mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-21 18:38:08 +01:00
cli: new crypto verify flag to handle verification
Use this flag rather than depend on the existence of an initialized gpgctx, to determine whether we should verify a multipart/signed. We will be moving to create the ctx lazily, so we don't want to depend on it being previously initialized if it's not needed.
This commit is contained in:
Jameson Graef Rollins
David Bremner
parent
90822ffdb8
commit
b2c8fdee53
4 changed files with 18 additions and 10 deletions
|
|
@ -183,8 +183,7 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
|
|||
}
|
||||
|
||||
/* Handle PGP/MIME parts */
|
||||
if (GMIME_IS_MULTIPART_ENCRYPTED (part)
|
||||
&& node->ctx->crypto->gpgctx && node->ctx->crypto->decrypt) {
|
||||
if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto->decrypt) {
|
||||
if (node->nchildren != 2) {
|
||||
/* this violates RFC 3156 section 4, so we won't bother with it. */
|
||||
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
|
||||
|
|
@ -218,7 +217,7 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
|
|||
(err ? err->message : "no error explanation given"));
|
||||
}
|
||||
}
|
||||
} else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->gpgctx) {
|
||||
} else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) {
|
||||
if (node->nchildren != 2) {
|
||||
/* this violates RFC 3156 section 5, so we won't bother with it. */
|
||||
fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
|
||||
|
|
|
|||
|
|
@ -79,6 +79,7 @@ typedef struct notmuch_show_format {
|
|||
|
||||
typedef struct notmuch_crypto {
|
||||
notmuch_crypto_context_t* gpgctx;
|
||||
notmuch_bool_t verify;
|
||||
notmuch_bool_t decrypt;
|
||||
} notmuch_crypto_t;
|
||||
|
||||
|
|
@ -350,10 +351,9 @@ struct mime_node {
|
|||
};
|
||||
|
||||
/* Construct a new MIME node pointing to the root message part of
|
||||
* message. If crypto->gpgctx is non-NULL, it will be used to verify
|
||||
* signatures on any child parts. If crypto->decrypt is true, then
|
||||
* crypto.gpgctx will additionally be used to decrypt any encrypted
|
||||
* child parts.
|
||||
* message. If crypto->verify is true, signed child parts will be
|
||||
* verified. If crypto->decrypt is true, encrypted child parts will be
|
||||
* decrypted.
|
||||
*
|
||||
* Return value:
|
||||
*
|
||||
|
|
|
|||
|
|
@ -707,6 +707,7 @@ notmuch_reply_command (void *ctx, int argc, char *argv[])
|
|||
notmuch_show_params_t params = {
|
||||
.part = -1,
|
||||
.crypto = {
|
||||
.verify = FALSE,
|
||||
.decrypt = FALSE
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -987,11 +987,11 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
|
|||
.part = -1,
|
||||
.omit_excluded = TRUE,
|
||||
.crypto = {
|
||||
.verify = FALSE,
|
||||
.decrypt = FALSE
|
||||
}
|
||||
};
|
||||
int format_sel = NOTMUCH_FORMAT_NOT_SPECIFIED;
|
||||
notmuch_bool_t verify = FALSE;
|
||||
int exclude = EXCLUDE_TRUE;
|
||||
|
||||
notmuch_opt_desc_t options[] = {
|
||||
|
|
@ -1008,7 +1008,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
|
|||
{ NOTMUCH_OPT_INT, ¶ms.part, "part", 'p', 0 },
|
||||
{ NOTMUCH_OPT_BOOLEAN, ¶ms.entire_thread, "entire-thread", 't', 0 },
|
||||
{ NOTMUCH_OPT_BOOLEAN, ¶ms.crypto.decrypt, "decrypt", 'd', 0 },
|
||||
{ NOTMUCH_OPT_BOOLEAN, &verify, "verify", 'v', 0 },
|
||||
{ NOTMUCH_OPT_BOOLEAN, ¶ms.crypto.verify, "verify", 'v', 0 },
|
||||
{ 0, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
|
|
@ -1018,6 +1018,10 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
|
|||
return 1;
|
||||
}
|
||||
|
||||
/* decryption implies verification */
|
||||
if (params.crypto.decrypt)
|
||||
params.crypto.verify = TRUE;
|
||||
|
||||
if (format_sel == NOTMUCH_FORMAT_NOT_SPECIFIED) {
|
||||
/* if part was requested and format was not specified, use format=raw */
|
||||
if (params.part >= 0)
|
||||
|
|
@ -1052,7 +1056,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
|
|||
break;
|
||||
}
|
||||
|
||||
if (params.crypto.decrypt || verify) {
|
||||
if (params.crypto.decrypt || params.crypto.verify) {
|
||||
#ifdef GMIME_ATLEAST_26
|
||||
/* TODO: GMimePasswordRequestFunc */
|
||||
params.crypto.gpgctx = g_mime_gpg_context_new (NULL, "gpg");
|
||||
|
|
@ -1063,6 +1067,10 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
|
|||
if (params.crypto.gpgctx) {
|
||||
g_mime_gpg_context_set_always_trust ((GMimeGpgContext*) params.crypto.gpgctx, FALSE);
|
||||
} else {
|
||||
/* If we fail to create the gpgctx set the verify and
|
||||
* decrypt flags to FALSE so we don't try to do any
|
||||
* further verification or decryption */
|
||||
params.crypto.verify = FALSE;
|
||||
params.crypto.decrypt = FALSE;
|
||||
fprintf (stderr, "Failed to construct gpg context.\n");
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue