Merge pull request 'Add identity table' (#11) from identity-table into main

Reviewed-on: #11

README.md

@@ -2,6 +2,8 @@ Lacre Webgate
 --------------
 This is Lacre's simple php based frontend. It has been forked from [gpg-mailgate](https://github.com/fkrone/gpg-mailgate) project and it is a continuation of the original work. Special thanks to all those who have contributed to amazing work of gpg-mailgate-web and those who are willing to contribute to Lacre to improve security of email storage.
 
+For the backend, see [lacre](https://git.disroot.org/Disroot/gpg-lacre).
+
 Lacre-Webgate is a simple web interface designed to allow any web user to upload their PGP public key and then have all mail sent via your mail server be encrypted. (Note: this is not meant for email authentication, only encryption.)
 
 After submitting their key to a web form, the user will be required to confirm their email address. A cron script will register the public key with gpg-lacre (keyhome_only must be set to no currently, which is the default) after email confirmation. From then on, email to the specified address will be encrypted with the public key.
@@ -15,16 +17,16 @@ Note that all processing relating to the mail server is done via the cron script
 1. Installation instructions:
 Below instructions assume working gpg-Lacre setup (backend) as well as working web-server (eg. nginx+php8) and sql database (eg. mariadb).
   
-   1) Create a MySQL database for Lacre-Web.
+  1) Create a MySQL database for Lacre-Web.
     a) Schema file is located in schema.sql
     b) Database name and account goes in /etc/gpg-lacre.conf (and set enabled = yes)
-  3) Copy the contents of public_html to your web directory.
+  2) Copy the contents of public_html to your web directory.
-  4) Move config.sample.php to config.php and edit the configuration file.
+  3) Move config.sample.php to config.php and edit the configuration file.
-  5) Copy cron.py to /usr/local/bin/Lacre-web-cron.py and set up a cron job
+  4) Copy cron.py to /usr/local/bin/Lacre-web-cron.py and set up a cron job
-    ```    
+    ```
     */3 * * * * lacre /usr/bin/python /usr/local/bin/Lacre-web-cron.py > /dev/null
     ```
-  6) Ensure that cron is working and test your new Lacre-web installation!
+  5) Ensure that cron is working and test your new Lacre-web installation!
 
 2. Customization: 
 Lacre-Webgate allows for customization of css as well as templates. You can add your custom theme to `/themes/`. You can switch theme by adjusting `$config['site_theme']` in config.php` where the name is the theme's directory name. 

cron.py

@@ -1,22 +1,22 @@
 #!/usr/bin/python
 
 #
-#	gpg-mailgate
+#	lacre
 #
-#	This file is part of the gpg-mailgate source code.
+#	This file is part of the lacre source code.
 #
-#	gpg-mailgate is free software: you can redistribute it and/or modify
+#	lacre is free software: you can redistribute it and/or modify
 #	it under the terms of the GNU General Public License as published by
 #	the Free Software Foundation, either version 3 of the License, or
 #	(at your option) any later version.
 #
-#	gpg-mailgate source code is distributed in the hope that it will be useful,
+#	lacre source code is distributed in the hope that it will be useful,
 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 #	GNU General Public License for more details.
 #
 #	You should have received a copy of the GNU General Public License
-#	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+#	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 #
 
 from configparser import RawConfigParser
@@ -88,7 +88,7 @@ def define_db_schema():
 	return (gpgmw_keys)
 
 
-# Read configuration from /etc/gpg-mailgate.conf
+# Read configuration from /etc/lacre.conf
 conf.load_config()
 
 lacre.init_logging(conf.get_item('logging', 'config'))

public_html/config.default.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 
@@ -29,7 +29,7 @@
 $config['email_web'] = 'admin@example.com';
 
 //address to send emails from
-$config['email_from'] = 'gpg-mailgate-web@example.com';
+$config['email_from'] = 'lacre-web@example.com';
 
 //this will be used as the subject when a user requests to add a PGP key
 $config['email_subject_requestpgp'] = 'Confirm your email address';

public_html/confirm.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

public_html/include/common.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 
@@ -36,7 +36,7 @@ function includePath() {
 	return substr($self, 0, $lastSlash + 1);
 }
 
-//returns a relative path to the gpg-mailgate-web web root directory, without trailing slash
+//returns a relative path to the lacre-web web root directory, without trailing slash
 function basePath() {
 	$commonPath = __FILE__;
 	$requestPath = $_SERVER['SCRIPT_FILENAME'];

public_html/include/config.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

public_html/include/dbconnect.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

public_html/include/language.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

public_html/include/lock.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 
@@ -39,7 +39,7 @@ function checkLock($action) {
 
 	$ip = $_SERVER['REMOTE_ADDR'];
 
