[svn] GpgOL - r258 - in trunk: doc po src
svn author wk
cvs at cvs.gnupg.org
Thu Jun 12 17:48:32 CEST 2008
Author: wk
Date: 2008-06-12 17:48:29 +0200 (Thu, 12 Jun 2008)
New Revision: 258
Modified:
trunk/doc/gpgol.texi
trunk/po/de.po
trunk/po/sv.po
trunk/src/ChangeLog
trunk/src/dialogs.h
trunk/src/dialogs.rc
trunk/src/engine-assuan.c
trunk/src/engine-assuan.h
trunk/src/engine.c
trunk/src/engine.h
trunk/src/mapihelp.cpp
trunk/src/mapihelp.h
trunk/src/mimemaker.c
trunk/src/mimeparser.c
trunk/src/olflange-dlgs.cpp
Log:
Convey from address to the UI-server.
Add a Configure Engine button.
[The diff below has been truncated]
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/ChangeLog 2008-06-12 15:48:29 UTC (rev 258)
@@ -1,5 +1,18 @@
2008-06-12 Werner Koch <wk at g10code.com>
+ * dialogs.rc: Add button for calling the engine's configuration.
+ * dialogs.h (IDC_GPG_CONF): New.
+ * engine.c (engine_start_confdialog): New.
+ * engine-assuan.c (op_assuan_start_confdialog): New.
+ * olflange-dlgs.cpp (GPGOptionsDlgProc): Act upon the button.
+
+ * mapihelp.cpp (mapi_get_from_address): New.
+ * engine.c (engine_decrypt_start, engine_verify_start): Add new
+ arg FROM_ADDRESS.
+ * engine-assuan.c (op_assuan_verify, op_assuan_decrypt): Ditto.
+ * mimeparser.c (mime_verify, mime_verify_opaque, mime_decrypt):
+ Pass FROM_ADDRESS to the backend.
+
* olflange.cpp (DllUnregisterServer): Delete CLSIDs.
2008-06-05 Werner Koch <wk at g10code.com>
Modified: trunk/doc/gpgol.texi
===================================================================
--- trunk/doc/gpgol.texi 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/doc/gpgol.texi 2008-06-12 15:48:29 UTC (rev 258)
@@ -32,7 +32,7 @@
40699 Erkrath, Germany
@end iftex
-Copyright @copyright{} 2007 g10 Code GmbH
+Copyright @copyright{} 2007, 2008 g10 Code GmbH
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -89,6 +89,8 @@
* Assuan Protocol:: Description of the UI server protocol.
* MAPI Properties:: MAPI Properties used by GpgOL.
* Registry Settings:: How GpgOL uses the Registry.
+* MAPI Providers:: What MAPI Storage or Transport providers
+ can do to help GpgOL.
Appendices
@@ -330,8 +332,110 @@
@end table
+ at c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ at c
+ at c MAPI Providers
+ at c
+ at c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ at node MAPI Providers
+ at chapter What MAPI Storage or Transport providers can do to help GpgOL
+GpgOL uses some tricks to make decryption of OpenPGP message better fit
+into the Outlook framework. This is due to a lack of proper Plugin API
+for Outllok and becuase some features of Outlook --- meant as a security
+measure --- hinder a better implementation. That is not to say that
+Outlook will be less secure when used with GpgOL --- to the opposite:
+Due to encryption and digital signature reading and sending mail with
+GpgOL support can be much more secure than using Outlook as is.
+There are some points where custom MAPI storage or transport
+providers can help GpgOL to gain better performance and to make it more
+secure.
+
+ at section MAPI Message Class Renaming
+
+To implement S/MIME processing in GpgOL and inhibit XXXXXX
+
+
+ at section MAPI Attachment Processing
+
+GpgOL creates a couple of attachments for the purpose of storing a
+parsed mail and to allow Outlook to display attachments in the usual way
+without sending them as plaintext to the storage. The attachments are
+only stored on the local disk while being opened from the attachment's
+context menu for viewing. Almost all these attchments are ephemeral and
+may be deleted when not displayed. GpgOL re-creates them by parsing the
+orginal message if neeeded. In fact they are always re-created after
+Outlook as been started again. This is because the attachments holding
+the plaintext are symmetrical encrypted with an ephemeral session key,
+only valid as long as Outlook runs.
+
+TODO
+
+
+ at section MAPI PR_BODY Processing
+
+GPOL does not use the PR_BODY property. This is because internal
+Outlook syncronisation may change that property after the plaintext of a
+message has been displayed. In general this is not a problem because
+the messages processed by GpgOL do not use that property (the orginal
+S/MIME and PGP/MIME message is stored in attachments). However, there
+is one exception: Inline PGP message (in contrast to the modern PGP/MIME
+messages) are conveyed in the PR_BODY. To avoid changing that orginal
+mail, GpgOL copies such a body to a new attachment named
+ at file{gpgolPGP.dat}, flags it as hidden and sets the attach type to
+ATTACHTYPE_PGPBODY (See above under MAPI Properties). That attachment
+may never be deleted!
