[daemon] Add configuration, implement no-op filter

- Add a "mailop" module to define mail operations. Each should inherit from MailOperation class (which just defines the contract). - Make lacre.mailgate.delivery_plan always return KeepIntact strategy to have a daemon that just forwards messages without modifying them. - Add sample configuration. - Include daemon configuration in mandatory parameter check.
2022-07-03 23:58:31 +02:00 · 2022-07-03 23:58:31 +02:00 · 6455c1a280
parent 7849c55d9f
commit 6455c1a280
5 changed files with 142 additions and 11 deletions
--- a/gpg-mailgate.conf.sample
+++ b/gpg-mailgate.conf.sample
@ -75,6 +75,14 @@ mail_templates = /var/gpgmailgate/cron_templates
 # https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
 config = /etc/gpg-lacre-logging.conf

+[daemon]
+# Advanced Content Filter section.
+#
+# Advanced filters differ from Simple ones by providing a daemon that handles
+# requests, instead of starting a new process each time a message arrives.
+host = 127.0.0.1
+port = 10025
+
 [relay]
 # the relay settings to use for Postfix
 # gpg-mailgate will submit email to this relay after it is done processing
--- a/lacre/config.py
+++ b/lacre/config.py
@ -16,7 +16,9 @@ CONFIG_PATH_ENV = "GPG_MAILGATE_CONFIG"
 # List of mandatory configuration parameters.  Each item on this list should be
 # a pair: a section name and a parameter name.
 MANDATORY_CONFIG_ITEMS = [("relay", "host"),
-                          ("relay", "port")]
+                          ("relay", "port"),
+                          ("daemon", "host"),
+                          ("daemon", "port")]

 # Global dict to keep configuration parameters.  It's hidden behind several
 # utility functions to make it easy to replace it with ConfigParser object in
@ -99,3 +101,8 @@ def validate_config():
 def relay_params():
    """Return a (HOST, PORT) tuple identifying the mail relay."""
    return (cfg["relay"]["host"], int(cfg["relay"]["port"]))
+
+
+def daemon_params():
+    """Return a (HOST, PORT) tuple to setup a server socket for Lacre daemon."""
+    return (cfg["daemon"]["host"], int(cfg["daemon"]["port"]))
--- a/lacre/daemon.py
+++ b/lacre/daemon.py
@ -3,6 +3,7 @@
 import logging
 import lacre
 import lacre.config as conf
+import sys
 from aiosmtpd.controller import Controller

 # Mail status constants.
@ -28,19 +29,30 @@ class MailEncryptionProxy:
        """Accept a message and either encrypt it or forward as-is."""
        # for now, just return an error because we're not ready to handle mail

-        for r, s in gate.delivery_plan(envelope.rcpt_tos):
-            print(r)
+        for recipient, operation in gate.delivery_plan(envelope.rcpt_tos):
+            new_message = operation.perform(envelope.body)
+            gate.send_msg(new_message, [recipient])

        return RESULT_NOT_IMPLEMENTED


 def _init_controller():
    proxy = MailEncryptionProxy()
-    host, port = conf.relay_params()
+    host, port = conf.daemon_params()
    return Controller(proxy, hostname=host, port=port)


+def _validate_config():
+    missing = conf.validate_config()
+    if missing:
+        params = ", ".join([f"[{tup[0]}]{tup[1]}" for tup in missing])
+        LOG.error(f"Following mandatory parameters are missing: {params}")
+        sys.exit(lacre.EX_CONFIG)
+
+
 def _main():
+    _validate_config()
+
    controller = _init_controller()

    # starts the controller in a new thread
--- a/lacre/mailgate.py
+++ b/lacre/mailgate.py
@ -34,6 +34,7 @@ from M2Crypto import BIO, SMIME, X509
 import logging
 import lacre.text as text
 import lacre.config as conf
+from lacre.mailop import KeepIntact


 LOG = logging.getLogger(__name__)
@ -145,7 +146,7 @@ def _gpg_encrypt(raw_message, recipients):
            encrypted_payloads = _encrypt_all_payloads_mime(raw_message_mime, gpg_to_cmdline_mime)
            raw_message_mime.set_payload(encrypted_payloads)

-            _send_msg(raw_message_mime.as_string(), gpg_to_smtp_mime)
+            send_msg(raw_message_mime.as_string(), gpg_to_smtp_mime)

        if gpg_to_smtp_inline:
            # Encrypt mail with PGP/INLINE
@ -162,7 +163,7 @@ def _gpg_encrypt(raw_message, recipients):
            encrypted_payloads = _encrypt_all_payloads_inline(raw_message_inline, gpg_to_cmdline_inline)
            raw_message_inline.set_payload(encrypted_payloads)

-            _send_msg(raw_message_inline.as_string(), gpg_to_smtp_inline)
+            send_msg(raw_message_inline.as_string(), gpg_to_smtp_inline)

    return ungpg_to

@ -311,7 +312,7 @@ def _smime_encrypt(raw_message, recipients):

