Lacre
/
lacre-webgate
5
2
Fork 0
Code Issues 9 Pull Requests 1 Packages Projects Releases 2 Wiki Activity

Merge pull request 'Add identity table' (#11) from identity-table into main 

Reviewed-on: #11
This commit is contained in:
pfm 2023-12-02 18:56:00 +00:00
parent 6fecb95182 ca8bda5a83
commit 750014e588
13 changed files with 123 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README → README.md
View File

@ -2,6 +2,8 @@ Lacre Webgate
--------------
This is Lacre's simple php based frontend. It has been forked from [gpg-mailgate](https://github.com/fkrone/gpg-mailgate) project and it is a continuation of the original work. Special thanks to all those who have contributed to amazing work of gpg-mailgate-web and those who are willing to contribute to Lacre to improve security of email storage.
For the backend, see [lacre](https://git.disroot.org/Disroot/gpg-lacre).
Lacre-Webgate is a simple web interface designed to allow any web user to upload their PGP public key and then have all mail sent via your mail server be encrypted. (Note: this is not meant for email authentication, only encryption.)
After submitting their key to a web form, the user will be required to confirm their email address. A cron script will register the public key with gpg-lacre (keyhome_only must be set to no currently, which is the default) after email confirmation. From then on, email to the specified address will be encrypted with the public key.
@ -15,16 +17,16 @@ Note that all processing relating to the mail server is done via the cron script
1. Installation instructions:
Below instructions assume working gpg-Lacre setup (backend) as well as working web-server (eg. nginx+php8) and sql database (eg. mariadb).
1) Create a MySQL database for Lacre-Web.
1) Create a MySQL database for Lacre-Web.
a) Schema file is located in schema.sql
b) Database name and account goes in /etc/gpg-lacre.conf (and set enabled = yes)
3) Copy the contents of public_html to your web directory.
4) Move config.sample.php to config.php and edit the configuration file.
5) Copy cron.py to /usr/local/bin/Lacre-web-cron.py and set up a cron job
```
2) Copy the contents of public_html to your web directory.
3) Move config.sample.php to config.php and edit the configuration file.
4) Copy cron.py to /usr/local/bin/Lacre-web-cron.py and set up a cron job
```
*/3 * * * * lacre /usr/bin/python /usr/local/bin/Lacre-web-cron.py > /dev/null
```
6) Ensure that cron is working and test your new Lacre-web installation!
5) Ensure that cron is working and test your new Lacre-web installation!
2. Customization:
Lacre-Webgate allows for customization of css as well as templates. You can add your custom theme to `/themes/`. You can switch theme by adjusting `$config['site_theme']` in config.php` where the name is the theme's directory name.

12
cron.py
View File

@ -1,22 +1,22 @@
#!/usr/bin/python
#
# gpg-mailgate
# lacre
#
# This file is part of the gpg-mailgate source code.
# This file is part of the lacre source code.
#
# gpg-mailgate is free software: you can redistribute it and/or modify
# lacre is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# gpg-mailgate source code is distributed in the hope that it will be useful,
# lacre source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
# along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
#
from configparser import RawConfigParser
@ -88,7 +88,7 @@ def define_db_schema():
return (gpgmw_keys)
# Read configuration from /etc/gpg-mailgate.conf
# Read configuration from /etc/lacre.conf
conf.load_config()
lacre.init_logging(conf.get_item('logging', 'config'))

12
public_html/config.default.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/
@ -29,7 +29,7 @@
$config['email_web'] = 'admin@example.com';
//address to send emails from
$config['email_from'] = 'gpg-mailgate-web@example.com';
$config['email_from'] = 'lacre-web@example.com';
//this will be used as the subject when a user requests to add a PGP key
$config['email_subject_requestpgp'] = 'Confirm your email address';

10
public_html/confirm.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

12
public_html/include/common.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/
@ -36,7 +36,7 @@ function includePath() {
return substr($self, 0, $lastSlash + 1);
}
//returns a relative path to the gpg-mailgate-web web root directory, without trailing slash
//returns a relative path to the lacre-web web root directory, without trailing slash
function basePath() {
$commonPath = __FILE__;
$requestPath = $_SERVER['SCRIPT_FILENAME'];

10
public_html/include/config.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

10
public_html/include/dbconnect.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

10
public_html/include/language.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

24
public_html/include/lock.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/
@ -39,7 +39,7 @@ function checkLock($action) {
$ip = $_SERVER['REMOTE_ADDR'];
$result = databaseQuery("SELECT id, time, num FROM gpgmw_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
$result = databaseQuery("SELECT id, time, num FROM lacre_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
if($row = $result->fetch()) {
$id = $row['id'];
$time = $row['time'];
@ -76,7 +76,7 @@ function lockAction($action) {
$replace_id = -1;
//first find records with ip/action
$result = databaseQuery("SELECT id, time, num FROM gpgmw_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
$result = databaseQuery("SELECT id, time, num FROM lacre_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
if($row = $result->fetch()) {
$id = $row['id'];
$time = $row['time'];
@ -92,10 +92,10 @@ function lockAction($action) {
