git://git.uio.no / usit-rt.git / blame
| Commit | Line | Data |
|---|---|---|
| 84fb5b46 MKG |
1 | %# BEGIN BPS TAGGED BLOCK {{{ |
| 2 | %# | |
| 3 | %# COPYRIGHT: | |
| 4 | %# | |
| 403d7b0b | 5 | %# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC |
| 84fb5b46 MKG |
6 | %# <sales@bestpractical.com> |
| 7 | %# | |
| 8 | %# (Except where explicitly superseded by other copyright notices) | |
| 9 | %# | |
| 10 | %# | |
| 11 | %# LICENSE: | |
| 12 | %# | |
| 13 | %# This work is made available to you under the terms of Version 2 of | |
| 14 | %# the GNU General Public License. A copy of that license should have | |
| 15 | %# been provided with this software, but in any event can be snarfed | |
| 16 | %# from www.gnu.org. | |
| 17 | %# | |
| 18 | %# This work is distributed in the hope that it will be useful, but | |
| 19 | %# WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | %# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 21 | %# General Public License for more details. | |
| 22 | %# | |
| 23 | %# You should have received a copy of the GNU General Public License | |
| 24 | %# along with this program; if not, write to the Free Software | |
| 25 | %# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
| 26 | %# 02110-1301 or visit their web page on the internet at | |
| 27 | %# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. | |
| 28 | %# | |
| 29 | %# | |
| 30 | %# CONTRIBUTION SUBMISSION POLICY: | |
| 31 | %# | |
| 32 | %# (The following paragraph is not intended to limit the rights granted | |
| 33 | %# to you to modify and distribute this software under the terms of | |
| 34 | %# the GNU General Public License and is only of importance to you if | |
| 35 | %# you choose to contribute your changes and enhancements to the | |
| 36 | %# community by submitting them to Best Practical Solutions, LLC.) | |
| 37 | %# | |
| 38 | %# By intentionally submitting any modifications, corrections or | |
| 39 | %# derivatives to this work, or any other work intended for use with | |
| 40 | %# Request Tracker, to Best Practical Solutions, LLC, you confirm that | |
| 41 | %# you are the copyright holder for those contributions and you grant | |
| 42 | %# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, | |
| 43 | %# royalty-free, perpetual, license to use, copy, create derivative | |
| 44 | %# works based on those contributions, and sublicense and distribute | |
| 45 | %# those contributions and any derivatives thereof. | |
| 46 | %# | |
| 47 | %# END BPS TAGGED BLOCK }}} | |
| 48 | <table class="crypt-runs"> | |
| 49 | <tr><td align="right" class="labeltop" rowspan="<% scalar @messages %>">GnuPG:</td> | |
| 50 | <td><% shift @messages %></td></tr> | |
| 51 | ||
| 52 | % foreach my $msg( @messages ) { | |
| 53 | <tr><td><% $msg %></td></tr> | |
| 54 | % } | |
| 55 | </table> | |
| 56 | <%ARGS> | |
| 57 | $Attachment | |
| 58 | $WarnUnsigned => undef | |
| 59 | $Reverify => 1 | |
| 60 | </%ARGS> | |
| 61 | <%INIT> | |
| 62 | my @runs; | |
| 63 | my $needs_unsigned_warning = $WarnUnsigned; | |
| 64 | ||
| 65 | foreach ( $Attachment->SplitHeaders ) { | |
| 66 | if ( s/^X-RT-GnuPG-Status:\s*//i ) { | |
| 67 | require RT::Crypt::GnuPG; | |
| 68 | push @runs, [ RT::Crypt::GnuPG::ParseStatus( $_ ) ]; | |
| 69 | } | |
| 70 | ||
| 71 | $needs_unsigned_warning = 0 if /^X-RT-Incoming-Signature:/; | |
| 72 | ||
| 73 | # if this is not set, then the email is generated by RT, and so we don't | |
| 74 | # need "email is unsigned" warnings | |
| 75 | $needs_unsigned_warning = 0 if not /^Received:/; | |
| 76 | } | |
| 77 | ||
| 78 | return unless @runs or $needs_unsigned_warning; | |
| 79 | ||
| 80 | my $reverify_cb = sub { | |
| 81 | my $top = shift; | |
| 82 | ||
| 83 | my $txn = $top->TransactionObj; | |
