2006-04-05 [colin] 2.1.0cvs1
[claws.git] / src / plugins / pgpcore / sgpgme.c
1 /*
2  * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2006 Hiroyuki Yamamoto & the Sylpheed-Claws team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18  */
19  
20 #ifdef HAVE_CONFIG_H
21 #  include "config.h"
22 #endif
23  
24 #ifdef USE_GPGME
25
26 #include <time.h>
27 #include <gtk/gtk.h>
28 #include <gpgme.h>
29 #include <glib.h>
30 #include <glib/gi18n.h>
31 #include <stdio.h>
32 #include <errno.h>
33 #if HAVE_LOCALE_H
34 #  include <locale.h>
35 #endif
36
37 #include "sgpgme.h"
38 #include "privacy.h"
39 #include "prefs_common.h"
40 #include "utils.h"
41 #include "alertpanel.h"
42 #include "passphrase.h"
43 #include "prefs_gpg.h"
44 #include "select-keys.h"
45
46 static void sgpgme_disable_all(void)
47 {
48     /* FIXME: set a flag, so that we don't bother the user with failed
49      * gpgme messages */
50 }
51
52 gpgme_verify_result_t sgpgme_verify_signature(gpgme_ctx_t ctx, gpgme_data_t sig, 
53                                         gpgme_data_t plain, gpgme_data_t dummy)
54 {
55         gpgme_verify_result_t status = NULL;
56         gpgme_error_t err;
57
58         if ((err = gpgme_op_verify(ctx, sig, plain, dummy)) != GPG_ERR_NO_ERROR) {
59                 debug_print("op_verify err %s\n", gpgme_strerror(err));
60                 return GINT_TO_POINTER(-GPG_ERR_SYSTEM_ERROR);
61                 
62         }
63         status = gpgme_op_verify_result(ctx);
64
65         return status;
66 }
67
68 SignatureStatus sgpgme_sigstat_gpgme_to_privacy(gpgme_ctx_t ctx, gpgme_verify_result_t status)
69 {
70         unsigned long validity = 0;
71         gpgme_signature_t sig = NULL;
72         
73         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
74                 debug_print("system error\n");
75                 return SIGNATURE_CHECK_FAILED;
76         }
77
78         if (status == NULL) {
79                 debug_print("status == NULL\n");
80                 return SIGNATURE_UNCHECKED;
81         }
82         sig = status->signatures;
83
84         if (sig == NULL) {
85                 debug_print("sig == NULL\n");
86                 return SIGNATURE_UNCHECKED;
87         }
88         validity = sig->validity;
89
90         debug_print("err code %d\n", gpg_err_code(sig->status));
91         switch (gpg_err_code(sig->status)) {
92         case GPG_ERR_NO_ERROR:
93                 switch (gpg_err_code(sig->validity)) {
94                 case GPGME_VALIDITY_NEVER:
95                         return SIGNATURE_INVALID;
96                 case GPGME_VALIDITY_UNKNOWN:
97                 case GPGME_VALIDITY_UNDEFINED:
98                 case GPGME_VALIDITY_MARGINAL:
99                 case GPGME_VALIDITY_FULL:
100                 case GPGME_VALIDITY_ULTIMATE:
101                         return SIGNATURE_OK;
102                 default:
103                         return SIGNATURE_CHECK_FAILED;
104                 }
105         case GPG_ERR_SIG_EXPIRED:
106         case GPG_ERR_KEY_EXPIRED:
107                 return SIGNATURE_WARN;
108         case GPG_ERR_BAD_SIGNATURE:
109                 return SIGNATURE_INVALID;
110         case GPG_ERR_NO_PUBKEY:
111                 return SIGNATURE_CHECK_FAILED;
112         default:
113                 return SIGNATURE_CHECK_FAILED;
114         }
115         return SIGNATURE_CHECK_FAILED;
116 }
117
118 static const gchar *get_validity_str(unsigned long validity)
119 {
120         switch (gpg_err_code(validity)) {
121         case GPGME_VALIDITY_UNKNOWN:
122                 return _("Unknown");
123         case GPGME_VALIDITY_UNDEFINED:
124                 return _("Undefined");
125         case GPGME_VALIDITY_NEVER:
126                 return _("Never");
127         case GPGME_VALIDITY_MARGINAL:
128                 return _("Marginal");
129         case GPGME_VALIDITY_FULL:
130                 return _("Full");
131         case GPGME_VALIDITY_ULTIMATE:
132                 return _("Ultimate");
133         default:
134                 return _("Error");
135         }
136 }
137
138 static gchar *extract_name(const char *uid)
139 {
140         if (uid == NULL)
141                 return NULL;
142         if (!strncmp(uid, "CN=", 3)) {
143                 gchar *result = g_strdup(uid+3);
144                 if (strstr(result, ","))
145                         *(strstr(result, ",")) = '\0';
146                 return result;
147         } else if (strstr(uid, ",CN=")) {
148                 gchar *result = g_strdup(strstr(uid, ",CN=")+4);
149                 if (strstr(result, ","))
150                         *(strstr(result, ",")) = '\0';
151                 return result;
152         } else {
153                 return g_strdup(uid);
154         }
155 }
156 gchar *sgpgme_sigstat_info_short(gpgme_ctx_t ctx, gpgme_verify_result_t status)
157 {
158         gpgme_signature_t sig = NULL;
159         gchar *uname = NULL;
160         gpgme_key_t key;
161         gchar *result = NULL;