+
+Due to internal OL syncronisation, plaintext data may end up in PR_BODY,
+GpgOL tries hard to delete PR_BODY so that it nevers shows up in the
+MAPI storage. However this is hard and here a storage provider can help
+by deleting PR_BODY under one of these conditions:
+
+ at itemize @bullet
+
+ at item
+If the message class is either @code{IPM.Note.GpgOL.MultipartEncrypted}
+or @code{IPM.Note.GpgOL.OpaqueEncrypted} and in addition the message has
+a property @code{GpgOL Last Decrypted} (with any value), delete the
+properties @code{PR_BODY} and @code{PR_BODY_HTML}.
+
+ at item
+If the message class is @code{IPM.Note.GpgOL.PGPMessage} and an
+attachment of ATTACHTYPE_PGPBODY with a filename @file{gpgolPGP.dat}
+exists, delete the properties @code{PR_BODY} and @code{PR_BODY_HTML}.
+
+ at end itemize
+
+Instead of deleting it should be sufficient to make sure
+that such PR_BODYs are not update and don't make it to the disk or a
+strage server.
+
+Implementing such a feature would really help with end-to-end encryption
+where the security policy requires that the plaintext of an encrypted
+message will never be stored on a disk or leave the local machine.
+
+
+ at section Filtering GpgOL internal properties
+
+To avoid attacks by importing TNEF data with certain GpgOL internal
+properties, a MAPI provider may want to filter them out when receiving a
+message from an external location. It is not yet clear whetehr this is
+really needed.
+
+FIXME.
+
+
+
+
+
+
+
+
+
+
+
+
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c A P P E N D I X
Modified: trunk/po/de.po [not shown]
Modified: trunk/po/sv.po [not shown]
Modified: trunk/src/dialogs.h
===================================================================
--- trunk/src/dialogs.h 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/dialogs.h 2008-06-12 15:48:29 UTC (rev 258)
@@ -40,6 +40,7 @@
#define IDC_G_SEND 4024
#define IDC_G_RECV 4025
#define IDC_BODY_AS_ATTACHMENT 4026
+#define IDC_GPG_CONF 4027
/* Ids for the extended options dialog. */
Modified: trunk/src/dialogs.rc
===================================================================
--- trunk/src/dialogs.rc 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/dialogs.rc 2008-06-12 15:48:29 UTC (rev 258)
@@ -97,8 +97,11 @@
8, 212, 150, 64
PUSHBUTTON "advanced", IDC_GPG_OPTIONS,
- 209, 240, 50, 14
+ 130, 240, 50, 14
+ PUSHBUTTON "gpgconf", IDC_GPG_CONF,
+ 190, 240, 70, 14
+
END
Modified: trunk/src/engine-assuan.c
===================================================================
--- trunk/src/engine-assuan.c 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/engine-assuan.c 2008-06-12 15:48:29 UTC (rev 258)
@@ -1769,8 +1769,8 @@
/* Created a detached signature for INDATA and write it to OUTDATA.
