From: Timo Sirainen Date: Wed, 16 Aug 2023 20:58:35 +0000 (-0400) Subject: mail-crypt: Convert plugin settings to regular settings X-Git-Tag: 2.4.1~1183 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b94164b43a8dff604b12f6065100882f84f378b7;p=thirdparty%2Fdovecot%2Fcore.git mail-crypt: Convert plugin settings to regular settings --- diff --git a/src/plugins/mail-crypt/Makefile.am b/src/plugins/mail-crypt/Makefile.am index de5be4988e..5085e6c1e3 100644 --- a/src/plugins/mail-crypt/Makefile.am +++ b/src/plugins/mail-crypt/Makefile.am @@ -41,7 +41,6 @@ endif lib10_mail_crypt_plugin_la_SOURCES = \ crypt-settings.c \ mail-crypt-global-key.c \ - mail-crypt-userenv.c \ mail-crypt-key.c \ mail-crypt-plugin.c @@ -93,8 +92,7 @@ test_mail_key_SOURCES = \ test-mail-key.c \ crypt-settings.c \ mail-crypt-key.c \ - mail-crypt-global-key.c \ - mail-crypt-userenv.c + mail-crypt-global-key.c test_mail_key_LDADD = $(LIBDOVECOT_STORAGE) $(LIBDOVECOT) test_mail_key_DEPENDENCIES = $(LIBDOVECOT_DEPS) $(LIBDOVECOT_STORAGE_DEPS) diff --git a/src/plugins/mail-crypt/crypt-settings.c b/src/plugins/mail-crypt/crypt-settings.c index 54c41089ad..c611d8bc1d 100644 --- a/src/plugins/mail-crypt/crypt-settings.c +++ b/src/plugins/mail-crypt/crypt-settings.c @@ -49,7 +49,7 @@ static const struct setting_define crypt_setting_defines[] = { .filter_array_field_name = "crypt_private_key_name" }, DEF(STR, crypt_user_key_password), DEF(STR, crypt_user_key_curve), - DEF(BOOL, crypt_user_private_key_require_encrypted), + DEF(BOOL, crypt_user_key_require_encrypted), SETTING_DEFINE_LIST_END }; @@ -65,7 +65,7 @@ static const struct crypt_settings crypt_default_settings = { .crypt_user_key_encryption_keys = ARRAY_INIT, .crypt_user_key_password = "", .crypt_user_key_curve = "", - .crypt_user_private_key_require_encrypted = FALSE, + .crypt_user_key_require_encrypted = FALSE, }; const struct setting_parser_info crypt_setting_parser_info = { diff --git a/src/plugins/mail-crypt/crypt-settings.h b/src/plugins/mail-crypt/crypt-settings.h index 3ca18c9f57..0e9fda0469 100644 --- a/src/plugins/mail-crypt/crypt-settings.h +++ b/src/plugins/mail-crypt/crypt-settings.h @@ -23,7 +23,7 @@ struct crypt_settings { ARRAY_TYPE(const_string) crypt_user_key_encryption_keys; const char *crypt_user_key_password; const char *crypt_user_key_curve; /* for generating new user keys */ - bool crypt_user_private_key_require_encrypted; + bool crypt_user_key_require_encrypted; }; extern const struct setting_parser_info crypt_setting_parser_info; diff --git a/src/plugins/mail-crypt/doveadm-mail-crypt.c b/src/plugins/mail-crypt/doveadm-mail-crypt.c index 9b48873eb4..342063f68e 100644 --- a/src/plugins/mail-crypt/doveadm-mail-crypt.c +++ b/src/plugins/mail-crypt/doveadm-mail-crypt.c @@ -9,6 +9,7 @@ #include "buffer.h" #include "ioloop.h" #include "ioloop-private.h" +#include "settings.h" #include "mail-namespace.h" #include "mail-storage.h" #include "mail-storage-private.h" @@ -787,13 +788,23 @@ static int cmd_mcp_key_password_run(struct doveadm_mail_cmd_context *_ctx, ctx->new_password = p_strdup(_ctx->pool, passw); } + const struct crypt_settings *set; + const char *error; + if (settings_get(user->event, &crypt_setting_parser_info, 0, + &set, &error) < 0) { + e_error(cctx->event, "%s", error); + return -1; + } + if (ctx->clear_password && (ctx->new_password != NULL || - mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD) != NULL)) { + set->crypt_user_key_password[0] != '\0')) { doveadm_print("clear password and new password specified"); _ctx->exit_code = EX_USAGE; + settings_free(set); return -1; } + settings_free(set); struct mail_namespace *ns = mail_namespace_find_inbox(user->namespaces); struct mailbox *box = mailbox_alloc(ns->list, "INBOX", 0); @@ -813,7 +824,6 @@ static int cmd_mcp_key_password_run(struct doveadm_mail_cmd_context *_ctx, MAIL_ATTRIBUTE_TYPE_PRIVATE, USER_CRYPT_PREFIX PRIVKEYS_PREFIX); - const char *error; const char *key_id; int ret = 1; unsigned int count = 0; diff --git a/src/plugins/mail-crypt/mail-crypt-common.h b/src/plugins/mail-crypt/mail-crypt-common.h index d3cfd4c339..492bee36ff 100644 --- a/src/plugins/mail-crypt/mail-crypt-common.h +++ b/src/plugins/mail-crypt/mail-crypt-common.h @@ -10,7 +10,6 @@ #define MAIL_CRYPT_KEY_ID_ALGORITHM "sha256" #define MAIL_CRYPT_KEY_ATTRIBUTE_FORMAT DCRYPT_FORMAT_DOVECOT #define MAIL_CRYPT_ACL_SECURE_SHARE_SETTING "mail_crypt_acl_require_secure_key_sharing" -#define MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY "mail_crypt_require_encrypted_user_key" #define MAIL_CRYPT_HASH_BUF_SIZE 128 #define MAIL_CRYPT_KEY_BUF_SIZE 1024 #define ACTIVE_KEY_NAME "active" @@ -22,10 +21,6 @@ MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT_SERVER \ MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT"crypt/" -#define MAIL_CRYPT_USERENV_PASSWORD "mail_crypt_private_password" -#define MAIL_CRYPT_USERENV_KEY "mail_crypt_private_key" -#define MAIL_CRYPT_USERENV_CURVE "mail_crypt_curve" - ARRAY_DEFINE_TYPE(dcrypt_private_key, struct dcrypt_private_key*); #endif diff --git a/src/plugins/mail-crypt/mail-crypt-global-key.c b/src/plugins/mail-crypt/mail-crypt-global-key.c index 807c014dbf..c19f82f613 100644 --- a/src/plugins/mail-crypt/mail-crypt-global-key.c +++ b/src/plugins/mail-crypt/mail-crypt-global-key.c @@ -75,7 +75,7 @@ mail_crypt_key_get_ids(struct dcrypt_private_key *key, } int mail_crypt_load_global_private_key(const char *set_key, const char *key_data, - const char *set_pw, const char *key_password, + const char *key_password, struct mail_crypt_global_keys *global_keys, const char **error_r) { @@ -102,9 +102,9 @@ int mail_crypt_load_global_private_key(const char *set_key, const char *key_data if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_PASSWORD) { /* Fail here if password is not set since openssl will prompt * for it otherwise */ - if (key_password == NULL || key_password[0] == '\0') { - *error_r = t_strdup_printf("%s: %s unset, no password to decrypt the key", - set_key, set_pw); + if (key_password[0] == '\0') { + *error_r = t_strdup_printf("%s: crypt_private_key_password unset, no password to decrypt the key", + set_key); return -1; } } @@ -161,7 +161,7 @@ int mail_crypt_global_keys_load(struct event *event, } if (mail_crypt_load_global_private_key( key_name, key_set->crypt_private_key, - key_name, key_set->crypt_private_key_password, + key_set->crypt_private_key_password, global_keys_r, error_r) < 0) { settings_free(key_set); return -1; diff --git a/src/plugins/mail-crypt/mail-crypt-global-key.h b/src/plugins/mail-crypt/mail-crypt-global-key.h index 38e3af50aa..27375b98ce 100644 --- a/src/plugins/mail-crypt/mail-crypt-global-key.h +++ b/src/plugins/mail-crypt/mail-crypt-global-key.h @@ -25,9 +25,6 @@ int mail_crypt_global_keys_load_from_user(struct mail_user *user, struct mail_crypt_global_keys *global_keys_r, bool ignore_privkey_errors, const char **error_r); -int mail_crypt_global_keys_load_pluginenv(const char *set_prefix, - struct mail_crypt_global_keys *global_keys_r, - const char **error_r); void mail_crypt_global_keys_init(struct mail_crypt_global_keys *global_keys_r); void mail_crypt_global_keys_free(struct mail_crypt_global_keys *global_keys); @@ -35,7 +32,7 @@ int mail_crypt_load_global_public_key(const char *set_key, const char *key_data, struct