Fix a few memory leaks when enumerating keys with GpgME.
[claws.git] / src / plugins / pgpcore / sgpgme.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2016 the Claws Mail team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  */
18
19 #ifdef HAVE_CONFIG_H
20 #  include "config.h"
21 #include "claws-features.h"
22 #endif
23
24 #ifdef USE_GPGME
25
26 #include <time.h>
27 #include <gtk/gtk.h>
28 #include <gpgme.h>
29 #include <glib.h>
30 #include <glib/gi18n.h>
31 #include <stdio.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <errno.h>
35 #include <sys/types.h>
36 #ifndef G_OS_WIN32
37 #  include <sys/wait.h>
38 #else
39 #  include <pthread.h>
40 #  include <windows.h>
41 #endif
42 #if (defined(__DragonFly__) || defined(SOLARIS) || defined (__NetBSD__) || defined (__FreeBSD__) || defined (__OpenBSD__))
43 #  include <sys/signal.h>
44 #endif
45 #ifndef G_OS_WIN32
46 #include <sys/mman.h>
47 #endif
48 #if HAVE_LOCALE_H
49 #  include <locale.h>
50 #endif
51
52 #include "sgpgme.h"
53 #include "privacy.h"
54 #include "prefs_common.h"
55 #include "utils.h"
56 #include "alertpanel.h"
57 #include "passphrase.h"
58 #include "prefs_gpg.h"
59 #include "account.h"
60 #include "select-keys.h"
61 #include "claws.h"
62
63 static void sgpgme_disable_all(void)
64 {
65     /* FIXME: set a flag, so that we don't bother the user with failed
66      * gpgme messages */
67 }
68
69 gpgme_verify_result_t sgpgme_verify_signature(gpgme_ctx_t ctx, gpgme_data_t sig, 
70                                         gpgme_data_t plain, gpgme_data_t dummy)
71 {
72         gpgme_verify_result_t status = NULL;
73         gpgme_error_t err;
74
75         if ((err = gpgme_op_verify(ctx, sig, plain, dummy)) != GPG_ERR_NO_ERROR) {
76                 debug_print("op_verify err %s\n", gpgme_strerror(err));
77                 privacy_set_error("%s", gpgme_strerror(err));
78                 return GINT_TO_POINTER(-GPG_ERR_SYSTEM_ERROR);
79         }
80         status = gpgme_op_verify_result(ctx);
81         if (status && status->signatures == NULL) {
82                 debug_print("no signature found\n");
83                 privacy_set_error(_("No signature found"));
84                 return GINT_TO_POINTER(-GPG_ERR_SYSTEM_ERROR);
85         }
86         return status;
87 }
88
89 SignatureStatus sgpgme_sigstat_gpgme_to_privacy(gpgme_ctx_t ctx, gpgme_verify_result_t status)
90 {
91         gpgme_signature_t sig = NULL;
92         
93         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
94                 debug_print("system error\n");
95                 return SIGNATURE_CHECK_FAILED;
96         }
97
98         if (status == NULL) {
99                 debug_print("status == NULL\n");
100                 return SIGNATURE_UNCHECKED;
101         }
102         sig = status->signatures;
103
104         if (sig == NULL) {
105                 debug_print("sig == NULL\n");
106                 return SIGNATURE_UNCHECKED;
107         }
108
109         debug_print("err code %d\n", gpg_err_code(sig->status));
110         switch (gpg_err_code(sig->status)) {
111         case GPG_ERR_NO_ERROR:
112                 switch (sig->validity) {
113                 case GPGME_VALIDITY_NEVER:
114                         return SIGNATURE_INVALID;
115                 case GPGME_VALIDITY_UNKNOWN:
116                 case GPGME_VALIDITY_UNDEFINED:
117                 case GPGME_VALIDITY_MARGINAL:
118                 case GPGME_VALIDITY_FULL:
119                 case GPGME_VALIDITY_ULTIMATE:
120                         return SIGNATURE_OK;
121                 default:
122                         return SIGNATURE_CHECK_FAILED;
123                 }
124         case GPG_ERR_SIG_EXPIRED:
125         case GPG_ERR_CERT_REVOKED:
126                 return SIGNATURE_WARN;
127         case GPG_ERR_KEY_EXPIRED:
128                 return SIGNATURE_KEY_EXPIRED;
129         case GPG_ERR_BAD_SIGNATURE:
130                 return SIGNATURE_INVALID;
131         case GPG_ERR_NO_PUBKEY:
132                 return SIGNATURE_CHECK_FAILED;
133         default:
134                 return SIGNATURE_CHECK_FAILED;
135         }
136         return SIGNATURE_CHECK_FAILED;
137 }
138
139 static const gchar *get_validity_str(unsigned long validity)
140 {
141         switch (gpg_err_code(validity)) {
142         case GPGME_VALIDITY_UNKNOWN:
143                 return _("Unknown");
144         case GPGME_VALIDITY_UNDEFINED:
145                 return _("Undefined");
146         case GPGME_VALIDITY_NEVER:
147                 return _("Never");
148         case GPGME_VALIDITY_MARGINAL:
149                 return _("Marginal");
150         case GPGME_VALIDITY_FULL:
151                 return _("Full");
152         case GPGME_VALIDITY_ULTIMATE:
153                 return _("Ultimate");
154         default:
155                 return _("Error");
156         }
157 }
158
159 static const gchar *get_owner_trust_str(unsigned long owner_trust)
160 {
161         switch (gpgme_err_code(owner_trust)) {
162         case GPGME_VALIDITY_NEVER:
163                 return _("Untrusted");
164         case GPGME_VALIDITY_MARGINAL:
165                 return _("Marginal");
166         case GPGME_VALIDITY_FULL:
167                 return _("Full");
168         case GPGME_VALIDITY_ULTIMATE:
169                 return _("Ultimate");
170         default:
171                 return _("Unknown");
172         }
173 }
174
175 gchar *get_gpg_executable_name()
176 {
177         gpgme_engine_info_t e;
178
179         if (!gpgme_get_engine_info(&e)) {
180                 while (e != NULL) {
181                         if (e->protocol == GPGME_PROTOCOL_OpenPGP
182                                         && e->file_name != NULL) {
183                                 debug_print("Found gpg executable: '%s'\n", e->file_name);
184                                 return e->file_name;
185                         }
186                 }
187         }
188
189         return NULL;
190 }
191
192 static gchar *get_gpg_version_string()
193 {
194         gpgme_engine_info_t e;
195
196         if (!gpgme_get_engine_info(&e)) {