On termination of the signing command engine_private_finished() is
called with FILTER as the first argument. SENDER is the sender's
- mail address (a mailbox). The used protocol wioll be stored at
- R_PROTOCOL. */
+ mail address (a mailbox). The used protocol will be stored at
+ R_USED_PROTOCOL on return. */
int
op_assuan_sign (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
@@ -1896,7 +1896,7 @@
op_assuan_decrypt (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
engine_filter_t filter, void *hwnd,
- int with_verify)
+ int with_verify, const char *from_address)
{
gpg_error_t err;
closure_data_t cld;
@@ -1931,6 +1931,13 @@
goto leave;
send_session_info (ctx, filter);
+ if (with_verify && from_address)
+ {
+ snprintf (line, sizeof line, "SENDER --info -- %s", from_address);
+ err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ goto leave;
+ }
snprintf (line, sizeof line, "INPUT FD=%ld", (unsigned long int)inpipe[0]);
err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
@@ -1996,7 +2003,7 @@
op_assuan_verify (gpgme_protocol_t protocol,
gpgme_data_t msgdata, const char *signature, size_t sig_len,
gpgme_data_t outdata,
- engine_filter_t filter, void *hwnd)
+ engine_filter_t filter, void *hwnd, const char *from_address)
{
gpg_error_t err;
closure_data_t cld = NULL;
@@ -2062,6 +2069,13 @@
goto leave;
send_session_info (ctx, filter);
+ if (from_address)
+ {
+ snprintf (line, sizeof line, "SENDER --info -- %s", from_address);
+ err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ goto leave;
+ }
if (!opaque_mode)
{
@@ -2142,3 +2156,24 @@
}
return err;
}
+
+
+�
+/* Ask the server to fire up the config dialog. */
+int
+op_assuan_start_confdialog (void *hwnd)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ ULONG cmdid;
+ pid_t pid;
+
+ err = connect_uiserver (&ctx, &pid, &cmdid, hwnd);
+ if (!err)
+ {
+ err = assuan_transact (ctx, "START_CONFDIALOG",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ assuan_disconnect (ctx);
+ }
+ return err;
+}
Modified: trunk/src/engine-assuan.h
===================================================================
--- trunk/src/engine-assuan.h 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/engine-assuan.h 2008-06-12 15:48:29 UTC (rev 258)
@@ -51,15 +51,18 @@
int op_assuan_decrypt (protocol_t protocol,
gpgme_data_t indata, gpgme_data_t outdata,
engine_filter_t filter, void *hwnd,
- int with_verify);
+ int with_verify, const char *from_address);
int op_assuan_verify (gpgme_protocol_t protocol,
gpgme_data_t data, const char *signature, size_t sig_len,
gpgme_data_t outdata,
- engine_filter_t filter, void *hwnd);
+ engine_filter_t filter, void *hwnd,
+ const char *from_address);
int op_assuan_start_keymanager (void *hwnd);
+int op_assuan_start_confdialog (void *hwnd);
+
#ifdef __cplusplus
}
#endif
Modified: trunk/src/engine.c
===================================================================
--- trunk/src/engine.c 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/engine.c 2008-06-12 15:48:29 UTC (rev 258)
@@ -924,16 +924,18 @@
finish the operation. A filter object may not be reused after
having been used through this function. However, the lifetime of
the filter object lasts until the final engine_wait or
- engine_cancel. */
+ engine_cancel. FROM_ADDRESS may be passed to allow the backend
+ matching the sender's address with the one in the certificate (in
+ case the decrypted message ncludes a signed message). */
int
engine_decrypt_start (engine_filter_t filter, HWND hwnd, protocol_t protocol,
- int with_verify)
+ int with_verify, const char *from_address)
{
gpg_error_t err;
if (filter->use_assuan)
err = op_assuan_decrypt (protocol, filter->indata, filter->outdata,
- filter, hwnd, with_verify);
+ filter, hwnd, with_verify, from_address);
else
err = op_gpgme_decrypt (protocol, filter->indata, filter->outdata,
filter, hwnd, with_verify);
@@ -947,10 +949,13 @@
signature. The caller needs to call engine_wait to finish the
operation. A filter object may not be reused after having been
used through this function. However, the lifetime of the filter
- object lasts until the final engine_wait or engine_cancel. */
+ object lasts until the final engine_wait or engine_cancel.
+ FROM_ADDRESS may be passed to allow the backend matching the
+ sender's address with the one in the certificate. */
int
engine_verify_start (engine_filter_t filter, HWND hwnd, const char *signature,
- size_t sig_len, protocol_t protocol)
+ size_t sig_len, protocol_t protocol,
+ const char *from_address)
{
gpg_error_t err;
@@ -964,10 +969,10 @@
if (filter->use_assuan && !signature)
err = op_assuan_verify (protocol, filter->indata, NULL, 0,
- filter->outdata, filter, hwnd);
+ filter->outdata, filter, hwnd, from_address);
else if (filter->use_assuan)
err = op_assuan_verify (protocol, filter->indata, signature, sig_len,
- NULL, filter, hwnd);
+ NULL, filter, hwnd, from_address);
else
err = op_gpgme_verify (protocol, filter->indata, signature, sig_len,
filter, hwnd);
@@ -984,3 +989,13 @@
else
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+
+/* Fire up the config dialog. Returns 0 on success. */
+int
+engine_start_confdialog (HWND hwnd)
+{
+ if (use_assuan)
+ return op_assuan_start_confdialog (hwnd);
+ else
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
Modified: trunk/src/engine.h
===================================================================
--- trunk/src/engine.h 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/engine.h 2008-06-12 15:48:29 UTC (rev 258)
@@ -79,12 +79,15 @@
const char *sender, protocol_t *r_protocol);
int engine_decrypt_start (engine_filter_t filter, HWND hwnd,
- protocol_t protocol, int with_verify);
+ protocol_t protocol, int with_verify,
+ const char *from_address);
int engine_verify_start (engine_filter_t filter, HWND hwnd,
const char *signature, size_t sig_len,
- protocol_t protocol);
+ protocol_t protocol,
+ const char *from_address);
int engine_start_keymanager (HWND hwnd);
+int engine_start_confdialog (HWND hwnd);
Modified: trunk/src/mapihelp.cpp
===================================================================
--- trunk/src/mapihelp.cpp 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/mapihelp.cpp 2008-06-12 15:48:29 UTC (rev 258)
@@ -1055,6 +1055,46 @@
return buf;
}
+/* Return the from address of the message as a malloced UTF-8 string.