mail_crypt_global_keys *global_keys, const char **error_r); int mail_crypt_load_global_private_key(const char *set_key, const char *key_data, - const char *set_pw, const char *key_password, + const char *key_password, struct mail_crypt_global_keys *global_keys, const char **error_r); diff --git a/src/plugins/mail-crypt/mail-crypt-key.c b/src/plugins/mail-crypt/mail-crypt-key.c index 47cae24af7..fbd6fed9b5 100644 --- a/src/plugins/mail-crypt/mail-crypt-key.c +++ b/src/plugins/mail-crypt/mail-crypt-key.c @@ -5,6 +5,7 @@ #include "dict.h" #include "array.h" #include "var-expand.h" +#include "settings.h" #include "mail-storage.h" #include "mailbox-attribute.h" #include "mail-crypt-common.h" @@ -165,15 +166,52 @@ int mail_crypt_public_key_id_match(struct dcrypt_public_key *key, return 1; } +static int +mail_crypt_user_encryption_keys_load(struct event *event, + const struct crypt_settings *set, + struct mail_crypt_global_keys *global_keys_r, + const char **error_r) +{ + const struct crypt_private_key_settings *key_set; + const char *key_name, *error; + + mail_crypt_global_keys_init(global_keys_r); + if (!array_is_created(&set->crypt_user_key_encryption_keys)) + return 0; + + array_foreach_elem(&set->crypt_user_key_encryption_keys, key_name) { + if (settings_get_filter(event, "crypt_user_key_encryption_key", + key_name, + &crypt_private_key_setting_parser_info, + 0, &key_set, &error) < 0) { + *error_r = t_strdup_printf( + "Failed to get crypt_private_key %s: %s", + key_name, error); + return -1; + } + if (mail_crypt_load_global_private_key( + key_name, key_set->crypt_private_key, + key_set->crypt_private_key_password, + global_keys_r, &error) < 0) { + /* skip this key */ + e_debug(event, "%s - skipping", error); + } + settings_free(key_set); + } + return 0; +} + static int mail_crypt_env_get_private_key(struct mail_user *user, const char *pubid, struct dcrypt_private_key **key_r, const char **error_r) { + struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); struct mail_crypt_global_keys global_keys; int ret = 0; - if (mail_crypt_global_keys_load_from_user(user, "mail_crypt", - &global_keys, TRUE, error_r) < 0) { + + if (mail_crypt_user_encryption_keys_load(user->event, muser->set, + &global_keys, error_r) < 0) { mail_crypt_global_keys_free(&global_keys); return -1; } @@ -216,6 +254,7 @@ int mail_crypt_decrypt_private_key(struct mailbox *box, const char *pubid, const char *enc_hash = NULL, *key_hash = NULL, *pw = NULL; struct dcrypt_private_key *key = NULL, *dec_key = NULL; struct mail_user *user = mail_storage_get_user(mailbox_get_storage(box)); + struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); int ret = 0; i_assert(pubid != NULL); @@ -246,8 +285,8 @@ int mail_crypt_decrypt_private_key(struct mailbox *box, const char *pubid, if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_NONE) { /* no key or password */ } else if (enc_type == DCRYPT_KEY_ENCRYPTION_TYPE_PASSWORD) { - pw = mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD); - if (pw == NULL) { + pw = muser->set->crypt_user_key_password; + if (pw[0] == '\0') { *error_r = t_strdup_printf("Cannot decrypt key %s: " "Password not available", pubid); @@ -421,15 +460,15 @@ int mail_crypt_set_private_key(struct mailbox_transaction_context *t, struct mail_user *user = mail_storage_get_user( mailbox_get_storage( mailbox_transaction_get_mailbox(t))); + struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); const char *attr_name = mail_crypt_get_key_path(user_key, FALSE, pubid); struct mail_attribute_value value; int ret; if (enc_key != NULL) { algo = MAIL_CRYPT_KEY_CIPHER; - } else if (user_key && - (pw = mail_user_plugin_getenv(user,MAIL_CRYPT_USERENV_PASSWORD)) - != NULL) { + } else if (user_key && muser->set->crypt_user_key_password[0] != '\0') { + pw = muser->set->crypt_user_key_password; algo = MAIL_CRYPT_PW_CIPHER; } @@ -466,6 +505,7 @@ int mail_crypt_user_set_private_key(struct mail_user *user, const char *pubid, struct dcrypt_private_key *key, const char **error_r) { + struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); struct dcrypt_private_key *env_key = NULL; struct dcrypt_public_key *enc_key = NULL; struct mailbox_transaction_context *t; @@ -479,14 +519,11 @@ int mail_crypt_user_set_private_key(struct mail_user *user, const char *pubid, dcrypt_key_unref_private(&env_key); } - bool require_encrypted_user_key = - mail_user_plugin_getenv_bool(user, MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY); - - if (require_encrypted_user_key && - mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_PASSWORD) == NULL && - mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_KEY) == NULL) - { - *error_r = MAIL_CRYPT_REQUIRE_ENCRYPTED_USER_KEY " set, cannot " + if (muser->set->crypt_user_key_require_encrypted && + muser->set->crypt_user_key_password[0] == '\0' && + (!array_is_created(&muser->set->crypt_user_key_encryption_keys) || + array_is_empty(&muser->set->crypt_user_key_encryption_keys))) { + *error_r = "crypt_user_key_require_encrypted set, cannot " "generate user keypair without password or key"; return -1; } @@ -966,8 +1003,8 @@ int mail_crypt_generate_keypair(const char *curve, const char **pubid_r, const char **error_r) { - if (curve == NULL) { - *error_r = MAIL_CRYPT_USERENV_CURVE " not set, cannot generate EC key"; + if (curve[0] == '\0') { + *error_r = "crypt_user_key_curve not set, cannot generate EC key"; return -1; } @@ -993,9 +1030,9 @@ int mail_crypt_user_generate_keypair(struct mail_user *user, const char **error_r) { struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); - const char *curve = mail_user_plugin_getenv(user, MAIL_CRYPT_USERENV_CURVE); - if (mail_crypt_generate_keypair(curve, pair, pubid_r, error_r) < 0) { + if (mail_crypt_generate_keypair(muser->set->crypt_user_key_curve, + pair, pubid_r, error_r) < 0) { return -1; } @@ -1019,8 +1056,6 @@ int mail_crypt_box_generate_keypair(struct mailbox *box, int ret; struct mail_user *user = mail_storage_get_user(mailbox_get_storage(box)); struct mail_crypt_user *muser = mail_crypt_get_mail_crypt_user(user); - const char *curve = mail_user_plugin_getenv(user, - MAIL_CRYPT_USERENV_CURVE); if (user_key == NULL) { if ((ret = mail_crypt_user_get_public_key(user, @@ -1047,7 +1082,9 @@ int mail_crypt_box_generate_keypair(struct mailbox *box, dcrypt_key_ref_public(user_key); } - if ((ret = mail_crypt_generate_keypair(curve, pair, pubid_r, error_r)) < 0) { + ret = mail_crypt_generate_keypair(muser->set->crypt_user_key_curve, + pair, pubid_r, error_r); + if (ret < 0) { /* failed */ } else if ((ret = mail_crypt_box_set_keys(box, *pubid_r, pair->priv, user_key, pair->pub, diff --git a/src/plugins/mail-crypt/mail-crypt-plugin.c b/src/plugins/mail-crypt/mail-crypt-plugin.c index a2627b01b7..2caaed41d7 100644 --- a/src/plugins/mail-crypt/mail-crypt-plugin.c +++ b/src/plugins/mail-crypt/mail-crypt-plugin.c @@ -15,6 +15,7 @@ #include "istream-seekable.h" #include "ostream.h" #include "ostream-encrypt.h" +#include "settings.h" #include "mail-user.h" #include "mail-copy.h" #include "index-storage.h" @@ -22,6 +23,7 @@ #include "mail-crypt-common.h" #include "mail-crypt-key.h" #include "mail-crypt-plugin.h" +#include "crypt-settings.h" #include "sha2.h" #include "dcrypt-iostream.h" #include "hex-binary.h" @@ -259,12 +261,12 @@ mail_crypt_mail_save_begin(struct