162         gpgme_error_t err = 0;
163         static gboolean warned = FALSE;
164
165         if (GPOINTER_TO_INT(status) == -GPG_ERR_SYSTEM_ERROR) {
166                 return g_strdup(_("The signature can't be checked - GPG error."));
167         }
168
169         if (status == NULL) {
170                 return g_strdup(_("The signature has not been checked."));
171         }
172         sig = status->signatures;
173         if (sig == NULL) {
174                 return g_strdup(_("The signature has not been checked."));
175         }
176
177         err = gpgme_get_key(ctx, sig->fpr, &key, 0);
178         if (gpg_err_code(err) == GPG_ERR_NO_AGENT) {
179                 if (!warned)
180                         alertpanel_error(_("PGP Core: Can't get key - no gpg-agent running."));
181                 else
182                         g_warning(_("PGP Core: Can't get key - no gpg-agent running."));
183                 warned = TRUE;
184         }
185         if (key)
186                 uname = extract_name(key->uids->uid);
187         else
188                 uname = g_strdup("<?>");
189         switch (gpg_err_code(sig->status)) {
190         case GPG_ERR_NO_ERROR:
191                 switch (gpg_err_code(sig->validity)) {
192                 case GPGME_VALIDITY_MARGINAL:
193                 case GPGME_VALIDITY_FULL:
194                 case GPGME_VALIDITY_ULTIMATE:
195                         result = g_strdup_printf(_("Good signature from %s."), uname);
196                         break;
197                 case GPGME_VALIDITY_UNKNOWN:
198                 case GPGME_VALIDITY_UNDEFINED:
199                 case GPGME_VALIDITY_NEVER:
200                 default:
201                         result = g_strdup_printf(_("Good signature (untrusted) from %s."), uname);
202                         break;
203                 }
204                 break;
205         case GPG_ERR_SIG_EXPIRED:
206                 result = g_strdup_printf(_("Expired signature from %s."), uname);
207                 break;
208         case GPG_ERR_KEY_EXPIRED:
209                 result = g_strdup_printf(_("Expired key from %s."), uname);
210                 break;
211         case GPG_ERR_BAD_SIGNATURE:
212                 result = g_strdup_printf(_("Bad signature from %s."), uname);
213                 break;
214         case GPG_ERR_NO_PUBKEY: {
215                 gchar *id = g_strdup(sig->fpr + strlen(sig->fpr)-8);
216                 result = g_strdup_printf(_("Key 0x%s not available to verify this signature."), id);
217                 g_free(id);
218                 break;
219                 }
220         default:
221                 result = g_strdup(_("The signature has not been checked."));
222                 break;
223         }
224         if (result == NULL)
225                 result = g_strdup(_("Error"));
226         g_free(uname);
227         return result;
228 }
229
230 gchar *sgpgme_sigstat_info_full(gpgme_ctx_t ctx, gpgme_verify_result_t status)
231 {
232         gint i = 0;
233         gchar *ret;
234         GString *siginfo;
235         gpgme_signature_t sig = status->signatures;
236         
237         siginfo = g_string_sized_new(64);
238         while (sig) {
239                 gpgme_user_id_t user = NULL;
240                 gpgme_key_t key;
241
242                 const gchar *keytype, *keyid, *uid;
243                 
244                 gpgme_get_key(ctx, sig->fpr, &key, 0);
245
246                 if (key) {
247                         user = key->uids;
248                         keytype = gpgme_pubkey_algo_name(
249                                         key->subkeys->pubkey_algo);
250                         keyid = key->subkeys->keyid;
251                         uid = user->uid;
252                 } else {
253                         keytype = "?";
254                         keyid = "?";
255                         uid = "?";
256                 }
257                 g_string_append_printf(siginfo,
258                         _("Signature made using %s key ID %s\n"),
259                         keytype, keyid);
260                 
261                 switch (gpg_err_code(sig->status)) {
262                 case GPG_ERR_NO_ERROR:
263                 case GPG_ERR_KEY_EXPIRED:
264                         g_string_append_printf(siginfo,
265                                 _("Good signature from \"%s\" (Trust: %s)\n"),
266                                 uid, get_validity_str(sig->validity));
267                         break;
268                 case GPG_ERR_SIG_EXPIRED:
269                         g_string_append_printf(siginfo,
270                                 _("Expired signature from \"%s\"\n"),
271                                 uid);
272                         break;
273                 case GPG_ERR_BAD_SIGNATURE:
274                         g_string_append_printf(siginfo,
275                                 _("BAD signature from \"%s\"\n"),
276                                 uid);