197                 while (e != NULL) {
198                         if (e->protocol == GPGME_PROTOCOL_OpenPGP
199                                         && e->version != NULL) {
200                                 debug_print("Got OpenPGP version: '%s'\n", e->version);
201                                 return e->version;
202                         }
203                 }
204         }
205
206         return NULL;
207 }
208
209 static gchar *extract_name(const char *uid)
210 {
211         if (uid == NULL)
212                 return NULL;
213         if (!strncmp(uid, "CN=", 3)) {
214                 gchar *result = g_strdup(uid+3);
215                 if (strstr(result, ","))
216                         *(strstr(result, ",")) = '\0';
217                 return result;
218         } else if (strstr(uid, ",CN=")) {
219                 gchar *result = g_strdup(strstr(uid, ",CN=")+4);
220                 if (strstr(result, ","))
221                         *(strstr(result, ",")) = '\0';
222                 return result;
223         } else {
224                 return g_strdup(uid);
225         }
226 }
227 gchar *sgpgme_sigstat_info_short(gpgme_ctx_t ctx, gpgme_verify_result_t status)
228 {
229         gpgme_signature_t sig = NULL;
230         gchar *uname = NULL;
231         gpgme_key_t key;
232         gchar *result = NULL;
233         gpgme_error_t err = 0;
234         static gboolean warned = FALSE;
235
236         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
237                 return g_strdup_printf(_("The signature can't be checked - %s"), privacy_get_error());
238         }
239
240         if (status == NULL) {
241                 return g_strdup(_("The signature has not been checked."));
242         }
243         sig = status->signatures;
244         if (sig == NULL) {
245                 return g_strdup(_("The signature has not been checked."));
246         }
247
248         err = gpgme_get_key(ctx, sig->fpr, &key, 0);
249         if (gpg_err_code(err) == GPG_ERR_NO_AGENT) {
250                 if (!warned)
251                         alertpanel_error(_("PGP Core: Can't get key - no gpg-agent running."));
252                 else
253                         g_warning("PGP Core: Can't get key - no gpg-agent running.");
254                 warned = TRUE;
255         } else if (gpg_err_code(err) != GPG_ERR_NO_ERROR && gpg_err_code(err) != GPG_ERR_EOF) {
256                 return g_strdup_printf(_("The signature can't be checked - %s"), 
257                         gpgme_strerror(err));
258   }
259
260         if (key)
261                 uname = extract_name(key->uids->uid);
262         else
263                 uname = g_strdup("<?>");
264
265         switch (gpg_err_code(sig->status)) {
266         case GPG_ERR_NO_ERROR:
267                switch ((key && key->uids) ? key->uids->validity : GPGME_VALIDITY_UNKNOWN) {
268                 case GPGME_VALIDITY_ULTIMATE:
269                         result = g_strdup_printf(_("Good signature from \"%s\" [ultimate]"), uname);
270                         break;
271                 case GPGME_VALIDITY_FULL:
272                         result = g_strdup_printf(_("Good signature from \"%s\" [full]"), uname);
273                         break;
274                 case GPGME_VALIDITY_MARGINAL:
275                         result = g_strdup_printf(_("Good signature from \"%s\" [marginal]"), uname);
276                         break;
277                 case GPGME_VALIDITY_UNKNOWN:
278                 case GPGME_VALIDITY_UNDEFINED:
279                 case GPGME_VALIDITY_NEVER:
280                 default:
281                         if (key) {
282                                 result = g_strdup_printf(_("Good signature from \"%s\""), uname);
283                         } else {
284                                 gchar *id = g_strdup(sig->fpr + strlen(sig->fpr)-8);
285                                 result = g_strdup_printf(_("Key 0x%s not available to verify this signature"), id);
286                                 g_free(id);
287                         }
288                         break;
289                }
290                 break;
291         case GPG_ERR_SIG_EXPIRED:
292                 result = g_strdup_printf(_("Expired signature from \"%s\""), uname);
293                 break;
294         case GPG_ERR_KEY_EXPIRED:
295                 result = g_strdup_printf(_("Good signature from \"%s\", but the key has expired"), uname);
296                 break;
297         case GPG_ERR_CERT_REVOKED:
298                 result = g_strdup_printf(_("Good signature from \"%s\", but the key has been revoked"), uname);
299                 break;
300         case GPG_ERR_BAD_SIGNATURE:
301                 result = g_strdup_printf(_("Bad signature from \"%s\""), uname);
302                 break;
303         case GPG_ERR_NO_PUBKEY: {
304                 gchar *id = g_strdup(sig->fpr + strlen(sig->fpr)-8);
305                 result = g_strdup_printf(_("Key 0x%s not available to verify this signature"), id);
306                 g_free(id);
307                 break;
308                 }
309         default:
310                 result = g_strdup(_("The signature has not been checked"));
311                 break;
312         }
313         if (result == NULL)
314                 result = g_strdup(_("Error"));
315         g_free(uname);
316         return result;
317 }
318
319 gchar *sgpgme_sigstat_info_full(gpgme_ctx_t ctx, gpgme_verify_result_t status)
320 {
321         gint i = 0;
322         gchar *ret;
323         GString *siginfo;
324         gpgme_signature_t sig = NULL;
325
326         siginfo = g_string_sized_new(64);
327         if (status == NULL) {
328                 g_string_append_printf(siginfo,
329                         _("Error checking signature: no status\n"));
330                 goto bail;
331          }
332
333         sig = status->signatures;
334         
335         while (sig) {
336                 char buf[100];
337                 struct tm lt;
338                 gpgme_key_t key;
339                 gpgme_error_t err;