//increase the count; maybe initiate an OVERLOAD
$count = $count + 1;
if($count >= $lock_count_overload[$action]) {
databaseQuery("UPDATE gpgmw_locks SET num = '-1', time = ? WHERE ip = ?", array(time(), $ip));
databaseQuery("UPDATE lacre_locks SET num = '-1', time = ? WHERE ip = ?", array(time(), $ip));
return false;
} else {
databaseQuery("UPDATE gpgmw_locks SET num = ?, time = ? WHERE ip = ?", array($count, time(), $ip));
databaseQuery("UPDATE lacre_locks SET num = ?, time = ? WHERE ip = ?", array($count, time(), $ip));
}
}
} else {
@ -107,16 +107,16 @@ function lockAction($action) {
}
}
} else {
databaseQuery("INSERT INTO gpgmw_locks (ip, time, action, num) VALUES (?, ?, ?, '1')", array($ip, time(), $action));
databaseQuery("INSERT INTO lacre_locks (ip, time, action, num) VALUES (?, ?, ?, '1')", array($ip, time(), $action));
}
if($replace_id != -1) {
databaseQuery("UPDATE gpgmw_locks SET num = '1', time = ? WHERE id = ?", array(time(), $replace_id));
databaseQuery("UPDATE lacre_locks SET num = '1', time = ? WHERE id = ?", array(time(), $replace_id));
}
//some housekeeping
$delete_time = time() - $lock_time_max;
databaseQuery("DELETE FROM gpgmw_locks WHERE time <= ?", array($delete_time));
databaseQuery("DELETE FROM lacre_locks WHERE time <= ?", array($delete_time));
return true;
}

22
public_html/include/pgp.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/
@ -42,17 +42,17 @@ function requestPGP($email, $key) {
}
//housekeeping
databaseQuery("DELETE FROM gpgmw_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
databaseQuery("DELETE FROM lacre_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
//if we already have an unaccepted key for this user, only replace if one day has elapsed since the last request
// this may prevent spam
$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM gpgmw_keys WHERE email = ? AND status = 0", array($email));
$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM lacre_keys WHERE email = ? AND status = 0", array($email));
if($row = $result->fetch()) {
if($row[0] < 24) {
return $lang['submit_error_alreadyqueue'];
} else {
databaseQuery('DELETE FROM gpgmw_keys WHERE id = ?', array($row[1]));
databaseQuery('DELETE FROM lacre_keys WHERE id = ?', array($row[1]));
}
}
@ -75,7 +75,7 @@ function requestPGP($email, $key) {
return $lang['submit_error_emailfail'];
}
databaseQuery("INSERT INTO gpgmw_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
databaseQuery("INSERT INTO lacre_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
return true;
}
@ -87,10 +87,10 @@ function confirmPGP($email, $confirm) {
return false;
}
$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
$result = databaseQuery("SELECT id FROM lacre_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
if($row = $result->fetch()) {
databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
databaseQuery("UPDATE lacre_keys SET confirm = '' WHERE id = ?", array($row[0]));
return true;
}

10
public_html/index.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

10
public_html/language/english.php
View File

@ -1,22 +1,22 @@
<?php
/*
gpg-mailgate
lacre
This file is part of the gpg-mailgate source code.
This file is part of the lacre source code.
gpg-mailgate is free software: you can redistribute it and/or modify
lacre is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gpg-mailgate source code is distributed in the hope that it will be useful,
lacre source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
*/

48
schema.sql
View File

@ -1,10 +1,50 @@
-- confirm is empty once an email address has been confirmed, and otherwise is the confirmation key
-- status
-- lacre
--
-- This file is part of the lacre source code.
--
-- lacre is free software: you can redistribute it and/or modify it under the
-- terms of the GNU General Public License as published by the Free Software
-- Foundation, either version 3 of the License, or (at your option) any later
-- version.
--
-- lacre source code is distributed in the hope that it will be useful, but
-- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-- more details.
--
-- You should have received a copy of the GNU General Public License along
-- with lacre source code. If not, see <http://www.gnu.org/licenses/>.
-- confirm is empty once an email address has been confirmed, and otherwise is
-- the confirmation key status
-- initializes to 0
-- is set to 1 after a public key with (confirm='', status=0) has been imported
-- is set to 2 if a key should be deleted (will be deleted based on email address)
-- publickey is the ASCII-armored PGP public key; can be cleared to save space if status > 0
CREATE TABLE gpgmw_keys (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, email VARCHAR(256), publickey TEXT, confirm VARCHAR(32), status INT NOT NULL DEFAULT 0, time TIMESTAMP DEFAULT CURRENT_TIMESTAMP);
CREATE TABLE lacre_keys (
id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
email VARCHAR(256),
publickey TEXT,
confirm VARCHAR(32),
status INT NOT NULL DEFAULT 0,
time TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- see include/lock.php for documentation
CREATE TABLE gpgmw_locks (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(16), time INT, action VARCHAR(16), num INT);
CREATE TABLE lacre_locks (
id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
ip VARCHAR(16),
time INT,
action VARCHAR(16),
num INT
);
-- GnuPG identities known to lacre.
--
-- This table can be used instead of the file-based key store (pubring.kbx).
-- Set lacre configuration option [keyring]type to 'database' to use this
-- table.
CREATE TABLE lacre_identities (
email VARCHAR (256) NOT NULL PRIMARY KEY,
fingerprint VARCHAR (64) NOT NULL
);