status (mime_node_t *node)
75 {
76 return node->ctx->msg_crypto;
77 }
78
79 notmuch_status_t
mime_node_open(const void * ctx,notmuch_message_t * message,_notmuch_crypto_t * crypto,mime_node_t ** root_out)80 mime_node_open (const void *ctx, notmuch_message_t *message,
81 _notmuch_crypto_t *crypto, mime_node_t **root_out)
82 {
83 const char *filename = notmuch_message_get_filename (message);
84 mime_node_context_t *mctx;
85 mime_node_t *root;
86 notmuch_status_t status;
87 int fd;
88
89 root = talloc_zero (ctx, mime_node_t);
90 if (root == NULL) {
91 fprintf (stderr, "Out of memory.\n");
92 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
93 goto DONE;
94 }
95
96 /* Create the tree-wide context */
97 mctx = talloc_zero (root, mime_node_context_t);
98 if (mctx == NULL) {
99 fprintf (stderr, "Out of memory.\n");
100 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
101 goto DONE;
102 }
103 talloc_set_destructor (mctx, _mime_node_context_free);
104
105 /* Fast path */
106 fd = open (filename, O_RDONLY);
107 if (fd == -1) {
108 /* Slow path - for some reason the first file in the list is
109 * not available anymore. This is clearly a problem in the
110 * database, but we are not going to let this problem be a
111 * show stopper */
112 notmuch_filenames_t *filenames;
113 for (filenames = notmuch_message_get_filenames (message);
114 notmuch_filenames_valid (filenames);
115 notmuch_filenames_move_to_next (filenames)) {
116 filename = notmuch_filenames_get (filenames);
117 fd = open (filename, O_RDONLY);
118 if (fd != -1)
119 break;
120 }
121
122 talloc_free (filenames);
123 if (fd == -1) {
124 /* Give up */
125 fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
126 status = NOTMUCH_STATUS_FILE_ERROR;
127 goto DONE;
128 }
129 }
130
131 mctx->stream = g_mime_stream_gzfile_new (fd);
132 if (! mctx->stream) {
133 fprintf (stderr, "Out of memory.\n");
134 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
135 goto DONE;
136 }
137
138 mctx->parser = g_mime_parser_new_with_stream (mctx->stream);
139 if (! mctx->parser) {
140 fprintf (stderr, "Out of memory.\n");
141 status = NOTMUCH_STATUS_OUT_OF_MEMORY;
142 goto DONE;
143 }
144
145 mctx->mime_message = g_mime_parser_construct_message (mctx->parser, NULL);
146 if (! mctx->mime_message) {
147 fprintf (stderr, "Failed to parse %s\n", filename);
148 status = NOTMUCH_STATUS_FILE_ERROR;
149 goto DONE;
150 }
151
152 mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
153
154 mctx->crypto = crypto;
155
156 /* Create the root node */
157 root->part = GMIME_OBJECT (mctx->mime_message);
158 root->envelope_file = message;
159 root->nchildren = 1;
160 root->ctx = mctx;
161
162 root->parent = NULL;
163 root->part_num = 0;
164 root->next_child = 0;
165 root->next_part_num = 1;
166
167 *root_out = root;
168 return NOTMUCH_STATUS_SUCCESS;
169
170 DONE:
171 talloc_free (root);
172 return status;
173 }
174
175 /* Signature list destructor */
176 static int
_signature_list_free(GMimeSignatureList ** proxy)177 _signature_list_free (GMimeSignatureList **proxy)
178 {
179 g_object_unref (*proxy);
180 return 0;
181 }
182
183 /* Set up signature list destructor */
184 static void
set_signature_list_destructor(mime_node_t * node)185 set_signature_list_destructor (mime_node_t *node)
186 {
187 GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
188
189 if (proxy) {
190 *proxy = node->sig_list;
191 talloc_set_destructor (proxy, _signature_list_free);
192 }
193 }
194
195 /* Unwrapped MIME part destructor */
196 static int
_unwrapped_child_free(GMimeObject ** proxy)197 _unwrapped_child_free (GMimeObject **proxy)
198 {
199 g_object_unref (*proxy);
200 return 0;
201 }
202
203 /* Set up unwrapped MIME part destructor */
204 static void
set_unwrapped_child_destructor(mime_node_t * node)205 set_unwrapped_child_destructor (mime_node_t *node)
206 {
207 GMimeObject **proxy = talloc (node, GMimeObject *);
208
209 if (proxy) {
210 *proxy = node->unwrapped_child;
211 talloc_set_destructor (proxy, _unwrapped_child_free);
212 }
213 }
214
215 /* Verify a signed mime node */
216 static void
node_verify(mime_node_t * node,GMimeObject * part)217 node_verify (mime_node_t *node, GMimeObject *part)
218 {
219 GError *err = NULL;
220 notmuch_status_t status;
221
222 node->verify_attempted = true;
223 if (GMIME_IS_APPLICATION_PKCS7_MIME (part))
224 node->sig_list = g_mime_application_pkcs7_mime_verify (
225 GMIME_APPLICATION_PKCS7_MIME (part), GMIME_VERIFY_NONE, &node->unwrapped_child, &err);
226 else
227 node->sig_list = g_mime_multipart_signed_verify (
228 GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
229
230 if (node->unwrapped_child) {