| 84 | unless ( $txn && $txn->id ) { | |
| 85 | return (0, "Couldn't get transaction of attachment #". $top->id); | |
| 86 | } | |
| 87 | ||
| 88 | my $attachments = $txn->Attachments->Clone; | |
| 89 | $attachments->Limit( FIELD => 'ContentType', VALUE => 'application/x-rt-original-message' ); | |
| 90 | my $original = $attachments->First; | |
| 91 | unless ( $original ) { | |
| 92 | return (0, "Couldn't find attachment with original email of transaction #". $txn->id); | |
| 93 | } | |
| 94 | ||
| 95 | my $parser = RT::EmailParser->new(); | |
| 96 | $parser->SmartParseMIMEEntityFromScalar( | |
| 97 | Message => $original->Content, | |
| 98 | Decode => 0, | |
| 99 | Exact => 1, | |
| 100 | ); | |
| 101 | my $entity = $parser->Entity; | |
| 102 | unless ( $entity ) { | |
| 103 | return (0, "Couldn't parse content of attachment #". $original->id); | |
| 104 | } | |
| 105 | ||
| 106 | use RT::Interface::Email::Auth::GnuPG; | |
| 107 | my ($status, @res) = RT::Interface::Email::Auth::GnuPG::VerifyDecrypt( Entity => $entity ); | |
| 108 | if ( $status && !@res ) { | |
| 109 | # imposible in this situation | |
| 110 | return (0, "Content of attachment #". $original->id ." is not signed and/or encrypted"); | |
| 111 | } | |
| 112 | elsif ( @res ) { | |
| 113 | require RT::Crypt::GnuPG; | |
| 114 | ||
| 115 | $top->DelHeader('X-RT-GnuPG-Status'); | |
| 116 | $top->AddHeader(map { ('X-RT-GnuPG-Status' => $_->{'status'} ) } @res); | |
| 117 | $top->SetHeader('X-RT-Privacy' => 'PGP' ); | |
| 118 | $top->DelHeader('X-RT-Incoming-Signature'); | |
| 119 | ||
| 120 | my @status = RT::Crypt::GnuPG::ParseStatus( $res[0]->{'status'} ); | |
| 121 | for ( @status ) { | |
| 122 | if ( $_->{'Operation'} eq 'Verify' && $_->{'Status'} eq 'DONE' ) { | |
| 123 | $top->AddHeader( 'X-RT-Incoming-Signature' => $_->{'UserString'} ); | |
| 124 | $needs_unsigned_warning = 0; | |
| 125 | } | |
| 126 | } | |
| 127 | } | |
| 128 | return (1, "Reverified original message"); | |
| 129 | }; | |
| 130 | ||
| 131 | my @messages; | |
| 132 | foreach my $run ( @runs ) { | |
| 133 | foreach my $line ( @$run ) { | |
| 134 | if ( $line->{'Operation'} eq 'KeyCheck' ) { | |
| 135 | next unless $Reverify; | |
| 136 | # if a public key was missing during verification then we want try again | |
| 137 | next unless $line->{'KeyType'} eq 'public' && $line->{'Status'} eq 'MISSING'; | |
| 138 | ||
| 139 | # but only if we have key | |
| 140 | my %key = RT::Crypt::GnuPG::GetPublicKeyInfo( $line->{'Key'} ); | |
| 141 | if ( $key{'info'} ) { | |
| 142 | my ($status, $msg) = $reverify_cb->($Attachment); | |
| 143 | unless ($status) { | |
| 144 | $RT::Logger->error($msg); | |
| 145 | } else { | |
| 146 | return $m->comp('SELF', %ARGS, Reverify => 0); | |
| 147 | } | |
| 148 | } | |
| 149 | else { | |
| 150 | push @messages, loc( "Public key '0x[_1]' is required to verify signature", $line->{'Key'} ); | |
| 151 | } | |
| 152 | } | |
| 153 | elsif ( $line->{'Operation'} eq 'PassphraseCheck' ) { | |
| 154 | next if $line->{'Status'} eq 'DONE'; | |
| 155 | push @messages, loc( $line->{'Message'} ); | |
| 156 | } | |
| 157 | elsif ( $line->{'Operation'} eq 'Decrypt' ) { | |
| 158 | push @messages, loc( $line->{'Message'} ); | |
| 159 | } | |
| 160 | elsif ( $line->{'Operation'} eq 'Verify' ) { | |
| 161 | push @messages, loc( $line->{'Message'} ); | |
| 162 | } | |
| 163 | else { | |
| 164 | next if $line->{'Status'} eq 'DONE'; | |
| 165 | push @messages, loc( $line->{'Message'} ); | |
| 166 | } | |
| 167 | } | |
| 168 | } | |
| 169 | ||
| 170 | push @messages, loc('Warning! This is NOT signed!') | |
| 171 | if $needs_unsigned_warning; | |
| 172 | return unless @messages; | |
| 173 | ||
| 174 | my %seen; | |
| 175 | @messages = grep !$seen{$_}++, @messages; | |
| 176 | ||
| 177 | </%INIT> |