340                 const gchar *keytype, *keyid, *uid;
341                 
342                 err = gpgme_get_key(ctx, sig->fpr, &key, 0);
343
344                 if (err != GPG_ERR_NO_ERROR) {
345                         key = NULL;
346                         g_string_append_printf(siginfo, 
347                                 _("Error checking signature: %s\n"),
348                                 gpgme_strerror(err));
349                         goto bail;
350                 }
351                 if (key) {
352                         keytype = gpgme_pubkey_algo_name(
353                                         key->subkeys->pubkey_algo);
354                         keyid = key->subkeys->keyid;
355                         uid = key->uids->uid;
356                 } else {
357                         keytype = "?";
358                         keyid = "?";
359                         uid = "?";
360                 }
361
362                 memset(buf, 0, sizeof(buf));
363                 fast_strftime(buf, sizeof(buf)-1, prefs_common_get_prefs()->date_format, localtime_r(&sig->timestamp, &lt));
364                 g_string_append_printf(siginfo,
365                         _("Signature made on %s using %s key ID %s\n"),
366                         buf, keytype, keyid);
367                 
368                 switch (gpg_err_code(sig->status)) {
369                 case GPG_ERR_NO_ERROR:
370                         g_string_append_printf(siginfo,
371                                 _("Good signature from uid \"%s\" (Validity: %s)\n"),
372                                 uid, get_validity_str((key && key->uids) ? key->uids->validity:GPGME_VALIDITY_UNKNOWN));
373                         break;
374                 case GPG_ERR_KEY_EXPIRED:
375                         g_string_append_printf(siginfo,
376                                 _("Expired key uid \"%s\"\n"),
377                                 uid);
378                         break;
379                 case GPG_ERR_SIG_EXPIRED:
380                         g_string_append_printf(siginfo,
381                                 _("Expired signature from uid \"%s\" (Validity: %s)\n"),
382                                 uid, get_validity_str((key && key->uids) ? key->uids->validity:GPGME_VALIDITY_UNKNOWN));
383                         break;
384                 case GPG_ERR_CERT_REVOKED:
385                         g_string_append_printf(siginfo,
386                                 _("Revoked key uid \"%s\"\n"),
387                                 uid);
388                         break;
389                 case GPG_ERR_BAD_SIGNATURE:
390                         g_string_append_printf(siginfo,
391                                 _("BAD signature from \"%s\"\n"),
392                                 uid);
393                         break;
394                 default:
395                         break;
396                 }
397                 if (sig->status != GPG_ERR_BAD_SIGNATURE) {
398                         gint j = 1;
399                         if (key) {
400                                 key->uids = key->uids ? key->uids->next : NULL;
401                                 while (key->uids != NULL) {
402                                         g_string_append_printf(siginfo,
403                                                 g_strconcat("                    ",
404                                                             _("uid \"%s\" (Validity: %s)\n"), NULL),
405                                                 key->uids->uid,
406                                                 key->uids->revoked==TRUE?_("Revoked"):get_validity_str(key->uids->validity));
407                                         j++;
408                                         key->uids = key->uids->next;
409                                 }
410                         }
411                         g_string_append_printf(siginfo,_("Owner Trust: %s\n"),
412                                                key ? get_owner_trust_str(key->owner_trust) : _("No key!"));
413                         g_string_append(siginfo,
414                                 _("Primary key fingerprint:"));
415                         const char* primary_fpr = NULL;
416                         if (key && key->subkeys && key->subkeys->fpr)
417                                 primary_fpr = key->subkeys->fpr;
418                         else
419                                 g_string_append(siginfo, " ?");
420                         int idx; /* now pretty-print the fingerprint */
421                         for (idx=0; primary_fpr && *primary_fpr!='\0'; idx++, primary_fpr++) {
422                                 if (idx%4==0)
423                                         g_string_append_c(siginfo, ' ');
424                                 if (idx%20==0)
425                                         g_string_append_c(siginfo, ' ');
426                                 g_string_append_c(siginfo, (gchar)*primary_fpr);
427                         }
428                         g_string_append_c(siginfo, '\n');
429 #ifdef HAVE_GPGME_PKA_TRUST
430                         if (sig->pka_trust == 1 && sig->pka_address) {
431                                 g_string_append_printf(siginfo,
432                                    _("WARNING: Signer's address \"%s\" "
433                                       "does not match DNS entry\n"), 
434                                    sig->pka_address);
435                         }
436                         else if (sig->pka_trust == 2 && sig->pka_address) {
437                                 g_string_append_printf(siginfo,
438                                    _("Verified signer's address is \"%s\"\n"),
439                                    sig->pka_address);
440                                 /* FIXME: Compare the address to the
441                                  * From: address.  */
442                         }
443 #endif /*HAVE_GPGME_PKA_TRUST*/
444                 }
445
446                 g_string_append(siginfo, "\n");
447                 i++;
448                 sig = sig->next;
