If we see index options that ask us to decrypt when indexing a
message, and we encounter an encrypted part, we'll try to descend into
it.
If we can decrypt, we tag the message with index-decrypted.
If we can't decrypt (or recognize the encrypted type of mail), we tag
with decryption-failed.
Note that a single message may be tagged with "encrypted" and
"index-decrypted" and "decryption-failed". For example, consider a
message that includes multiple layers of encryption. It is
automatically tagged with "encrypted". If we decrypt the outer layer
("index-decrypted"), but fail on the inner layer
("decryption-failed").
---
lib/database.cc | 3 ++-
lib/index.cc | 64 ++++++++++++++++++++++++++++++++++++++++++++++++---
lib/notmuch-private.h | 1 +
3 files changed, 64 insertions(+), 4 deletions(-)
diff --git a/lib/database.cc b/lib/database.cc
index 0d4dc9b..7d88f69 100644
--- a/lib/database.cc
+++ b/lib/database.cc
@@ -2402,6 +2402,7 @@ notmuch_database_add_message (notmuch_database_t *notmuch,
notmuch_status_t ret = NOTMUCH_STATUS_SUCCESS, ret2;
notmuch_private_status_t private_status;
notmuch_bool_t is_ghost = false;
+ notmuch_indexopts_t *indexopts = NULL;
const char *date, *header;
const char *from, *to, *subject;
@@ -2514,7 +2515,7 @@ notmuch_database_add_message (notmuch_database_t *notmuch,
date = _notmuch_message_file_get_header (message_file, "date");
_notmuch_message_set_header_values (message, date, from, subject);
- ret = _notmuch_message_index_file (message, message_file);
+ ret = _notmuch_message_index_file (message, indexopts,
message_file);
if (ret)
goto DONE;
} else {
diff --git a/lib/index.cc b/lib/index.cc
index ab0fd78..eb406d2 100644
--- a/lib/index.cc
+++ b/lib/index.cc
@@ -300,9 +300,14 @@ _index_address_list (notmuch_message_t *message,
}
}
+static void
+_index_encrypted_mime_part (notmuch_message_t *message, notmuch_indexopts_t
*indexopts,
+ GMimeContentType *content_type,
GMimeMultipartEncrypted *part);
+
/* Callback to generate terms for each mime part of a message. */
static void
_index_mime_part (notmuch_message_t *message,
+ notmuch_indexopts_t *indexopts,
GMimeObject *part)
{
GMimeStream *stream, *filter;
@@ -340,17 +345,19 @@ _index_mime_part (notmuch_message_t *message,
/* FIXME: is it always just the first part that is signed in
all multipart/signed messages?*/
_index_mime_part (message,
+ indexopts,
g_mime_multipart_get_part (multipart, 0));
if (g_mime_multipart_get_count (multipart) > 2)
_notmuch_database_log (_notmuch_message_database (message),
"Warning: Unexpected extra parts of
multipart/signed. Indexing anyway.\n");
} else if (GMIME_IS_MULTIPART_ENCRYPTED (multipart)) {
- /* Don't index encrypted parts */
_notmuch_message_add_term (message, "tag", "encrypted");
+ _index_encrypted_mime_part(message, indexopts, content_type,
GMIME_MULTIPART_ENCRYPTED (part));
} else {
for (i = 0; i < g_mime_multipart_get_count (multipart); i++) {
_index_mime_part (message,
+ indexopts,
g_mime_multipart_get_part (multipart, i));
}
}
@@ -362,7 +369,7 @@ _index_mime_part (notmuch_message_t *message,
mime_message = g_mime_message_part_get_message (GMIME_MESSAGE_PART
(part));
- _index_mime_part (message, g_mime_message_get_mime_part (mime_message));
+ _index_mime_part (message, indexopts, g_mime_message_get_mime_part
(mime_message));
return;
}
@@ -432,8 +439,59 @@ _index_mime_part (notmuch_message_t *message,
}
}
+/* descend (if desired) into the cleartext part of an encrypted MIME
+ * part while indexing. */
+static void
+_index_encrypted_mime_part (notmuch_message_t *message,
+ notmuch_indexopts_t *indexopts,
+ GMimeContentType *content_type,
+ GMimeMultipartEncrypted *encrypted_data)
+{
+ notmuch_status_t status;
+ GMimeCryptoContext* crypto_ctx = NULL;
+ const char *protocol = NULL;
+ GError *err = NULL;
+ notmuch_database_t * notmuch = NULL;
+ GMimeObject *clear = NULL;
+
+ if (!indexopts || !notmuch_indexopts_get_try_decrypt (indexopts))
+ return;
+
+ protocol = g_mime_content_type_get_parameter (content_type, "protocol");
+ notmuch = _notmuch_message_database (message);
+
+ status = _notmuch_crypto_get_gmime_ctx_for_protocol (&(indexopts->crypto),
+ protocol, &crypto_ctx);
+ if (status) {
+ _notmuch_database_log (notmuch, "Warning: setup failed for decrypting "
+ "during indexing. (%d)\n", status);
+ _notmuch_message_add_term (message, "tag", "index-decryption-failed");
+ return;
+ }
+
+ /* we don't need the GMimeDecryptResult, because we're not looking
+ * at validating signatures, and we don't care about indexing who
+ * the message was ostensibly encrypted to.
+ */
+ clear = g_mime_multipart_encrypted_decrypt(encrypted_data, crypto_ctx,
+ NULL, &err);
+ if (err) {
+ _notmuch_database_log (notmuch, "Failed to decrypt during indexing.
(%d:%d) [%s]\n",
+ err->domain, err->code, err->message);
+ g_error_free(err);
+ /* Indicate that we failed to decrypt during indexing */
+ _notmuch_message_add_term (message, "tag", "index-decryption-failed");
+ return;
+ }
+ _index_mime_part (message, indexopts, clear);
+ g_object_unref (clear);
+
+ _notmuch_message_add_term (message, "tag", "index-decrypted");
+}
+
notmuch_status_t
_notmuch_message_index_file (notmuch_message_t *message,
+ notmuch_indexopts_t *indexopts,
notmuch_message_file_t *message_file)
{
GMimeMessage *mime_message;
@@ -463,7 +521,7 @@ _notmuch_message_index_file (notmuch_message_t *message,
subject = g_mime_message_get_subject (mime_message);
_notmuch_message_gen_terms (message, "subject", subject);
- _index_mime_part (message, g_mime_message_get_mime_part (mime_message));
+ _index_mime_part (message, indexopts, g_mime_message_get_mime_part
(mime_message));
return NOTMUCH_STATUS_SUCCESS;
}
diff --git a/lib/notmuch-private.h b/lib/notmuch-private.h
index e9c1e8a..9bd4f33 100644
--- a/lib/notmuch-private.h
+++ b/lib/notmuch-private.h
@@ -425,6 +425,7 @@ _notmuch_message_file_get_header (notmuch_message_file_t
*message,
notmuch_status_t
_notmuch_message_index_file (notmuch_message_t *message,
+ notmuch_indexopts_t *indexopts,
notmuch_message_file_t *message_file);
/* messages.c */
--
2.7.0.rc3
_______________________________________________
notmuch mailing list
[email protected]
https://notmuchmail.org/mailman/listinfo/notmuch
