[PATCH 5/6] cli: new crypto verify flag to handle verification
Jameson Graef Rollins
jrollins at finestructure.net
Wed May 16 14:55:58 PDT 2012
Use this flag rather than depend on the existence of an initialized
gpgctx, to determine whether we should verify a multipart/signed. We
will be moving to create the ctx lazily, so we don't want to depend on
it being previously initialized if it's not needed.
---
mime-node.c | 5 ++---
notmuch-client.h | 1 +
notmuch-reply.c | 1 +
notmuch-show.c | 14 +++++++++++---
4 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/mime-node.c b/mime-node.c
index 4faeffc..8cdabc8 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -183,8 +183,7 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
}
/* Handle PGP/MIME parts */
- if (GMIME_IS_MULTIPART_ENCRYPTED (part)
- && node->ctx->crypto.gpgctx && node->ctx->crypto.decrypt) {
+ if (GMIME_IS_MULTIPART_ENCRYPTED (part) && node->ctx->crypto.decrypt) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
@@ -218,7 +217,7 @@ _mime_node_create (mime_node_t *parent, GMimeObject *part)
(err ? err->message : "no error explanation given"));
}
}
- } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto.gpgctx) {
+ } else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto.verify) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 5, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
diff --git a/notmuch-client.h b/notmuch-client.h
index d86fab3..1ca111f 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -80,6 +80,7 @@ typedef struct notmuch_crypto {
#else
GMimeCipherContext* gpgctx;
#endif
+ notmuch_bool_t verify;
notmuch_bool_t decrypt;
} notmuch_crypto_t;
diff --git a/notmuch-reply.c b/notmuch-reply.c
index 3c967a0..997fdd1 100644
--- a/notmuch-reply.c
+++ b/notmuch-reply.c
@@ -675,6 +675,7 @@ notmuch_reply_command (void *ctx, int argc, char *argv[])
int (*reply_format_func)(void *ctx, notmuch_config_t *config, notmuch_query_t *query, notmuch_crypto_t *crypto, notmuch_bool_t reply_all);
notmuch_crypto_t crypto = {
.decrypt = FALSE,
+ .verify = FALSE,
.gpgctx = NULL,
};
int format = FORMAT_DEFAULT;
diff --git a/notmuch-show.c b/notmuch-show.c
index c606333..99a10bd 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -985,6 +985,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
const notmuch_show_format_t *format = &format_text;
notmuch_crypto_t crypto = {
.decrypt = FALSE,
+ .verify = FALSE,
.gpgctx = NULL,
};
notmuch_show_params_t params = {
@@ -993,7 +994,6 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
.crypto = crypto,
};
int format_sel = NOTMUCH_FORMAT_NOT_SPECIFIED;
- notmuch_bool_t verify = FALSE;
int exclude = EXCLUDE_TRUE;
notmuch_opt_desc_t options[] = {
@@ -1010,7 +1010,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
{ NOTMUCH_OPT_INT, ¶ms.part, "part", 'p', 0 },
{ NOTMUCH_OPT_BOOLEAN, ¶ms.entire_thread, "entire-thread", 't', 0 },
{ NOTMUCH_OPT_BOOLEAN, ¶ms.crypto.decrypt, "decrypt", 'd', 0 },
- { NOTMUCH_OPT_BOOLEAN, &verify, "verify", 'v', 0 },
+ { NOTMUCH_OPT_BOOLEAN, ¶ms.crypto.verify, "verify", 'v', 0 },
{ 0, 0, 0, 0, 0 }
};
@@ -1020,6 +1020,10 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
return 1;
}
+ /* decryption implies verification */
+ if (params.crypto.decrypt)
+ params.crypto.verify = TRUE;
+
if (format_sel == NOTMUCH_FORMAT_NOT_SPECIFIED) {
/* if part was requested and format was not specified, use format=raw */
if (params.part >= 0)
@@ -1054,7 +1058,7 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
break;
}
- if (params.crypto.decrypt || verify) {
+ if (params.crypto.decrypt || params.crypto.verify) {
#ifdef GMIME_ATLEAST_26
/* TODO: GMimePasswordRequestFunc */
params.crypto.gpgctx = g_mime_gpg_context_new (NULL, "gpg");
@@ -1065,6 +1069,10 @@ notmuch_show_command (void *ctx, unused (int argc), unused (char *argv[]))
if (params.crypto.gpgctx) {
g_mime_gpg_context_set_always_trust ((GMimeGpgContext*) params.crypto.gpgctx, FALSE);
} else {
+ /* If we fail to create the gpgctx set the verify and
+ * decrypt flags to FALSE so we don't try to do any
+ * further verification or decryption */
+ params.crypto.verify = FALSE;
params.crypto.decrypt = FALSE;
fprintf (stderr, "Failed to construct gpg context.\n");
}
--
1.7.10
More information about the notmuch
mailing list