Disroot
/
gpg-lacre
9
15
Fork 4
Code Issues 29 Pull Requests 1 Releases 2 Wiki Activity

Compare commits

base: Disroot:19251fa9d2f6818024c2a46aa42d772a378a03a3
Branches Tags
Disroot:main
Disroot:error-handling
Disroot:uncoupleFE
Disroot:fe_theme_st
Disroot:php_update
Disroot:muppdev
Disroot:v0.2.2
Disroot:v0.2.1
Disroot:v0.2
Disroot:v0.2-RC3
Disroot:v0.2-RC2
Disroot:v0.2-RC1
Disroot:PII-2
Disroot:PII-1
Disroot:v0.1
Disroot:v0.1-RC2
Disroot:v0.1-RC1
Disroot:failed-tests
..
compare: Disroot:8006b96df2e48c2aa1a8f76a651816273a6fd2b6
Branches Tags
Disroot:error-handling
Disroot:main
Disroot:uncoupleFE
Disroot:fe_theme_st
Disroot:php_update
Disroot:muppdev
Disroot:v0.2.2
Disroot:v0.2.1
Disroot:v0.2
Disroot:v0.2-RC3
Disroot:v0.2-RC2
Disroot:v0.2-RC1
Disroot:PII-2
Disroot:PII-1
Disroot:v0.1
Disroot:v0.1-RC2
Disroot:v0.1-RC1
Disroot:failed-tests

7 Commits
19251fa9d2 ... 8006b96df2

Author SHA1 Message Date
Piotr F. Mieszkowski 8006b96df2 Rename lacreadm wrapper, mention it in documentation 2024-03-01 19:47:10 +00:00
Piotr F. Mieszkowski f80e4ecb9e Implement a very thin wrapper around 'python -m lacre.admin' 2024-03-01 19:47:10 +00:00
Piotr F. Mieszkowski 676ff47933 Don't ignore 'bin' directory 2024-03-01 19:47:10 +00:00
Piotr F. Mieszkowski f1c135850c lacre.admin: Report misconfiguration 
Also: log more info when the daemon starts.
 2024-03-01 19:47:10 +00:00
pfm ccfaa39501 Merge pull request 'Fix unencrypted delivery' (#144) from v0.2_unencrypted-delivery-fix into main 
Reviewed-on: #144
 2024-03-01 19:34:19 +00:00
Piotr F. Mieszkowski 7806d8c32a
Log message headers on a hard error 
When we know we need to bounce a message and [daemon]log_headers is enabled,
we record up to 2.5kB of message headers at ERROR level.  This could help
diagnosing issues later.

Also: no longer record MIME Type, Charset and Content-Transfer-Encoding, as
the issues related to these properties no longer occur.
 2024-03-01 20:28:51 +01:00
Piotr F. Mieszkowski 04ca103494
Fix unencrypted delivery in case of message generation failure 
When we fail to produce byte representation of the email message being
processed, we may end up bouncing a message.  An example of such case would be
a message with a Message-Id header that Python's email parser library cannot
process.

In such cases, just take whatever original content we have received and pass
it to the destination without touching it to minimise any chances of breaking
the overall flow.
 2024-03-01 20:14:09 +01:00
3 changed files with 36 additions and 17 deletions
Show Stats Expand all files Collapse all files

5
lacre/config.py
View File

@ -143,6 +143,11 @@ def strict_mode():
return ("default" in cfg and cfg["default"]["enc_keymap_only"] == "yes")
def should_log_headers() -> bool:
"""Check if Lacre should log message headers."""
return flag_enabled('daemon', 'log_headers')
class FromStrMixin:
"""Additional operations for configuration enums."""

25
lacre/daemon.py
View File

@ -42,9 +42,6 @@ class MailEncryptionProxy:
if message.defects:
LOG.warning("Issues found: %d; %s", len(message.defects), repr(message.defects))
if conf.flag_enabled('daemon', 'log_headers'):
LOG.info('Message headers: %s', self._extract_headers(message))
send = xport.SendFrom(envelope.mail_from)
for operation in gate.delivery_plan(envelope.rcpt_tos, message, keys):
LOG.debug(f"Sending mail via {operation!r}")
@ -55,21 +52,24 @@ class MailEncryptionProxy:
# If the message can't be encrypted, deliver cleartext.
LOG.error('Unable to encrypt message, delivering in cleartext: %s', e)
if not isinstance(operation, KeepIntact):
self._send_unencrypted(operation, message, envelope, send)
self._send_unencrypted(operation, envelope, send)
else:
LOG.exception('Cannot perform: %s', operation)
raise
except:
LOG.exception('Unexpected exception caught, bouncing message')
return xport.RESULT_ERROR
if conf.should_log_headers():
LOG.error('Erroneous message headers: %s', self._beginning(envelope))
return xport.RESULT_ERRORR
return xport.RESULT_OK
def _send_unencrypted(self, operation, message, envelope, send: xport.SendFrom):
keep = KeepIntact(operation.recipients())
new_message = keep.perform(message)
send(new_message, operation.recipients())
def _send_unencrypted(self, operation, envelope, send: xport.SendFrom):
# Do not parse and re-generate the message, just send it as it is.
send(envelope.original_content, operation.recipients())
def _beginning(self, e: Envelope) -> bytes:
double_eol_pos = e.original_content.find(DOUBLE_EOL_BYTES)
@ -80,13 +80,6 @@ class MailEncryptionProxy:
end = min(limit, 2560)
return e.original_content[0:end]
def _extract_headers(self, message: email.message.Message):
return {
'mime' : message.get_content_type(),
'charsets' : message.get_charsets(),
'cte' : message['Content-Transfer-Encoding']
}
def _seconds_between(self, start_ms, end_ms) -> float:
return (end_ms - start_ms) * 1000

23
test/modules/test_contracts.py
View File

@ -27,7 +27,8 @@ documentation.
import email
import email.mime.multipart
from email.message import EmailMessage
from email.policy import SMTP
from email.policy import SMTP, SMTPUTF8
from email.errors import HeaderParseError
import unittest
from configparser import RawConfigParser
@ -165,6 +166,26 @@ class EmailParsingTest(unittest.TestCase):
self.assertIsInstance(payload, str)
self.assertTrue(message_boundary in payload)
def test_fail_if_message_id_parsing_is_fixed(self):
# Unfortunately, Microsoft sends messages with Message-Id header values
# that email parser can't process.
#
# Bug: https://github.com/python/cpython/issues/105802
# Fix: https://github.com/python/cpython/pull/108133
rawmsg = b"From: alice@lacre.io\r\n" \
+ b"To: bob@lacre.io\r\n" \
+ b"Subject: Test message\r\n" \
+ b"Content-Type: text/plain\r\n" \
+ b"Content-Transfer-Encoding: base64\r\n" \
+ b"Message-Id: <[yada-yada-yada@microsoft.com]>\r\n" \
+ b"\r\n" \
+ b"SGVsbG8sIFdvcmxkIQo=\r\n"
msg = email.message_from_bytes(rawmsg, policy=SMTPUTF8)
self.assertEqual(len(msg.defects), 0)
self.assertRaises(IndexError, lambda: msg['Message-Id'])
class EmailTest(unittest.TestCase):
def test_boundary_generated_after_as_string_call(self):