231 node->nchildren = 1;
232 set_unwrapped_child_destructor (node);
233 }
234
235 if (node->sig_list)
236 set_signature_list_destructor (node);
237 else
238 fprintf (stderr, "Failed to verify signed part: %s\n",
239 err ? err->message : "no error explanation given");
240
241 if (err)
242 g_error_free (err);
243
244 status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
245 if (status) /* this is a warning, not an error */
246 fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (
247 status));
248 }
249
250 /* Decrypt and optionally verify an encrypted mime node */
251 static void
node_decrypt_and_verify(mime_node_t * node,GMimeObject * part)252 node_decrypt_and_verify (mime_node_t *node, GMimeObject *part)
253 {
254 GError *err = NULL;
255 GMimeDecryptResult *decrypt_result = NULL;
256 notmuch_status_t status;
257 notmuch_message_t *message = NULL;
258
259 if (! node->unwrapped_child) {
260 for (mime_node_t *parent = node; parent; parent = parent->parent)
261 if (parent->envelope_file) {
262 message = parent->envelope_file;
263 break;
264 }
265
266 node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
267 node->ctx->crypto->decrypt,
268 message,
269 part, &decrypt_result, &err);
270 if (node->unwrapped_child)
271 set_unwrapped_child_destructor (node);
272 }
273 if (! node->unwrapped_child) {
274 fprintf (stderr, "Failed to decrypt part: %s\n",
275 err ? err->message : "no error explanation given");
276 goto DONE;
277 }
278
279 node->decrypt_success = true;
280 status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
281 if (status) /* this is a warning, not an error */
282 fprintf (stderr, "Warning: failed to note decryption status: %s.\n",
283 notmuch_status_to_string (status));
284
285 if (decrypt_result) {
286 /* This may be NULL if the part is not signed. */
287 node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
288 if (node->sig_list) {
289 node->verify_attempted = true;
290 g_object_ref (node->sig_list);
291 set_signature_list_destructor (node);
292 status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto,
293 node->sig_list);
294 if (status) /* this is a warning, not an error */
295 fprintf (stderr, "Warning: failed to note signature status: %s.\n",
296 notmuch_status_to_string (status));
297 }
298
299 if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
300 notmuch_database_t *db = notmuch_message_get_database (message);
301 const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
302 if (db && session_key)
303 print_status_message ("Failed to stash session key in the database",
304 message,
305 notmuch_message_add_property (message, "session-key",
306 session_key));
307 }
308 g_object_unref (decrypt_result);
309 }
310
311 DONE:
312 if (err)
313 g_error_free (err);
314 }
315
316 static bool
317 _mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild);
318
319 static mime_node_t *
_mime_node_create(mime_node_t * parent,GMimeObject * part,int numchild)320 _mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
321 {
322 mime_node_t *node = talloc_zero (parent, mime_node_t);
323
324 /* Set basic node properties */
325 node->ctx = parent->ctx;
326 if (! talloc_reference (node, node->ctx)) {
327 fprintf (stderr, "Out of memory.\n");
328 talloc_free (node);
329 return NULL;
330 }
331 node->parent = parent;
332 node->part_num = node->next_part_num = -1;
333 node->next_child = 0;
334
335 if (_mime_node_set_up_part (node, part, numchild))
336 return node;
337 talloc_free (node);
338 return NULL;
339 }
340
341 /* associate a MIME part with a node. */
342 static bool
_mime_node_set_up_part(mime_node_t * node,GMimeObject * part,int numchild)343 _mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild)
344 {
345 /* Deal with the different types of parts */
346 if (GMIME_IS_PART (part)) {
347 node->part = part;
348 node->nchildren = 0;
349 } else if (GMIME_IS_MULTIPART (part)) {
350 GMimeObject *repaired_part = _notmuch_repair_mixed_up_mangled (part);
351 if (repaired_part) {
352 /* This was likely "Mixed Up" in transit! We replace it
353 * with the more likely-to-be-correct variant. */
354 _mime_node_context_track_repaired_part (node->ctx, repaired_part);
355 part = repaired_part;
356 }
357 node->part = part;
358 node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part));
359 } else if (GMIME_IS_MESSAGE_PART (part)) {
360 /* Promote part to an envelope and open it */
361 GMimeMessagePart *message_part = GMIME_MESSAGE_PART (part);
362 GMimeMessage *message = g_mime_message_part_get_message (message_part);
363 node->envelope_part = message_part;
364 node->part = GMIME_OBJECT (message);
365 node->nchildren = 1;
366 } else {
