From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/enigma/lib/enigma_engine.php | 94 ++++++++++++++++++++++++++++++++++++++--------
1 files changed, 77 insertions(+), 17 deletions(-)
diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php
index 85c2882..b95ed1a 100644
--- a/plugins/enigma/lib/enigma_engine.php
+++ b/plugins/enigma/lib/enigma_engine.php
@@ -146,7 +146,7 @@
$key = $this->find_key($from, true);
if (empty($key)) {
- return new enigma_error(enigma_error::E_KEYNOTFOUND);
+ return new enigma_error(enigma_error::KEYNOTFOUND);
}
// check if we have password for this key
@@ -156,7 +156,7 @@
if ($pass === null) {
// ask for password
$error = array('missing' => array($key->id => $key->name));
- return new enigma_error(enigma_error::E_BADPASS, '', $error);
+ return new enigma_error(enigma_error::BADPASS, '', $error);
}
// select mode
@@ -197,10 +197,10 @@
$result = $this->pgp_sign($body, $key->id, $pass, $pgp_mode);
if ($result !== true) {
- if ($result->getCode() == enigma_error::E_BADPASS) {
+ if ($result->getCode() == enigma_error::BADPASS) {
// ask for password
$error = array('missing' => array($key->id => $key->name));
- return new enigma_error(enigma_error::E_BADPASS, '', $error);
+ return new enigma_error(enigma_error::BADPASS, '', $error);
}
return $result;
@@ -238,7 +238,7 @@
}
if (empty($recipients)) {
- return new enigma_error(enigma_error::E_KEYNOTFOUND);
+ return new enigma_error(enigma_error::KEYNOTFOUND);
}
$recipients = array_unique($recipients);
@@ -248,7 +248,7 @@
$key = $this->find_key($email);
if (empty($key)) {
- return new enigma_error(enigma_error::E_KEYNOTFOUND, '', array(
+ return new enigma_error(enigma_error::KEYNOTFOUND, '', array(
'missing' => $email
));
}
@@ -444,14 +444,16 @@
*/
private function parse_plain_signed(&$p, $body)
{
+ if (!$this->rc->config->get('enigma_signatures', true)) {
+ return;
+ }
+
$this->load_pgp_driver();
$part = $p['structure'];
// Verify signature
- if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
- if ($this->rc->config->get('enigma_signatures', true)) {
- $sig = $this->pgp_verify($body);
- }
+ if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {
+ $sig = $this->pgp_verify($body);
}
// @TODO: Handle big bodies using (temp) files
@@ -505,7 +507,7 @@
return;
}
- if ($this->rc->action != 'show' && $this->rc->action != 'preview') {
+ if ($this->rc->action != 'show' && $this->rc->action != 'preview' && $this->rc->action != 'print') {
return;
}
@@ -552,7 +554,7 @@
}
// Verify signature
- if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
+ if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {
$this->load_smime_driver();
$struct = $p['structure'];
@@ -695,6 +697,10 @@
// Make sure decryption status message will be displayed
$part->type = 'content';
$p['object']->parts[] = $part;
+
+ // don't show encrypted part on attachments list
+ // don't show "cannot display encrypted message" text
+ $p['abort'] = true;
}
}
@@ -725,7 +731,7 @@
// @TODO: Handle big bodies using (temp) files
$sig = $this->pgp_driver->verify($msg_body, $sig_body);
- if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
+ if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::KEYNOTFOUND)
rcube::raise_error(array(
'code' => 600, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
@@ -750,7 +756,7 @@
if ($result instanceof enigma_error) {
$err_code = $result->getCode();
- if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
rcube::raise_error(array(
'code' => 600, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
@@ -781,7 +787,7 @@
if ($result instanceof enigma_error) {
$err_code = $result->getCode();
- if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
rcube::raise_error(array(
'code' => 600, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
@@ -810,7 +816,7 @@
if ($result instanceof enigma_error) {
$err_code = $result->getCode();
- if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+ if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
rcube::raise_error(array(
'code' => 600, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
@@ -927,6 +933,29 @@
}
/**
+ * PGP keys pair generation.
+ *
+ * @param array Key pair parameters
+ *
+ * @return mixed enigma_key or enigma_error
+ */
+ function generate_key($data)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->gen_key($data);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+ }
+
+ return $result;
+ }
+
+ /**
* PGP keys/certs importing.
*
* @param mixed Import file name or content
@@ -980,6 +1009,37 @@
}
/**
+ * PGP keys/certs export..
+ *
+ * @param string Key ID
+ * @param resource Optional output stream
+ *
+ * @return mixed Key content or enigma_error
+ */
+ function export_key($key, $fp = null)
+ {
+ $this->load_pgp_driver();
+ $result = $this->pgp_driver->export($key, $fp);
+
+ if ($result instanceof enigma_error) {
+ rcube::raise_error(array(
+ 'code' => 600, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Enigma plugin: " . $result->getMessage()
+ ), true, false);
+
+ return $result;
+ }
+
+ if ($fp) {
+ fwrite($fp, $result);
+ }
+ else {
+ return $result;
+ }
+ }
+
+ /**
* Registers password for specified key/cert sent by the password prompt.
*/
function password_handler()
@@ -1018,7 +1078,7 @@
$config = @unserialize($config);
}
- $threshold = time() - $this->password_time;
+ $threshold = $this->password_time ? time() - $this->password_time : 0;
$keys = array();
// delete expired passwords
--
Gitblit v1.9.1