449         }
450 bail:
451         ret = siginfo->str;
452         g_string_free(siginfo, FALSE);
453         return ret;
454 }
455
456 gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo)
457 {
458         gpgme_data_t data = NULL;
459         gpgme_error_t err;
460         FILE *fp = g_fopen(mimeinfo->data.filename, "rb");
461
462         if (!fp) 
463                 return NULL;
464
465         err = gpgme_data_new_from_filepart(&data, NULL, fp, mimeinfo->offset, mimeinfo->length);
466         fclose(fp);
467
468         debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length);
469         if (err) {
470                 debug_print ("gpgme_data_new_from_file failed: %s\n",
471                              gpgme_strerror (err));
472                 privacy_set_error(_("Couldn't get data from message, %s"), gpgme_strerror(err));
473                 return NULL;
474         }
475         return data;
476 }
477
478 gpgme_data_t sgpgme_decrypt_verify(gpgme_data_t cipher, gpgme_verify_result_t *status, gpgme_ctx_t ctx)
479 {
480         struct passphrase_cb_info_s info;
481         gpgme_data_t plain;
482         gpgme_error_t err;
483
484         memset (&info, 0, sizeof info);
485         
486         if ((err = gpgme_data_new(&plain)) != GPG_ERR_NO_ERROR) {
487                 gpgme_release(ctx);
488                 privacy_set_error(_("Couldn't initialize data, %s"), gpgme_strerror(err));
489                 return NULL;
490         }
491         
492         if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
493                 prefs_gpg_enable_agent(prefs_gpg_get_config()->use_gpg_agent);
494                 if (!g_getenv("GPG_AGENT_INFO") || !prefs_gpg_get_config()->use_gpg_agent) {
495                         info.c = ctx;
496                         gpgme_set_passphrase_cb (ctx, gpgmegtk_passphrase_cb, &info);
497                 }
498         } else {
499                 prefs_gpg_enable_agent(TRUE);
500                 info.c = ctx;
501                 gpgme_set_passphrase_cb (ctx, NULL, &info);
502         }
503         
504         
505         if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
506                 err = gpgme_op_decrypt_verify(ctx, cipher, plain);
507                 if (err != GPG_ERR_NO_ERROR) {
508                         debug_print("can't decrypt (%s)\n", gpgme_strerror(err));
509                         privacy_set_error("%s", gpgme_strerror(err));
510                         gpgmegtk_free_passphrase();
511                         gpgme_data_release(plain);
512                         return NULL;
513                 }
514
515                 err = cm_gpgme_data_rewind(plain);
516                 if (err) {
517                         debug_print("can't seek (%d %d %s)\n", err, errno, g_strerror(errno));
518                 }
519
520                 debug_print("decrypted.\n");
521                 *status = gpgme_op_verify_result (ctx);
522         } else {
523                 err = gpgme_op_decrypt(ctx, cipher, plain);
524                 if (err != GPG_ERR_NO_ERROR) {
525                         debug_print("can't decrypt (%s)\n", gpgme_strerror(err));
526                         privacy_set_error("%s", gpgme_strerror(err));
527                         gpgmegtk_free_passphrase();
528                         gpgme_data_release(plain);
529                         return NULL;
530                 }
531
532                 err = cm_gpgme_data_rewind(plain);
533                 if (err) {
534                         debug_print("can't seek (%d %d %s)\n", err, errno, g_strerror(errno));
535                 }
536
537                 debug_print("decrypted.\n");
538                 *status = gpgme_op_verify_result (ctx);
539         }
540         return plain;
541 }
542
543 gchar *sgpgme_get_encrypt_data(GSList *recp_names, gpgme_protocol_t proto)
544 {
545         SelectionResult result = KEY_SELECTION_CANCEL;
546         gpgme_key_t *keys = gpgmegtk_recipient_selection(recp_names, &result,
547                                 proto);
548         gchar *ret = NULL;
549         int i = 0;
550
551         if (!keys) {
552                 if (result == KEY_SELECTION_DONT)
553                         return g_strdup("_DONT_ENCRYPT_");
554                 else
555                         return NULL;
556         }
557         while (keys[i]) {
558                 gpgme_subkey_t skey = keys[i]->subkeys;
559                 gchar *fpr = skey->fpr;
560                 gchar *tmp = NULL;
561                 debug_print("adding %s\n", fpr);
562                 tmp = g_strconcat(ret?ret:"", fpr, " ", NULL);
563                 g_free(ret);
564                 ret = tmp;
565                 i++;
566         }
567         return ret;
568 }
569
570 gboolean sgpgme_setup_signers(gpgme_ctx_t ctx, PrefsAccount *account,
571                               const gchar *from_addr)
572 {
573         GPGAccountConfig *config;
574         const gchar *signer_addr = account->address;
575
576         gpgme_signers_clear(ctx);
577
578         if (from_addr)
579                 signer_addr = from_addr;
580         config = prefs_gpg_account_get_config(account);
581
582         switch(config->sign_key) {
583         case SIGN_KEY_DEFAULT:
584                 debug_print("using default gnupg key\n");
585                 break;
586         case SIGN_KEY_BY_FROM:
587                 debug_print("using key for %s\n", signer_addr);
588                 break;
589         case SIGN_KEY_CUSTOM:
590                 debug_print("using key for %s\n", config->sign_key_id);
591                 break;
592         }
593
594         if (config->sign_key != SIGN_KEY_DEFAULT) {
595                 const gchar *keyid;
596                 gpgme_key_t key, found_key;
597                 gpgme_error_t err;
598
599                 if (config->sign_key == SIGN_KEY_BY_FROM)
600                         keyid = signer_addr;
601                 else if (config->sign_key == SIGN_KEY_CUSTOM)
602                         keyid = config->sign_key_id;
603                 else
604                         goto bail;
605
606                 found_key = NULL;
607                 /* Look for any key, not just private ones, or GPGMe doesn't
608                  * correctly set the revoked flag. */
609                 err = gpgme_op_keylist_start(ctx, keyid, 0);
610                 while (err == 0) {
611                         if ((err = gpgme_op_keylist_next(ctx, &key)) != 0)
612                                 break;
613
614                         if (key == NULL)
615                                 continue;
616
617                         if (!key->can_sign) {
618                                 debug_print("skipping a key, can not be used for signing\n");
619                                 gpgme_key_unref(key);
620                                 continue;
621                         }
622
623                         if (key->protocol != gpgme_get_protocol(ctx)) {
624                                 debug_print("skipping a key (wrong protocol %d)\n", key->protocol);
625                                 gpgme_key_unref(key);
626                                 continue;
627                         }
628
629                         if (key->expired) {
630                                 debug_print("skipping a key, expired\n");
631                                 gpgme_key_unref(key);
632                                 continue;
633                         }
634                         if (key->revoked) {
635                                 debug_print("skipping a key, revoked\n");
636                                 gpgme_key_unref(key);
637                                 continue;
638                         }
639                         if (key->disabled) {
640                                 debug_print("skipping a key, disabled\n");
641                                 gpgme_key_unref(key);
642                                 continue;
643                         }
644
645                         if (found_key != NULL) {
646                                 gpgme_key_unref(key);
647                                 gpgme_op_keylist_end(ctx);
648                                 g_warning("ambiguous specification of secret key '%s'", keyid);
649                                 privacy_set_error(_("Secret key specification is ambiguous"));
650                                 goto bail;
651                         }
652
653                         found_key = key;
654                 }
655                 gpgme_op_keylist_end(ctx);
656
657                 if (found_key == NULL) {
658                         g_warning("setup_signers start: %s", gpgme_strerror(err));
659                         privacy_set_error(_("Secret key not found (%s)"), gpgme_strerror(err));
660                         goto bail;
661                 }
662
663                 err = gpgme_signers_add(ctx, found_key);
664                 debug_print("got key (proto %d (pgp %d, smime %d).\n",
665                             found_key->protocol, GPGME_PROTOCOL_OpenPGP,
666                             GPGME_PROTOCOL_CMS);
667                 gpgme_key_unref(found_key);
668
669                 if (err) {
670                         g_warning("error adding secret key: %s",
671                                   gpgme_strerror(err));
672                         privacy_set_error(_("Error setting secret key: %s"),
673                                           gpgme_strerror(err));
674                         goto bail;
675                 }
676         }
677
678         prefs_gpg_account_free_config(config);
679
680         return TRUE;
681 bail:
682         prefs_gpg_account_free_config(config);
683         return FALSE;
684 }
685
686 void sgpgme_init()
687 {
688         gchar *ctype_locale = NULL, *messages_locale = NULL;
689         gchar *ctype_utf8_locale = NULL, *messages_utf8_locale = NULL;
690         gpgme_error_t err = 0;
691
692         gpgme_engine_info_t engineInfo;
693
694         if (strcmp(prefs_gpg_get_config()->gpg_path, "") != 0
695             && access(prefs_gpg_get_config()->gpg_path, X_OK) != -1) {
696                 err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, prefs_gpg_get_config()->gpg_path, NULL);
697                 if (err != GPG_ERR_NO_ERROR)
698                         g_warning("failed to set crypto engine configuration: %s", gpgme_strerror(err));
699         }
700
701         if (gpgme_check_version("1.0.0")) {
702 #ifdef LC_CTYPE
703                 debug_print("setting gpgme CTYPE locale\n");
704 #ifdef G_OS_WIN32
705                 ctype_locale = g_win32_getlocale();
706 #else
707                 ctype_locale = g_strdup(setlocale(LC_CTYPE, NULL));
708 #endif
709                 if (ctype_locale) {
710                         debug_print("setting gpgme CTYPE locale to: %s\n", ctype_locale);
711                         if (strchr(ctype_locale, '.'))
712                                 *(strchr(ctype_locale, '.')) = '\0';
713                         else if (strchr(ctype_locale, '@'))
714                                 *(strchr(ctype_locale, '@')) = '\0';
715                         ctype_utf8_locale = g_strconcat(ctype_locale, ".UTF-8", NULL);
716
717                         debug_print("setting gpgme locale to UTF8: %s\n", ctype_utf8_locale ? ctype_utf8_locale : "NULL");
718                         gpgme_set_locale(NULL, LC_CTYPE, ctype_utf8_locale);
719
720                         debug_print("done\n");
721                         g_free(ctype_utf8_locale);
722                         g_free(ctype_locale);
723                 } else {
724                         debug_print("couldn't set gpgme CTYPE locale\n");
725                 }
726 #endif
727 #ifdef LC_MESSAGES
728                 debug_print("setting gpgme MESSAGES locale\n");
729 #ifdef G_OS_WIN32
730                 messages_locale = g_win32_getlocale();
731 #else
732                 messages_locale = g_strdup(setlocale(LC_MESSAGES, NULL));
733 #endif
734                 if (messages_locale) {
735                         debug_print("setting gpgme MESSAGES locale to: %s\n", messages_locale);
736                         if (strchr(messages_locale, '.'))