        LOG.debug(f"Sending message from {from_addr} to {smime_to}")

-        _send_msg(out.read(), smime_to)
+        send_msg(out.read(), smime_to)
    if unsmime_to:
        LOG.debug(f"Unable to find valid S/MIME certificates for {unsmime_to}")

@ -375,7 +376,8 @@ def _get_first_payload(payloads):
        return payloads


-def _send_msg(message, recipients):
+def send_msg(message, recipients):
+    """Send MESSAGE to RECIPIENTS to the mail relay."""
    global from_addr

    recipients = [_f for _f in recipients if _f]
@ -405,7 +407,7 @@ def _is_encrypted(raw_message):
 def delivery_plan(recipients):
    """Generate a sequence of pairs: a recipient and their delivery strategy."""
    for recipient in recipients:
-        yield recipient, None
+        yield recipient, KeepIntact(recipient)


 def deliver_message(raw_message, from_address, to_addrs):
@ -420,7 +422,7 @@ def deliver_message(raw_message, from_address, to_addrs):
    # There is no need for nested encryption
    if _is_encrypted(raw_message):
        LOG.debug("Message is already encrypted. Encryption aborted.")
-        _send_msg(raw_message.as_string(), recipients_left)
+        send_msg(raw_message.as_string(), recipients_left)
        return

    # Encrypt mails for recipients with known public PGP keys
@ -434,7 +436,7 @@ def deliver_message(raw_message, from_address, to_addrs):
        return

    # Send out mail to recipients which are left
-    _send_msg(raw_message.as_string(), recipients_left)
+    send_msg(raw_message.as_string(), recipients_left)


 def exec_time_info(start_timestamp):
--- a/lacre/mailop.py
+++ b/lacre/mailop.py
@ -0,0 +1,102 @@
+"""Mail operations for a given recipient.
+
+There are 3 operations available:
+
+- OpenPGPEncrypt: to deliver the message to a recipient with an OpenPGP public
+  key available.
+
+- SMimeEncrypt: to deliver the message to a recipient with an S/MIME
+  certificate.
+
+- KeepIntact: a no-operation (implementation of the Null Object pattern), used
+  for messages already encrypted or those who haven't provided their keys or
+  certificates.
+"""
+
+import logging
+import GnuPG
+
+
+LOG = logging.getLogger(__name__)
+
+
+class MailOperation:
+    """Contract for an operation to be performed on a message."""
+
+    def __init__(self, recipient):
+        """Initialise the operation with a recipient."""
+        self._recipient = recipient
+
+    def perform(self, message):
+        """Perform this operation on MESSAGE.
+
+        Return target message.
+        """
+        raise NotImplementedError(self.__class__())
+
+    def recipient(self):
+        """Return recipient of the message."""
+        return self._recipient
+
+
+class OpenPGPEncrypt(MailOperation):
+    """OpenPGP-encrypt the message."""
+
+    def __init__(self, recipient, key, keyhome):
+        """Initialise encryption operation."""
+        super().__init__(recipient)
+        self._key = key
+        self._keyhome = keyhome
+
+    def perform(self, message):
+        """Encrypt MESSAGE with the given key."""
+        enc = GnuPG.GPGEncryptor(self._keyhome)
+        enc.update(message)
+        encrypted, err = enc.encrypt()
+        if err:
+            LOG.error(f"Unable to encrypt message, delivering cleartext (gpg exit code: {err})")
+            return message
+        else:
+            return encrypted
+
+    def __repr__(self):
+        """Generate a representation with just method and key."""
+        return f"<OpenPGP {self._recipient} {self._key}>"
+
+
+class SMimeEncrypt(MailOperation):
+    """S/MIME encryption operation."""
+
+    def __init__(self, recipient, email, certificate):
+        """Initialise S/MIME encryption for a given EMAIL and CERTIFICATE."""
+        super().__init__(recipient)
+        self._email = email
+        self._cert = certificate
+
+    def perform(self, message):
+        """Encrypt with a certificate."""
+        LOG.warning(f"Delivering clear-text to {self._recipient}")
+        return message
+
+    def __repr__(self):
+        """Generate a representation with just method and key."""
+        return f"<S/MIME {self._recipient}, {self._cert}>"
+
+
+class KeepIntact(MailOperation):
+    """A do-nothing operation (Null Object implementation).
+
+    This operation should be used for mail that's already encrypted.
+    """
+
+    def __init__(self, recipient):
+        """Initialise pass-through operation for a given recipient."""
+        super().__init__(recipient)
+
+    def perform(self, message):
+        """Return MESSAGE unmodified."""
+        return message
+
+    def __repr__(self):
+        """Return representation with just method and email."""
+        return f"<KeepIntact {self._recipient}>"