367 fprintf (stderr, "Warning: Unknown mime part type: %s.\n",
368 g_type_name (G_OBJECT_TYPE (part)));
369 return false;
370 }
371
372 /* Handle PGP/MIME parts (by definition not cryptographic payload parts) */
373 if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt !=
374 NOTMUCH_DECRYPT_FALSE)) {
375 if (node->nchildren != 2) {
376 /* this violates RFC 3156 section 4, so we won't bother with it. */
377 fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
378 "message (must be exactly 2)\n",
379 node->nchildren);
380 } else {
381 node_decrypt_and_verify (node, part);
382 }
383 } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) {
384 if (node->nchildren != 2) {
385 /* this violates RFC 3156 section 5, so we won't bother with it. */
386 fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
387 "(must be exactly 2)\n",
388 node->nchildren);
389 } else {
390 node_verify (node, part);
391 }
392 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
393 GMIME_SECURE_MIME_TYPE_SIGNED_DATA == g_mime_application_pkcs7_mime_get_smime_type (
394 GMIME_APPLICATION_PKCS7_MIME (part))) {
395 /* If node->ctx->crypto->verify is false, it would be better
396 * to just unwrap (instead of verifying), but
397 * https://github.com/jstedfast/gmime/issues/67 */
398 node_verify (node, part);
399 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (part) &&
400 GMIME_SECURE_MIME_TYPE_ENVELOPED_DATA == g_mime_application_pkcs7_mime_get_smime_type (
401 GMIME_APPLICATION_PKCS7_MIME (part)) &&
402 (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
403 node_decrypt_and_verify (node, part);
404 if (node->unwrapped_child && node->nchildren == 0)
405 node->nchildren = 1;
406 } else {
407 if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ?
408 node->parent->part : NULL, numchild) &&
409 node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
410 GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part);
411 if (clean_payload != part) {
412 /* only one layer of recursion is possible here
413 * because there can be only a single cryptographic
414 * payload: */
415 return _mime_node_set_up_part (node, clean_payload, numchild);
416 }
417 }
418 }
419
420 return true;
421 }
422
423 mime_node_t *
mime_node_child(mime_node_t * parent,int child)424 mime_node_child (mime_node_t *parent, int child)
425 {
426 GMimeObject *sub;
427 mime_node_t *node;
428
429 if (! parent || ! parent->part || child < 0 || child >= parent->nchildren)
430 return NULL;
431
432 if (GMIME_IS_MULTIPART (parent->part)) {
433 if (child == GMIME_MULTIPART_ENCRYPTED_CONTENT && parent->unwrapped_child)
434 sub = parent->unwrapped_child;
435 else
436 sub = g_mime_multipart_get_part (
437 GMIME_MULTIPART (parent->part), child);
438 } else if (GMIME_IS_MESSAGE (parent->part)) {
439 sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
440 } else if (GMIME_IS_APPLICATION_PKCS7_MIME (parent->part) &&
441 parent->unwrapped_child &&
442 child == 0) {
443 sub = parent->unwrapped_child;
444 } else {
445 /* This should have been caught by _mime_node_set_up_part */
446 INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
447 g_type_name (G_OBJECT_TYPE (parent->part)));
448 }
449 node = _mime_node_create (parent, sub, child);
450
451 if (child == parent->next_child && parent->next_part_num != -1) {
452 /* We're traversing in depth-first order. Record the child's
453 * depth-first numbering. */
454 node->part_num = parent->next_part_num;
455 node->next_part_num = node->part_num + 1;
456
457 /* Prepare the parent for its next depth-first child. */
458 parent->next_child++;
459 parent->next_part_num = -1;
460
461 if (node->nchildren == 0) {
462 /* We've reached a leaf, so find the parent that has more
463 * children and set it up to number its next child. */
464 mime_node_t *iter = node->parent;
465 while (iter && iter->next_child == iter->nchildren)
466 iter = iter->parent;
467 if (iter)
468 iter->next_part_num = node->part_num + 1;
469 }
470 }
471
472 return node;
473 }
474
475 static mime_node_t *
_mime_node_seek_dfs_walk(mime_node_t * node,int * n)476 _mime_node_seek_dfs_walk (mime_node_t *node, int *n)
477 {
478 int i;
479
480 if (*n == 0)
481 return node;
482
483 *n -= 1;
484 for (i = 0; i < node->nchildren; i++) {
485 mime_node_t *child = mime_node_child (node, i);
486 mime_node_t *ret = _mime_node_seek_dfs_walk (child, n);
487 if (ret)
488 return ret;
489
490 talloc_free (child);
491 }
492 return NULL;
493 }
494
495 mime_node_t *
mime_node_seek_dfs(mime_node_t * node,int n)496 mime_node_seek_dfs (mime_node_t *node, int n)
497 {
498 if (n < 0)
499 return NULL;
500 return _mime_node_seek_dfs_walk (node, &n);
501 }
502