737                                 *(strchr(messages_locale, '.')) = '\0';
738                         else if (strchr(messages_locale, '@'))
739                                 *(strchr(messages_locale, '@')) = '\0';
740                         messages_utf8_locale = g_strconcat(messages_locale, ".UTF-8", NULL);
741                         debug_print("setting gpgme locale to UTF8: %s\n", messages_utf8_locale ? messages_utf8_locale : "NULL");
742
743                         gpgme_set_locale(NULL, LC_MESSAGES, messages_utf8_locale);
744
745                         debug_print("done\n");
746                         g_free(messages_utf8_locale);
747                         g_free(messages_locale);
748                 } else {
749                         debug_print("couldn't set gpgme MESSAGES locale\n");
750                 }
751 #endif
752                 if (!gpgme_get_engine_info(&engineInfo)) {
753                         while (engineInfo) {
754                                 debug_print("GpgME Protocol: %s\n"
755                                             "Version: %s (req %s)\n"
756                                             "Executable: %s\n",
757                                         gpgme_get_protocol_name(engineInfo->protocol) ? gpgme_get_protocol_name(engineInfo->protocol):"???",
758                                         engineInfo->version ? engineInfo->version:"???",
759                                         engineInfo->req_version ? engineInfo->req_version:"???",
760                                         engineInfo->file_name ? engineInfo->file_name:"???");
761                                 if (engineInfo->protocol == GPGME_PROTOCOL_OpenPGP
762                                 &&  gpgme_engine_check_version(engineInfo->protocol) != 
763                                         GPG_ERR_NO_ERROR) {
764                                         if (engineInfo->file_name && !engineInfo->version) {
765                                                 alertpanel_error(_("Gpgme protocol '%s' is unusable: "
766                                                                    "Engine '%s' isn't installed properly."),
767                                                                    gpgme_get_protocol_name(engineInfo->protocol),
768                                                                    engineInfo->file_name);
769                                         } else if (engineInfo->file_name && engineInfo->version
770                                           && engineInfo->req_version) {
771                                                 alertpanel_error(_("Gpgme protocol '%s' is unusable: "
772                                                                    "Engine '%s' version %s is installed, "
773                                                                    "but version %s is required.\n"),
774                                                                    gpgme_get_protocol_name(engineInfo->protocol),
775                                                                    engineInfo->file_name,
776                                                                    engineInfo->version,
777                                                                    engineInfo->req_version);
778                                         } else {
779                                                 alertpanel_error(_("Gpgme protocol '%s' is unusable "
780                                                                    "(unknown problem)"),
781                                                                    gpgme_get_protocol_name(engineInfo->protocol));
782                                         }
783                                 }
784                                 engineInfo = engineInfo->next;
785                         }
786                 }
787         } else {
788                 sgpgme_disable_all();
789
790                 if (prefs_gpg_get_config()->gpg_warning) {
791                         AlertValue val;
792
793                         val = alertpanel_full
794                                 (_("Warning"),
795                                  _("GnuPG is not installed properly, or needs "
796                                  "to be upgraded.\n"
797                                  "OpenPGP support disabled."),
798                                  GTK_STOCK_CLOSE, NULL, NULL, TRUE, NULL,
799                                  ALERT_WARNING, G_ALERTDEFAULT);
800                         if (val & G_ALERTDISABLE)
801                                 prefs_gpg_get_config()->gpg_warning = FALSE;
802                 }
803         }
804 }
805
806 void sgpgme_done()
807 {
808         gpgmegtk_free_passphrase();
809 }
810
811 #ifdef G_OS_WIN32
812 struct _ExportCtx {
813         gboolean done;
814         gchar *cmd;
815         DWORD exitcode;
816 };
817
818 static void *_export_threaded(void *arg)
819 {
820         struct _ExportCtx *ctx = (struct _ExportCtx *)arg;
821         gboolean result;
822
823         PROCESS_INFORMATION pi = {0};
824         STARTUPINFO si = {0};
825
826         result = CreateProcess(NULL, ctx->cmd, NULL, NULL, FALSE,
827                         NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW,
828                         NULL, NULL, &si, &pi);
829
830         if (!result) {
831                 debug_print("Couldn't execute '%s'\n", ctx->cmd);
832         } else {
833                 WaitForSingleObject(pi.hProcess, 10000);
834                 result = GetExitCodeProcess(pi.hProcess, &ctx->exitcode);
835                 if (ctx->exitcode == STILL_ACTIVE) {
836                         debug_print("Process still running, terminating it.\n");
837                         TerminateProcess(pi.hProcess, 255);
838                 }
839
840                 CloseHandle(pi.hProcess);
841                 CloseHandle(pi.hThread);
842
843                 if (!result) {
844                         debug_print("Process executed, but we couldn't get its exit code (huh?)\n");
845                 }
846         }
847
848         ctx->done = TRUE;
849         return NULL;
850 }
851 #endif
852
853 void sgpgme_create_secret_key(PrefsAccount *account, gboolean ask_create)
854 {
855         AlertValue val = G_ALERTDEFAULT;
856         gchar *key_parms = NULL;
857         gchar *name = NULL;
858         gchar *email = NULL;
859         gchar *passphrase = NULL, *passphrase_second = NULL;
860         gint prev_bad = 0;
861         gchar *tmp = NULL, *gpgver;
862         gpgme_error_t err = 0;
863         gpgme_ctx_t ctx;
864         GtkWidget *window = NULL;
865         gpgme_genkey_result_t key;
866         gboolean exported = FALSE;
867
868         if (account == NULL)
869                 account = account_get_default();
870
871         if (account->address == NULL) {