mail_save_context *ctx, enum io_stream_encrypt_flags enc_flags = 0; if (muser != NULL) { - if (muser->save_version == 1) { + if (muser->set->crypt_write_version == 1) { enc_flags = IO_STREAM_ENC_VERSION_1; - } else if (muser->save_version == 2) { + } else if (muser->set->crypt_write_version == 2) { enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD; } else { - i_assert(muser->save_version == 0); + i_assert(muser->set->crypt_write_version == 0); } } @@ -297,13 +299,13 @@ mail_crypt_mail_save_begin(struct mail_save_context *ctx, return ret; } - if (muser->save_version < 2) { + if (muser->set->crypt_write_version < 2) { mail_storage_set_error(box->storage, MAIL_ERROR_PARAMS, t_strdup_printf("generate_keypair(%s) failed: " - "unsupported save_version=%d", + "unsupported crypt_write_version=%d", mailbox_get_vname(box), - muser->save_version)); + muser->set->crypt_write_version)); return -1; } @@ -355,7 +357,7 @@ mail_crypt_mailbox_copy(struct mail_save_context *ctx, struct mail *mail) /* Within same user, consider safe only the case where encryption is enabled and keys are global. */ raw_copy = muser != NULL && - muser->save_version != 0 && + muser->set->crypt_write_version != 0 && muser->global_keys.public_key != NULL; } @@ -396,7 +398,7 @@ static void mail_crypt_mailbox_allocated(struct mailbox *box) v->save_begin = mail_crypt_mail_save_begin; v->copy = mail_crypt_mailbox_copy; - if (muser == NULL || muser->save_version == 0) + if (muser == NULL || muser->set->crypt_write_version == 0) v->save_finish = mail_crypt_mail_save_finish; } } @@ -408,6 +410,7 @@ static void mail_crypt_mail_user_deinit(struct mail_user *user) mail_crypt_key_cache_destroy(&muser->key_cache); mail_crypt_global_keys_free(&muser->global_keys); mail_crypt_cache_close(muser); + settings_free(muser->set); muser->module_ctx.super.deinit(user); } @@ -415,48 +418,42 @@ static void mail_crypt_mail_user_created(struct mail_user *user) { struct mail_user_vfuncs *v = user->vlast; struct mail_crypt_user *muser; - const char *error = NULL; + const char *error; muser = p_new(user->pool, struct mail_crypt_user, 1); muser->module_ctx.super = *v; user->vlast = &muser->module_ctx.super; - const char *curve = mail_user_plugin_getenv(user, "mail_crypt_curve"); + if (settings_get(user->event, &crypt_setting_parser_info, 0, + &muser->set, &error) < 0) { + user->error = p_strdup(user->pool, error); + return; + } + buffer_t *tmp = t_str_new(64); - if (curve == NULL || *curve == '\0') { - e_debug(user->event, "mail_crypt_plugin: mail_crypt_curve setting " + if (muser->set->crypt_user_key_curve[0] == '\0') { + e_debug(user->event, "mail_crypt_plugin: crypt_user_key_curve setting " "missing - generating EC keys disabled"); - } else if (!dcrypt_name2oid(curve, tmp, &error)) { + } else if (!dcrypt_name2oid(muser->set->crypt_user_key_curve, tmp, &error)) { user->error = p_strdup_printf(user->pool, "mail_crypt_plugin: " - "invalid mail_crypt_curve setting %s: %s", - curve, error); - } else { - muser->curve = p_strdup(user->pool, curve); + "invalid crypt_user_key_curve setting %s: %s", + muser->set->crypt_user_key_curve, error); } - const char *version = mail_user_plugin_getenv(user, - "mail_crypt_save_version"); - - if (version == NULL || *version == '\0') { + if (muser->set->crypt_write_version == UINT_MAX) { user->error = p_strdup_printf(user->pool, "mail_crypt_plugin: " - "mail_crypt_save_version setting missing"); - } else if (version[0] == '0') { - muser->save_version = 0; - } else if (version[0] == '1') { - muser->save_version = 1; - } else if (version[0] == '2') { - muser->save_version = 2; - } else { + "crypt_write_version setting