banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enigma: fix issues with enabled messages_cache

Browse Source
pull/271/head
Aleksander Machniak 9 years ago
parent 314d03c88f
commit 1ad0e7da52
2 changed files with 42 additions and 30 deletions
Show Stats Download Patch File Download Diff File

9
plugins/enigma/README
Unescape Escape View File

@ -23,20 +23,17 @@ Implemented features:
TODO (must have): TODO (must have):
- Fix issues with enabled messages_cache
- Make working with gnupg-2.x - Make working with gnupg-2.x
- Keys export to file - Keys export to file
- Disable Reply/Forward options when viewing encrypted messages - Disable Reply/Forward options when viewing encrypted messages
until they are decrypted successfully until they are decrypted successfully
- Handling of replying/forwarding of encrypted/signed messages - Handling of replying/forwarding of encrypted/signed messages
- Performance improvements: - Client-side keys generation (with OpenPGP.js?)
- cache decrypted message key id so we can skip decryption if we have no password in session
TODO (later): TODO (later):
- Handling of big messages with temp files - Handling of big messages with temp files
- Server-side keys generation (warning: no-entropy issue, max_execution_time issue) - Server-side keys generation (warning: no-entropy issue, max_execution_time issue)
- Client-side keys generation (with OpenPGP.js?)
- Key info in contact details page (optional) - Key info in contact details page (optional)
- Extended key management: - Extended key management:
- disable, - disable,
@ -52,7 +49,9 @@ TODO (later):
- Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does) - Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does)
- Support for multi-server installations (store keys in sql database?) - Support for multi-server installations (store keys in sql database?)
- Per-Identity settings (including keys/certs) - Per-Identity settings (including keys/certs)
- Cache (last or successful only?) sig verification status to not verify on every msg preview (optional) - Performance improvements:
- cache decrypted message key id so we can skip decryption if we have no password in session
- cache (last or successful only?) sig verification status to not verify on every msg preview (optional)
- S/MIME: Certs generation - S/MIME: Certs generation
- S/MIME: Certs management - S/MIME: Certs management

63
plugins/enigma/lib/enigma_engine.php
Unescape Escape View File

@ -27,9 +27,11 @@ class enigma_engine
private $pgp_driver; private $pgp_driver;
private $smime_driver; private $smime_driver;
public $decryptions = array(); public $decryptions = array();
public $signatures = array(); public $signatures = array();
public $signed_parts = array(); public $signed_parts = array();
public $encrypted_parts = array();
const PASSWORD_TIME = 120; const PASSWORD_TIME = 120;
@ -329,6 +331,8 @@ class enigma_engine
{ {
// encrypted attachment, see parse_plain_encrypted() // encrypted attachment, see parse_plain_encrypted()
if ($p['part']->need_decryption && $p['part']->body === null) { if ($p['part']->need_decryption && $p['part']->body === null) {
$this->load_pgp_driver();
$storage = $this->rc->get_storage(); $storage = $this->rc->get_storage();
$body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false); $body = $storage->get_message_part($p['object']->uid, $p['part']->mime_id, $p['part'], null, null, true, 0, false);
$result = $this->pgp_decrypt($body); $result = $this->pgp_decrypt($body);
@ -354,7 +358,7 @@ class enigma_engine
$part = $p['structure']; $part = $p['structure'];
// exit, if we're already inside a decrypted message // exit, if we're already inside a decrypted message
if ($part->encrypted) { if (in_array($part->mime_id, $this->encrypted_parts)) {
return; return;
} }
@ -519,9 +523,6 @@ class enigma_engine
else { else {
$this->signed_parts[$msg_part->mime_id] = $struct->mime_id; $this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
} }
// Remove signature file from attachments list (?)
unset($struct->parts[1]);
} }
} }
@ -556,9 +557,6 @@ class enigma_engine
else { else {
$this->signed_parts[$msg_part->mime_id] = $struct->mime_id; $this->signed_parts[$msg_part->mime_id] = $struct->mime_id;
} }
// Remove signature file from attachments list
unset($struct->parts[1]);
} }
} }
@ -579,11 +577,23 @@ class enigma_engine
// Store decryption status // Store decryption status
$this->decryptions[$part->mime_id] = $result; $this->decryptions[$part->mime_id] = $result;
// find parent part ID
if (strpos($part->mime_id, '.')) {
$items = explode('.', $part->mime_id);
array_pop($items);
$parent = implode('.', $items);
}
else {
$parent = 0;
}
// Parse decrypted message // Parse decrypted message
if ($result === true) { if ($result === true) {
$part->body = $body; $part->body = $body;
$part->body_modified = true; $part->body_modified = true;
$part->encrypted = true;
// Remember it was decrypted
$this->encrypted_parts[] = $part->mime_id;
// PGP signed inside? verify signature // PGP signed inside? verify signature
if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) { if (preg_match('/^-----BEGIN PGP SIGNED MESSAGE-----/', $body)) {
@ -591,20 +601,10 @@ class enigma_engine
} }
// Encrypted plain message may contain encrypted attachments // Encrypted plain message may contain encrypted attachments
// in such case attachments have .pgp extension and application/octet-stream. // in such case attachments have .pgp extension and type application/octet-stream.
// This is what happens when you select "Encrypt each attachment separately // This is what happens when you select "Encrypt each attachment separately
// and send the message using inline PGP" in Thunderbird's Enigmail. // and send the message using inline PGP" in Thunderbird's Enigmail.
// find parent part ID
if (strpos($part->mime_id, '.')) {
$items = explode('.', $part->mime_id);
array_pop($items);
$parent = implode('.', $items);
}
else {
$parent = 0;
}
if ($p['object']->mime_parts[$parent]) { if ($p['object']->mime_parts[$parent]) {
foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) { foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream' if ($p->disposition == 'attachment' && $p->mimetype == 'application/octet-stream'
@ -620,6 +620,19 @@ class enigma_engine
} }
} }
} }
// decryption failed, but the message may have already
// been cached with the modified parts (see above),
// let's bring the original state back
else if ($p['object']->mime_parts[$parent]) {
foreach ((array)$p['object']->mime_parts[$parent]->parts as $p) {
if ($p->need_decryption && !preg_match('/^(.*)\.pgp$/i', $p->filename, $m)) {
// modify filename
$p->filename .= '.pgp';
// flag the part, it will be decrypted when needed
unset($p->need_decryption);
}
}
}
} }
/** /**
@ -1066,14 +1079,14 @@ class enigma_engine
$part->body_modified = true; $part->body_modified = true;
$part->encoding = 'stream'; $part->encoding = 'stream';
// Cache the fact it was decrypted
$part->encrypted = true;
// modify part identifier // modify part identifier
if ($old_id) { if ($old_id) {
$part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id); $part->mime_id = !$part->mime_id ? $old_id : ($old_id . '.' . $part->mime_id);
} }
// Cache the fact it was decrypted
$this->encrypted_parts[] = $part->mime_id;
$msg->mime_parts[$part->mime_id] = $part; $msg->mime_parts[$part->mime_id] = $part;
// modify sub-parts // modify sub-parts

Write Preview
Loading…
Cancel
Save