872                 alertpanel_error(_("You have to save the account's information with \"OK\" "
873                                    "before being able to generate a key pair.\n"));
874                 return;
875         }
876         if (ask_create) {
877                 val = alertpanel(_("No PGP key found"),
878                                 _("Claws Mail did not find a secret PGP key, "
879                                   "which means that you won't be able to sign "
880                                   "emails or receive encrypted emails.\n"
881                                   "Do you want to create a new key pair now?"),
882                                   GTK_STOCK_NO, "+" GTK_STOCK_YES, NULL);
883                 if (val == G_ALERTDEFAULT) {
884                         return;
885                 }
886         }
887
888         if (account->name) {
889                 name = g_strdup(account->name);
890         } else {
891                 name = g_strdup(account->address);
892         }
893         email = g_strdup(account->address);
894         tmp = g_strdup_printf("%s <%s>", account->name?account->name:account->address, account->address);
895         gpgver = get_gpg_version_string();
896         if (gpgver == NULL || !strncmp(gpgver, "1.", 2)) {
897                 debug_print("Using gpg 1.x, using builtin passphrase dialog.\n");
898 again:
899                 passphrase = passphrase_mbox(tmp, NULL, prev_bad, 1);
900                 if (passphrase == NULL) {
901                         g_free(tmp);
902                         g_free(email);
903                         g_free(name);
904                         return;
905                 }
906                 passphrase_second = passphrase_mbox(tmp, NULL, 0, 2);
907                 if (passphrase_second == NULL) {
908                         g_free(tmp);
909                         g_free(email);
910                         if (passphrase != NULL) {
911                                 memset(passphrase, 0, strlen(passphrase));
912                                 g_free(passphrase);
913                         }
914                         g_free(name);
915                         return;
916                 }
917                 if (strcmp(passphrase, passphrase_second)) {
918                         if (passphrase != NULL) {
919                                 memset(passphrase, 0, strlen(passphrase));
920                                 g_free(passphrase);
921                         }
922                         if (passphrase_second != NULL) {
923                                 memset(passphrase_second, 0, strlen(passphrase_second));
924                                 g_free(passphrase_second);
925                         }
926                         prev_bad = 1;
927                         goto again;
928                 }
929         }
930         
931         key_parms = g_strdup_printf("<GnupgKeyParms format=\"internal\">\n"
932                                         "Key-Type: RSA\n"
933                                         "Key-Length: 2048\n"
934                                         "Subkey-Type: RSA\n"
935                                         "Subkey-Length: 2048\n"
936                                         "Name-Real: %s\n"
937                                         "Name-Email: %s\n"
938                                         "Expire-Date: 0\n"
939                                         "%s%s%s"
940                                         "</GnupgKeyParms>\n",
941                                         name, email, 
942                                         passphrase?"Passphrase: ":"",
943                                         passphrase?passphrase:"",
944                                         passphrase?"\n":"");
945 #ifndef G_PLATFORM_WIN32
946         if (passphrase &&
947                         mlock(passphrase, strlen(passphrase)) == -1)
948                 debug_print("couldn't lock passphrase\n");
949         if (passphrase_second &&
950                         mlock(passphrase_second, strlen(passphrase_second)) == -1)
951                 debug_print("couldn't lock passphrase2\n");
952 #endif
953         g_free(tmp);
954         g_free(email);
955         g_free(name);
956         if (passphrase_second != NULL) {
957                 memset(passphrase_second, 0, strlen(passphrase_second));
958                 g_free(passphrase_second);
959         }
960         if (passphrase != NULL) {
961                 memset(passphrase, 0, strlen(passphrase));
962                 g_free(passphrase);
963         }
964         
965         err = gpgme_new (&ctx);
966         if (err) {
967                 alertpanel_error(_("Couldn't generate a new key pair: %s"),
968                                  gpgme_strerror(err));
969                 if (key_parms != NULL) {
970                         memset(key_parms, 0, strlen(key_parms));
971                         g_free(key_parms);
972                 }
973                 return;
974         }
975         
976
977         window = label_window_create(_("Generating your new key pair... Please move the mouse "
978                               "around to help generate entropy..."));
979
980         err = gpgme_op_genkey(ctx, key_parms, NULL, NULL);
981         if (key_parms != NULL) {
982                 memset(key_parms, 0, strlen(key_parms));
983                 g_free(key_parms);
984         }
985
986         label_window_destroy(window);
987
988         if (err) {
989                 alertpanel_error(_("Couldn't generate a new key pair: %s"), gpgme_strerror(err));
990                 gpgme_release(ctx);
991                 return;
992         }
993         key = gpgme_op_genkey_result(ctx);
994         if (key == NULL) {
995                 alertpanel_error(_("Couldn't generate a new key pair: unknown error"));
996                 gpgme_release(ctx);
997                 return;
998         } else {
999                 gchar *buf = g_strdup_printf(_("Your new key pair has been generated. "
1000                                     "Its fingerprint is:\n%s\n\nDo you want to export it "
1001                                     "to a keyserver?"),
1002                                     key->fpr ? key->fpr:"null");
1003                 AlertValue val = alertpanel(_("Key generated"), buf,
1004                                   GTK_STOCK_NO, "+" GTK_STOCK_YES, NULL);
1005                 g_free(buf);
1006                 if (val == G_ALERTALTERNATE) {
1007                         gchar *gpgbin = get_gpg_executable_name();
1008                         gchar *cmd = g_strdup_printf("\"%s\" --batch --no-tty --send-keys %s",
1009                                 (gpgbin ? gpgbin : "gpg"), key->fpr);
1010                         debug_print("Executing command: %s\n", cmd);
1011
1012 #ifndef G_OS_WIN32
1013                         int res = 0;