277                         break;
278                 default:
279                         break;
280                 }
281                 if (sig->status != GPG_ERR_BAD_SIGNATURE) {
282                         gint j = 1;
283                         user = user ? user->next : NULL;
284                         while (user != NULL) {
285                                 g_string_append_printf(siginfo,
286                                         _("                aka \"%s\"\n"),
287                                         user->uid);
288                                 j++;
289                                 user = user->next;
290                         }
291                         g_string_append_printf(siginfo,
292                                 _("Primary key fingerprint: %s\n"), 
293                                 sig ? sig->fpr: "?");
294 #ifdef HAVE_GPGME_PKA_TRUST
295                         if (sig->pka_trust == 1 && sig->pka_address) {
296                                 g_string_append_printf(siginfo,
297                                    _("WARNING: Signer's address \"%s\" "
298                                       "does not match DNS entry\n"), 
299                                    sig->pka_address);
300                         }
301                         else if (sig->pka_trust == 2 && sig->pka_address) {
302                                 g_string_append_printf(siginfo,
303                                    _("Verified signer's address is \"%s\"\n"),
304                                    sig->pka_address);
305                                 /* FIXME: Compare the address to the
306                                  * From: address.  */
307                         }
308 #endif /*HAVE_GPGME_PKA_TRUST*/
309                 }
310
311                 g_string_append(siginfo, "\n");
312                 i++;
313                 sig = sig->next;
314         }
315
316         ret = siginfo->str;
317         g_string_free(siginfo, FALSE);
318         return ret;
319 }
320
321 gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo)
322 {
323         gpgme_data_t data = NULL;
324         gpgme_error_t err;
325         FILE *fp = g_fopen(mimeinfo->data.filename, "rb");
326         gchar *tmp_file = NULL;
327
328         if (!fp) 
329                 return NULL;
330
331         tmp_file = get_tmp_file();
332         copy_file_part(fp, mimeinfo->offset, mimeinfo->length, tmp_file);
333         fclose(fp);
334         fp = g_fopen(tmp_file, "rb");
335         debug_print("tmp file %s\n", tmp_file);
336         if (!fp) 
337                 return NULL;
338         
339         err = gpgme_data_new_from_file(&data, tmp_file, 1);
340         g_unlink(tmp_file);
341         g_free(tmp_file);
342
343         debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length);
344         if (err) {
345                 debug_print ("gpgme_data_new_from_file failed: %s\n",
346                              gpgme_strerror (err));
347                 return NULL;
348         }
349         return data;
350 }
351
352 gpgme_data_t sgpgme_decrypt_verify(gpgme_data_t cipher, gpgme_verify_result_t *status, gpgme_ctx_t ctx)
353 {
354         struct passphrase_cb_info_s info;
355         gpgme_data_t plain;
356         gpgme_error_t err;
357
358         memset (&info, 0, sizeof info);
359         
360         if (gpgme_data_new(&plain) != GPG_ERR_NO_ERROR) {
361                 gpgme_release(ctx);
362                 return NULL;
363         }
364         
365         if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
366                 if (!getenv("GPG_AGENT_INFO")) {
367                         info.c = ctx;
368                         gpgme_set_passphrase_cb (ctx, gpgmegtk_passphrase_cb, &info);
369                 }
370         } else {
371                 info.c = ctx;
372                 gpgme_set_passphrase_cb (ctx, NULL, &info);
373         }
374         
375         
376         if (gpgme_get_protocol(ctx) == GPGME_PROTOCOL_OpenPGP) {
377                 err = gpgme_op_decrypt_verify(ctx, cipher, plain);
378                 if (err != GPG_ERR_NO_ERROR) {
379                         debug_print("can't decrypt (%s)\n", gpgme_strerror(err));
380                         gpgmegtk_free_passphrase();
381                         gpgme_data_release(plain);
382                         return NULL;
383                 }
384
385                 err = gpgme_data_rewind(plain);
386                 if (err) {
387                         debug_print("can't seek (%d %d %s)\n", err, errno, strerror(errno));
388                 }
389
390                 debug_print("decrypted.\n");
391                 *status = gpgme_op_verify_result (ctx);
392         } else {
393                 err = gpgme_op_decrypt(ctx, cipher, plain);
394                 if (err != GPG_ERR_NO_ERROR) {
395                         debug_print("can't decrypt (%s)\n", gpgme_strerror(err));
396                         gpgmegtk_free_passphrase();