missing"); + } else if (muser->set->crypt_write_version > 2) { user->error = p_strdup_printf(user->pool, "mail_crypt_plugin: Invalid " - "mail_crypt_save_version %s: use 0, 1, or 2 ", - version); + "crypt_write_version %u: use 0, 1, or 2 ", + muser->set->crypt_write_version); } - if (mail_crypt_global_keys_load_from_user(user, "mail_crypt_global", - &muser->global_keys, FALSE, &error) < 0) { + if (mail_crypt_global_keys_load(user->event, muser->set, + &muser->global_keys, &error) < 0) { user->error = p_strdup_printf(user->pool, "mail_crypt_plugin: %s", error); } diff --git a/src/plugins/mail-crypt/mail-crypt-plugin.h b/src/plugins/mail-crypt/mail-crypt-plugin.h index 4556a92973..f9335c8001 100644 --- a/src/plugins/mail-crypt/mail-crypt-plugin.h +++ b/src/plugins/mail-crypt/mail-crypt-plugin.h @@ -15,11 +15,10 @@ struct mail_crypt_cache { struct mail_crypt_user { union mail_user_module_context module_ctx; + const struct crypt_settings *set; struct mail_crypt_global_keys global_keys; struct mail_crypt_cache cache; struct mail_crypt_key_cache_entry *key_cache; - const char *curve; - int save_version; }; void mail_crypt_plugin_init(struct module *module); diff --git a/src/plugins/mail-crypt/mail-crypt-userenv.c b/src/plugins/mail-crypt/mail-crypt-userenv.c deleted file mode 100644 index 3f7c684a47..0000000000 --- a/src/plugins/mail-crypt/mail-crypt-userenv.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Copyright (c) 2015-2018 Dovecot authors, see the included COPYING file */ -#include "lib.h" -#include "str.h" -#include "mail-user.h" -#include "mail-crypt-common.h" -#include "mail-crypt-key.h" - -static int -mail_crypt_load_global_private_keys(struct mail_user *user, - const char *set_prefix, - struct mail_crypt_global_keys *global_keys, - bool ignore_errors, - const char **error_r) -{ - string_t *set_key = t_str_new(64); - str_append(set_key, set_prefix); - str_append(set_key, "_private_key"); - size_t prefix_len = str_len(set_key); - - unsigned int i = 1; - const char *key_data; - while ((key_data = mail_user_plugin_getenv(user, str_c(set_key))) != NULL) { - const char *set_pw = t_strconcat(str_c(set_key), "_password", NULL); - const char *password = mail_user_plugin_getenv(user, set_pw); - if (*key_data != '\0' && - mail_crypt_load_global_private_key(str_c(set_key), key_data, - set_pw, password, - global_keys, - error_r) < 0) { - /* skip this key */ - if (ignore_errors) { - e_debug(user->event, "mail-crypt-plugin: " - "mail_crypt_load_global_private_key failed: %s", - *error_r); - *error_r = NULL; - continue; - } - return -1; - } - str_truncate(set_key, prefix_len); - str_printfa(set_key, "%u", ++i); - } - return 0; -} - -int mail_crypt_global_keys_load_from_user(struct mail_user *user, const char *set_prefix, - struct mail_crypt_global_keys *global_keys_r, - bool ignore_privkey_errors, - const char **error_r) -{ - const char *set_key = t_strconcat(set_prefix, "_public_key", NULL); - const char *key_data = mail_user_plugin_getenv(user, set_key); - - mail_crypt_global_keys_init(global_keys_r); - if (key_data != NULL && *key_data != '\0') { - if (mail_crypt_load_global_public_key(set_key, - key_data, - global_keys_r, - error_r) < 0) - return -1; - } - if (mail_crypt_load_global_private_keys(user, set_prefix, global_keys_r, - ignore_privkey_errors, - error_r) < 0) - return -1; - return 0; -} diff --git a/src/plugins/mail-crypt/test-mail-global-key.c b/src/plugins/mail-crypt/test-mail-global-key.c index 94f7eb1fc7..2f4b686439 100644 --- a/src/plugins/mail-crypt/test-mail-global-key.c +++ b/src/plugins/mail-crypt/test-mail-global-key.c @@ -7,74 +7,25 @@ #include "str.h" #include "dcrypt.h" #include "hex-binary.h" +#include "settings.h" #include "mail-crypt-common.h" #include "mail-crypt-key.h" -struct test_settings { - ARRAY(const char *) plugin_envs; -}; - -static struct test_settings test_set; - static const char *settings[] = { - "mail_crypt_global_private_key", + "crypt_global_private_key", "nopw pw", + "crypt_global_private_key/nopw/crypt_private_key", "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1lJdWZKWlplMlk2aUZ6NXgKa29Jb3lzYjNkWkxaV3N5ZWtqT2MvR2pzTGQyaFJBTkNBQVNuSVdnUXVoRThqcUFMY21maXVuUnlFazd2a3EveQphOXZZSzUwYjNjRmhDc0xVNHRmVlRMa0IxWS82VmxaajYzUUtNelhOdms1RzVPRDFvZkVsY3B5agotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==", - "mail_crypt_global_public_key", + "crypt_global_public_key", "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFcHlGb0VMb1JQSTZnQzNKbjRycDBjaEpPNzVLdgo4bXZiMkN1ZEc5M0JZUXJDMU9MWDFVeTVBZFdQK2xaV1krdDBDak0xemI1T1J1VGc5YUh4SlhLY293PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", - "mail_crypt_global_private_key2", + "crypt_global_private_key/pw/crypt_private_key", "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUhlTUVrR0NTcUdTSWIzRFFFRkRUQThNQnNHQ1NxR1NJYjNEUUVGRERBT0JBaXA2cUpja1FET3F3SUNDQUF3CkhRWUpZSVpJQVdVREJBRXFCQkFXN09oUFRlU0xSOExLcGYwZjZHa3ZCSUdRZk5rYUpodnM2VWVWS2RkN2NzdFMKMURSNXJYTWtON09FbVNjTTljRlk2UDVrMzdnY1VJUFZudTQrOTFYZUE1MTU2cnBpUEpycEdkZnprcjhPNVFqZApsMWRycmR6Z0hqZHE4T2VmbUR1MEEzMjRZd25SS3hGRExUcjlHMkxVMkhoYmV6a0xjV1FwMVJISDZsNXRRcUtwCjZid05iMnc3OXhCb01YSjN6MVZqcElOZk9wRnJ6M3lucVlqUXhseTIrQjg2Ci0tLS0tRU5EIEVOQ1JZUFRFRCBQUklWQVRFIEtFWS0tLS0tCg==", - "mail_crypt_global_private_key2_password", + "crypt_global_private_key/pw/crypt_private_key_password", "password", + NULL }; -static -const char *mail_crypt_plugin_getenv(const struct test_settings *set, - const char *name) -{ - const char *const *envs; - unsigned int i, count; - - if (set == NULL) - return NULL; - - if (!array_is_created(&set->plugin_envs)) - return NULL; - - envs = array_get(&set->plugin_envs, &count); - for (i = 0; i < count; i += 2) { - if (strcmp(envs[i], name) == 0) - return envs[i+1]; - } - return NULL; -} - -static int -mail_crypt_load_global_private_keys(const struct test_settings *set, - const char *set_prefix, - struct mail_crypt_global_keys *global_keys, - const char **error_r) -{ - string_t *set_key = t_str_new(64); - str_append(set_key, set_prefix); - str_append(set_key, "_private_key"); - size_t prefix_len = str_len(set_key); - - unsigned int i = 1; - const char *key_data; - while ((key_data = mail_crypt_plugin_getenv(set, str_c(set_key))) != NULL) { - const char *set_pw = t_strconcat(str_c(set_key), "_password", NULL); - const char *password = mail_crypt_plugin_getenv(set, set_pw); - if (*key_data != '\0' && - mail_crypt_load_global_private_key(str_c(set_key), key_data, - set_pw, password, - global_keys, error_r) < 0) - return -1; - str_truncate(set_key, prefix_len); - str_printfa(set_key, "%u", ++i); - } - return 0; -} +static struct settings_simple test_set; static void test_setup(void) { @@ -86,8 +37,7 @@ static void test_setup(void) i_info("No functional dcrypt backend found - skipping tests: %s", error); test_exit(0); } - i_array_init(&test_set.plugin_envs, 8); - array_append(&test_set.plugin_envs, settings, N_ELEMENTS(settings)); + settings_simple_init(&test_set, settings); } static void test_try_load_keys(void) @@ -99,45 +49,37 @@ static void test_try_load_keys(void) const char *error = NULL; test_begin("try_load_keys"); - struct mail_crypt_global_keys keys; - i_zero(&keys); - mail_crypt_global_keys_init(&keys); - - const char *set_prefix = "mail_crypt_global"; - const char *set_key = t_strconcat(set_prefix, "_public_key", NULL); - const