1014                         pid_t pid = 0;
1015                         pid = fork();
1016                         if (pid == -1) {
1017                                 res = -1;
1018                         } else if (pid == 0) {
1019                                 /* son */
1020                                 res = system(cmd);
1021                                 res = WEXITSTATUS(res);
1022                                 _exit(res);
1023                         } else {
1024                                 int status = 0;
1025                                 time_t start_wait = time(NULL);
1026                                 res = -1;
1027                                 do {
1028                                         if (waitpid(pid, &status, WNOHANG) == 0 || !WIFEXITED(status)) {
1029                                                 usleep(200000);
1030                                         } else {
1031                                                 res = WEXITSTATUS(status);
1032                                                 break;
1033                                         }
1034                                         if (time(NULL) - start_wait > 5) {
1035                                                 debug_print("SIGTERM'ing gpg\n");
1036                                                 kill(pid, SIGTERM);
1037                                         }
1038                                         if (time(NULL) - start_wait > 6) {
1039                                                 debug_print("SIGKILL'ing gpg\n");
1040                                                 kill(pid, SIGKILL);
1041                                                 break;
1042                                         }
1043                                 } while(1);
1044                         }
1045
1046                         if (res == 0)
1047                                 exported = TRUE;
1048 #else
1049                         /* We need to call gpg in a separate thread, so that waiting for
1050                          * it to finish does not block the UI. */
1051                         pthread_t pt;
1052                         struct _ExportCtx *ectx = malloc(sizeof(struct _ExportCtx));
1053
1054                         ectx->done = FALSE;
1055                         ectx->exitcode = STILL_ACTIVE;
1056                         ectx->cmd = cmd;
1057
1058                         if (pthread_create(&pt, NULL,
1059                                                 _export_threaded, (void *)ectx) != 0) {
1060                                 debug_print("Couldn't create thread, continuing unthreaded.\n");
1061                                 _export_threaded(ctx);
1062                         } else {
1063                                 debug_print("Thread created, waiting for it to finish...\n");
1064                                 while (!ectx->done)
1065                                         claws_do_idle();
1066                         }
1067
1068                         debug_print("Thread finished.\n");
1069                         pthread_join(pt, NULL);
1070
1071                         if (ectx->exitcode == 0)
1072                                 exported = TRUE;
1073
1074                         g_free(ectx);
1075 #endif
1076                         g_free(cmd);
1077
1078                         if (exported) {
1079                                 alertpanel_notice(_("Key exported."));
1080                         } else {
1081                                 alertpanel_error(_("Couldn't export key."));
1082                         }
1083                 }
1084         }
1085         gpgme_release(ctx);
1086 }
1087
1088 gboolean sgpgme_has_secret_key(void)
1089 {
1090         gpgme_error_t err = 0;
1091         gpgme_ctx_t ctx;
1092         gpgme_key_t key;
1093
1094         err = gpgme_new (&ctx);
1095         if (err) {
1096                 debug_print("err : %s\n", gpgme_strerror(err));
1097                 return TRUE;
1098         }
1099 check_again:
1100         err = gpgme_op_keylist_start(ctx, NULL, TRUE);
1101         if (!err)
1102                 err = gpgme_op_keylist_next(ctx, &key);
1103         gpgme_key_unref(key); /* We're not interested in the key itself. */
1104         gpgme_op_keylist_end(ctx);
1105         if (gpg_err_code(err) == GPG_ERR_EOF) {
1106                 if (gpgme_get_protocol(ctx) != GPGME_PROTOCOL_CMS) {
1107                         gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
1108                         goto check_again;
1109                 }
1110                 gpgme_release(ctx);
1111                 return FALSE;
1112         } else {
1113                 gpgme_release(ctx);
1114                 return TRUE;
1115         }
1116 }
1117
1118 void sgpgme_check_create_key(void)
1119 {
1120         if (prefs_gpg_get_config()->gpg_ask_create_key &&
1121             !sgpgme_has_secret_key()) {
1122                 sgpgme_create_secret_key(NULL, TRUE);
1123         }
1124
1125         prefs_gpg_get_config()->gpg_ask_create_key = FALSE;
1126         prefs_gpg_save_config();
1127 }
1128
1129 void *sgpgme_data_release_and_get_mem(gpgme_data_t data, size_t *len)
1130 {
1131         char buf[BUFSIZ];
1132         void *result = NULL;
1133         ssize_t r = 0;
1134         size_t w = 0;
1135         
1136         cm_return_val_if_fail(data != NULL, NULL);
1137         cm_return_val_if_fail(len != NULL, NULL);
1138
1139         /* I know it's deprecated, but we don't compile with _LARGEFILE */
1140         cm_gpgme_data_rewind(data);
1141         while ((r = gpgme_data_read(data, buf, BUFSIZ)) > 0) {
1142                 void *rresult = realloc(result, r + w);
1143                 if (rresult == NULL) {
1144                         g_warning("can't allocate memory");
1145                         if (result != NULL)
1146                                 free(result);
1147                         return NULL;
1148                 }
1149                 result = rresult;
1150                 memcpy(result+w, buf, r);
1151                 w += r;
1152         }
1153         
1154         *len = w;
1155
1156         gpgme_data_release(data);
1157         if (r < 0) {
1158                 g_warning("gpgme_data_read() returned an error: %d", (int)r);
1159                 free(result);
1160                 *len = 0;
1161                 return NULL;
1162         }
1163         return result;
1164 }
1165
1166 gpgme_error_t cm_gpgme_data_rewind(gpgme_data_t dh)
1167 {
1168 #if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64
1169         if (gpgme_data_seek(dh, (off_t)0, SEEK_SET) == -1)
1170                 return gpg_error_from_errno(errno);
1171         else
1172                 return 0;
1173 #else
1174         return gpgme_data_rewind(dh);
1175 #endif
1176 }
1177
1178 #endif /* USE_GPGME */