397                         gpgme_data_release(plain);
398                         return NULL;
399                 }
400
401                 err = gpgme_data_rewind(plain);
402                 if (err) {
403                         debug_print("can't seek (%d %d %s)\n", err, errno, strerror(errno));
404                 }
405
406                 debug_print("decrypted.\n");
407                 *status = gpgme_op_verify_result (ctx);
408         }
409         return plain;
410 }
411
412 gchar *sgpgme_get_encrypt_data(GSList *recp_names, gpgme_protocol_t proto)
413 {
414         SelectionResult result = KEY_SELECTION_CANCEL;
415         gpgme_key_t *keys = gpgmegtk_recipient_selection(recp_names, &result,
416                                 proto);
417         gchar *ret = NULL;
418         int i = 0;
419
420         if (!keys) {
421                 if (result == KEY_SELECTION_DONT)
422                         return g_strdup("_DONT_ENCRYPT_");
423                 else
424                         return NULL;
425         }
426         while (keys[i]) {
427                 gpgme_subkey_t skey = keys[i]->subkeys;
428                 gchar *fpr = skey->fpr;
429                 gchar *tmp = NULL;
430                 debug_print("adding %s\n", fpr);
431                 tmp = g_strconcat(ret?ret:"", fpr, " ", NULL);
432                 g_free(ret);
433                 ret = tmp;
434                 i++;
435         }
436         return ret;
437 }
438
439 gboolean sgpgme_setup_signers(gpgme_ctx_t ctx, PrefsAccount *account)
440 {
441         GPGAccountConfig *config;
442
443         gpgme_signers_clear(ctx);
444
445         config = prefs_gpg_account_get_config(account);
446
447         if (config->sign_key != SIGN_KEY_DEFAULT) {
448                 gchar *keyid;
449                 gpgme_key_t key;
450                 gpgme_error_t err;
451
452                 if (config->sign_key == SIGN_KEY_BY_FROM)
453                         keyid = account->address;
454                 else if (config->sign_key == SIGN_KEY_CUSTOM)
455                         keyid = config->sign_key_id;
456                 else
457                         return FALSE;
458
459                 err = gpgme_op_keylist_start(ctx, keyid, 1);
460                 if (err) {
461                         g_warning("setup_signers start: %s",
462                                 gpg_strerror(err));
463                         return FALSE;
464                 }
465                 while (!(err = gpgme_op_keylist_next(ctx, &key))) {
466                         gpgme_signers_add(ctx, key);
467                         gpgme_key_release(key);
468                 }
469                 if (err && gpg_err_code(err) != GPG_ERR_EOF) {
470                         g_warning("setup_signers next: %s",
471                                 gpg_strerror(err));
472                         return FALSE;
473                 }
474                 err = gpgme_op_keylist_end(ctx);
475                 if (err) {
476                         g_warning("setup_signers end: %s",
477                                 gpg_strerror(err));
478                         return FALSE;
479                 }
480         }
481
482         prefs_gpg_account_free_config(config);
483
484         return TRUE;
485 }
486
487 void sgpgme_init()
488 {
489         gpgme_engine_info_t engineInfo;
490         if (gpgme_check_version("1.0.0")) {
491 #ifdef LC_CTYPE
492                 gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL));
493 #endif
494 #ifdef LC_MESSAGES
495                 gpgme_set_locale(NULL, LC_MESSAGES, setlocale(LC_MESSAGES, NULL));
496 #endif
497                 if (!gpgme_get_engine_info(&engineInfo)) {
498                         while (engineInfo) {
499                                 debug_print("GpgME Protocol: %s\n      Version: %s\n",
500                                         gpgme_get_protocol_name(engineInfo->protocol),
501                                         engineInfo->version);
502                                 engineInfo = engineInfo->next;
503                         }
504                 }
505         } else {
506                 sgpgme_disable_all();
507
508                 if (prefs_gpg_get_config()->gpg_warning) {
509                         AlertValue val;
510
511                         val = alertpanel_full
512                                 (_("Warning"),
513                                  _("GnuPG is not installed properly, or needs "
514                                  "to be upgraded.\n"
515                                  "OpenPGP support disabled."),
516                                  GTK_STOCK_CLOSE, NULL, NULL, TRUE, NULL,
517                                  ALERT_WARNING, G_ALERTDEFAULT);
518                         if (val & G_ALERTDISABLE)
519                                 prefs_gpg_get_config()->gpg_warning = FALSE;
520                 }
521         }
522 }
523
524 void sgpgme_done()
525 {
526         gpgmegtk_free_passphrase();
527 }
528
529 #endif /* USE_GPGME */