char *key_data = mail_crypt_plugin_getenv(&test_set, set_key); - - test_assert(key_data != NULL); - - if (key_data != NULL) { - test_assert(mail_crypt_load_global_public_key(set_key, key_data, - &keys, &error) == 0); - test_assert(mail_crypt_load_global_private_keys(&test_set, set_prefix, - &keys, &error) == 0); - /* did we get two private keys? */ - test_assert(array_count(&keys.private_keys) == 2); + const struct crypt_settings *set; + if (settings_get(test_set.event, &crypt_setting_parser_info, 0, + &set, &error) < 0) + i_fatal("%s", error); - /* public key id checks */ + struct mail_crypt_global_keys keys; + if (mail_crypt_global_keys_load(test_set.event, set, &keys, &error) < 0) + i_fatal("%s", error); - buffer_set_used_size(key_id, 0); - test_assert(dcrypt_key_id_public(keys.public_key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); - test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0); + /* did we get two private keys? */ + test_assert(array_count(&keys.private_keys) == 2); - const struct mail_crypt_global_private_key *key = - array_front(&keys.private_keys); + /* public key id checks */ + buffer_set_used_size(key_id, 0); + test_assert(dcrypt_key_id_public(keys.public_key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); + test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0); - buffer_set_used_size(key_id, 0); - test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); - test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0); + const struct mail_crypt_global_private_key *key = + array_front(&keys.private_keys); - key = array_idx(&keys.private_keys, 1); - buffer_set_used_size(key_id, 0); - test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); - test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid2) == 0); + buffer_set_used_size(key_id, 0); + test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); + test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid1) == 0); - } + key = array_idx(&keys.private_keys, 1); + buffer_set_used_size(key_id, 0); + test_assert(dcrypt_key_id_private(key->key, MAIL_CRYPT_KEY_ID_ALGORITHM, key_id, &error) == TRUE); + test_assert(strcmp(binary_to_hex(key_id->data, key_id->used), pubid2) == 0); mail_crypt_global_keys_free(&keys); + settings_free(set); test_end(); } @@ -156,7 +98,7 @@ static void test_empty_keyset(void) static void test_teardown(void) { - array_free(&test_set.plugin_envs); + settings_simple_deinit(&test_set); dcrypt_deinitialize(); } diff --git a/src/plugins/mail-crypt/test-mail-key.c b/src/plugins/mail-crypt/test-mail-key.c index b6726c9094..03bc190a2d 100644 --- a/src/plugins/mail-crypt/test-mail-key.c +++ b/src/plugins/mail-crypt/test-mail-key.c @@ -21,6 +21,10 @@ static const char *test_user_key_id; static const char *test_box_key_id; static struct mail_crypt_user mail_crypt_user; +static struct crypt_settings mail_crypt_settings = { + .crypt_user_key_curve = "prime256v1", + .crypt_user_key_password = "", +}; struct mail_crypt_user *mail_crypt_get_mail_crypt_user(struct mail_user *user ATTR_UNUSED) { @@ -371,7 +375,6 @@ static void test_setup(void) test_ctx = test_mail_storage_init(); const char *username = "mcp_test@example.com"; const char *const extra_input[] = { - t_strdup_printf("mail_crypt_curve=prime256v1"), "mail_attribute/dict_driver=file", t_strdup_printf("dict_file_path=%s/%s/dovecot-attributes", test_ctx->home_root, username), @@ -384,6 +387,7 @@ static void test_setup(void) .extra_input = extra_input, }; test_mail_storage_init_user(test_ctx, &storage_set); + mail_crypt_user.set = &mail_crypt_settings; mail_crypt_key_register_mailbox_internal_attributes(); }