+ Returns NULL if that address is not available. */
+char *
+mapi_get_from_address (LPMESSAGE message)
+{
+ HRESULT hr;
+ LPSPropValue propval = NULL;
+ char *buf;
+
+ if (!message)
+ return xstrdup ("[no message]"); /* Ooops. */
+
+ hr = HrGetOneProp ((LPMAPIPROP)message, PR_SENDER_EMAIL_ADDRESS_W, &propval);
+ if (FAILED (hr))
+ {
+ log_debug ("%s:%s: HrGetOneProp failed: hr=%#lx\n",
+ SRCNAME, __func__, hr);
+ return NULL;
+ }
+
+ if (PROP_TYPE (propval->ulPropTag) != PT_UNICODE)
+ {
+ log_debug ("%s:%s: HrGetOneProp returns invalid type %lu\n",
+ SRCNAME, __func__, PROP_TYPE (propval->ulPropTag) );
+ MAPIFreeBuffer (propval);
+ return NULL;
+ }
+
+ buf = wchar_to_utf8 (propval->Value.lpszW);
+ MAPIFreeBuffer (propval);
+ if (!buf)
+ {
+ log_error ("%s:%s: error converting to utf8\n", SRCNAME, __func__);
+ return NULL;
+ }
+
+ return buf;
+}
+
+
/* Return the subject of the message as a malloced UTF-8 string.
Returns a replacement string if a subject is missing. */
char *
Modified: trunk/src/mapihelp.h
===================================================================
--- trunk/src/mapihelp.h 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/mapihelp.h 2008-06-12 15:48:29 UTC (rev 258)
@@ -117,6 +117,7 @@
char *mapi_get_binary_prop (LPMESSAGE message,ULONG proptype,size_t *r_nbytes);
+char *mapi_get_from_address (LPMESSAGE message);
char *mapi_get_subject (LPMESSAGE message);
LPSTREAM mapi_get_body_as_stream (LPMESSAGE message);
Modified: trunk/src/mimemaker.c
===================================================================
--- trunk/src/mimemaker.c 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/mimemaker.c 2008-06-12 15:48:29 UTC (rev 258)
@@ -1159,7 +1159,7 @@
return -1;
}
- /* Prepare the signing. FIXME: figure out the signer of the mail. */
+ /* Prepare the signing. */
if (engine_create_filter (&filter, collect_signature, &sigbuffer))
goto failure;
if (engine_sign_start (filter, hwnd, protocol,
Modified: trunk/src/mimeparser.c
===================================================================
--- trunk/src/mimeparser.c 2008-06-12 07:32:09 UTC (rev 257)
+++ trunk/src/mimeparser.c 2008-06-12 15:48:29 UTC (rev 258)
@@ -1244,8 +1244,13 @@
engine_set_session_title (filter, tmp);
xfree (tmp);
}
- if ((err=engine_verify_start (filter, hwnd, signature, sig_len,
- ctx->protocol)))
+ {
+ char *from = mapi_get_from_address (mapi_message);
+ err = engine_verify_start (filter, hwnd, signature, sig_len,
+ ctx->protocol, from);
+ xfree (from);
+ }
+ if (err)
goto leave;
/* Filter the data. */
@@ -1362,7 +1367,12 @@
engine_set_session_title (filter, tmp);
xfree (tmp);
}
- if ((err=engine_verify_start (filter, hwnd, NULL, 0, protocol)))
+ {
+ char *from = mapi_get_from_address (mapi_message);
+ err = engine_verify_start (filter, hwnd, NULL, 0, protocol, from);
+ xfree (from);
+ }
+ if (err);
goto leave;
if (instream)
@@ -1708,7 +1718,12 @@
engine_set_session_title (filter, tmp);
xfree (tmp);
}
- if ((err=engine_decrypt_start (filter, hwnd, protocol, !preview_mode)))
+ {
+ char *from = preview_mode? NULL : mapi_get_from_address (mapi_message);
+ err = engine_decrypt_start (filter, hwnd, protocol, !preview_mode, from);
+ xfree (from);
+ }
+ if (err)
goto leave;
if (decctx)
More information about the Gnupg-commits
mailing list