From 20ff9de24de47e591dd45e7dde0ac10948d6cbf6 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Oct 2017 22:25:38 -0400 Subject: [PATCH] index: implement notmuch_indexopts_t with try_decrypt This is currently mostly a wrapper around _notmuch_crypto_t that keeps its internals private and doesn't expose any of the GMime API. However, non-crypto indexing options might also be added later (e.g. filters or other transformations). --- lib/add-message.cc | 11 ++++++++++- lib/indexopts.c | 22 ++++++++++++++++++++-- lib/notmuch-private.h | 7 +++++++ lib/notmuch.h | 23 +++++++++++++++++++++++ 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/lib/add-message.cc b/lib/add-message.cc index bce10a0f..34099ed5 100644 --- a/lib/add-message.cc +++ b/lib/add-message.cc @@ -460,7 +460,7 @@ _notmuch_database_link_message (notmuch_database_t *notmuch, notmuch_status_t notmuch_database_index_file (notmuch_database_t *notmuch, const char *filename, - notmuch_indexopts_t unused (*indexopts), + notmuch_indexopts_t *indexopts, notmuch_message_t **message_ret) { notmuch_message_file_t *message_file; @@ -468,6 +468,7 @@ notmuch_database_index_file (notmuch_database_t *notmuch, notmuch_status_t ret = NOTMUCH_STATUS_SUCCESS, ret2; notmuch_private_status_t private_status; bool is_ghost = false, is_new = false; + notmuch_indexopts_t *def_indexopts = NULL; const char *date; const char *from, *to, *subject; @@ -540,6 +541,11 @@ notmuch_database_index_file (notmuch_database_t *notmuch, if (is_new || is_ghost) _notmuch_message_set_header_values (message, date, from, subject); + if (!indexopts) { + def_indexopts = notmuch_database_get_default_indexopts (notmuch); + indexopts = def_indexopts; + } + ret = _notmuch_message_index_file (message, message_file); if (ret) goto DONE; @@ -557,6 +563,9 @@ notmuch_database_index_file (notmuch_database_t *notmuch, } DONE: + if (def_indexopts) + notmuch_indexopts_destroy (def_indexopts); + if (message) { if ((ret == NOTMUCH_STATUS_SUCCESS || ret == NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID) && message_ret) diff --git a/lib/indexopts.c b/lib/indexopts.c index 2f9b841b..51b56dd7 100644 --- a/lib/indexopts.c +++ b/lib/indexopts.c @@ -21,9 +21,27 @@ #include "notmuch-private.h" notmuch_indexopts_t * -notmuch_database_get_default_indexopts (notmuch_database_t unused (*db)) +notmuch_database_get_default_indexopts (notmuch_database_t *db) { - return NULL; + return talloc_zero (db, notmuch_indexopts_t); +} + +notmuch_status_t +notmuch_indexopts_set_try_decrypt (notmuch_indexopts_t *indexopts, + notmuch_bool_t try_decrypt) +{ + if (!indexopts) + return NOTMUCH_STATUS_NULL_POINTER; + indexopts->crypto.decrypt = try_decrypt; + return NOTMUCH_STATUS_SUCCESS; +} + +notmuch_bool_t +notmuch_indexopts_get_try_decrypt (const notmuch_indexopts_t *indexopts) +{ + if (!indexopts) + return false; + return indexopts->crypto.decrypt; } void diff --git a/lib/notmuch-private.h b/lib/notmuch-private.h index e86f4582..4c408396 100644 --- a/lib/notmuch-private.h +++ b/lib/notmuch-private.h @@ -52,6 +52,7 @@ NOTMUCH_BEGIN_DECLS #include "xutil.h" #include "error_util.h" #include "string-util.h" +#include "crypto.h" #ifdef DEBUG # define DEBUG_DATABASE_SANITY 1 @@ -633,6 +634,12 @@ _notmuch_thread_create (void *ctx, notmuch_exclude_t omit_exclude, notmuch_sort_t sort); +/* indexopts.c */ + +struct _notmuch_indexopts { + _notmuch_crypto_t crypto; +}; + NOTMUCH_END_DECLS #ifdef __cplusplus diff --git a/lib/notmuch.h b/lib/notmuch.h index 89afb6d9..98f6e91a 100644 --- a/lib/notmuch.h +++ b/lib/notmuch.h @@ -2230,6 +2230,29 @@ notmuch_config_list_destroy (notmuch_config_list_t *config_list); notmuch_indexopts_t * notmuch_database_get_default_indexopts (notmuch_database_t *db); +/** + * Specify whether to decrypt encrypted parts while indexing. + * + * Be aware that the index is likely sufficient to reconstruct the + * cleartext of the message itself, so please ensure that the notmuch + * message index is adequately protected. DO NOT SET THIS FLAG TO TRUE + * without considering the security of your index. + * + * @since libnotmuch 5.1 (notmuch 0.26) + */ +notmuch_status_t +notmuch_indexopts_set_try_decrypt (notmuch_indexopts_t *indexopts, + notmuch_bool_t try_decrypt); + +/** + * Return whether to decrypt encrypted parts while indexing. + * see notmuch_indexopts_set_try_decrypt. + * + * @since libnotmuch 5.1 (notmuch 0.26) + */ +notmuch_bool_t +notmuch_indexopts_get_try_decrypt (const notmuch_indexopts_t *indexopts); + /** * Destroy a notmuch_indexopts_t object. *