-	$result = databaseQuery("SELECT id, time, num FROM gpgmw_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
+	$result = databaseQuery("SELECT id, time, num FROM lacre_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
 	if($row = $result->fetch()) {
 		$id = $row['id'];
 		$time = $row['time'];
@@ -76,7 +76,7 @@ function lockAction($action) {
 	$replace_id = -1;
 
 	//first find records with ip/action
-	$result = databaseQuery("SELECT id, time, num FROM gpgmw_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
+	$result = databaseQuery("SELECT id, time, num FROM lacre_locks WHERE ip = ? AND action = ?", array($ip, $action), true);
 	if($row = $result->fetch()) {
 		$id = $row['id'];
 		$time = $row['time'];
@@ -92,10 +92,10 @@ function lockAction($action) {
 				//increase the count; maybe initiate an OVERLOAD
 				$count = $count + 1;
 				if($count >= $lock_count_overload[$action]) {
-					databaseQuery("UPDATE gpgmw_locks SET num = '-1', time = ? WHERE ip = ?", array(time(), $ip));
+					databaseQuery("UPDATE lacre_locks SET num = '-1', time = ? WHERE ip = ?", array(time(), $ip));
 					return false;
 				} else {
-					databaseQuery("UPDATE gpgmw_locks SET num = ?, time = ? WHERE ip = ?", array($count, time(), $ip));
+					databaseQuery("UPDATE lacre_locks SET num = ?, time = ? WHERE ip = ?", array($count, time(), $ip));
 				}
 			}
 		} else {
@@ -107,16 +107,16 @@ function lockAction($action) {
 			}
 		}
 	} else {
-		databaseQuery("INSERT INTO gpgmw_locks (ip, time, action, num) VALUES (?, ?, ?, '1')", array($ip, time(), $action));
+		databaseQuery("INSERT INTO lacre_locks (ip, time, action, num) VALUES (?, ?, ?, '1')", array($ip, time(), $action));
 	}
 
 	if($replace_id != -1) {
-		databaseQuery("UPDATE gpgmw_locks SET num = '1', time = ? WHERE id = ?", array(time(), $replace_id));
+		databaseQuery("UPDATE lacre_locks SET num = '1', time = ? WHERE id = ?", array(time(), $replace_id));
 	}
 
 	//some housekeeping
 	$delete_time = time() - $lock_time_max;
-	databaseQuery("DELETE FROM gpgmw_locks WHERE time <= ?", array($delete_time));
+	databaseQuery("DELETE FROM lacre_locks WHERE time <= ?", array($delete_time));
 
 	return true;
 }

public_html/include/pgp.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 
@@ -42,17 +42,17 @@ function requestPGP($email, $key) {
 	}
 
 	//housekeeping
-	databaseQuery("DELETE FROM gpgmw_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
+	databaseQuery("DELETE FROM lacre_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
 
 	//if we already have an unaccepted key for this user, only replace if one day has elapsed since the last request
 	// this may prevent spam
-	$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM gpgmw_keys WHERE email = ? AND status = 0", array($email));
+	$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM lacre_keys WHERE email = ? AND status = 0", array($email));
 
 	if($row = $result->fetch()) {
 		if($row[0] < 24) {
 			return $lang['submit_error_alreadyqueue'];
 		} else {
-			databaseQuery('DELETE FROM gpgmw_keys WHERE id = ?', array($row[1]));
+			databaseQuery('DELETE FROM lacre_keys WHERE id = ?', array($row[1]));
 		}
 	}
 
@@ -75,7 +75,7 @@ function requestPGP($email, $key) {
 		return $lang['submit_error_emailfail'];
 	}
 
-	databaseQuery("INSERT INTO gpgmw_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
+	databaseQuery("INSERT INTO lacre_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
 	return true;
 }
 
@@ -87,10 +87,10 @@ function confirmPGP($email, $confirm) {
 		return false;
 	}
 
-	$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
+	$result = databaseQuery("SELECT id FROM lacre_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
 
 	if($row = $result->fetch()) {
-		databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
+		databaseQuery("UPDATE lacre_keys SET confirm = '' WHERE id = ?", array($row[0]));
 		return true;
 	}
 

public_html/index.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

public_html/language/english.php

@@ -1,22 +1,22 @@
 <?php
 /*
 
-	gpg-mailgate
+	lacre
 
-	This file is part of the gpg-mailgate source code.
+	This file is part of the lacre source code.
 
-	gpg-mailgate is free software: you can redistribute it and/or modify
+	lacre is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 
-	gpg-mailgate source code is distributed in the hope that it will be useful,
+	lacre source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 
 	You should have received a copy of the GNU General Public License
-	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+	along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
 
 */
 

schema.sql

@@ -1,10 +1,50 @@
--- confirm is empty once an email address has been confirmed, and otherwise is the confirmation key
+-- lacre
--- status
+--
+-- This file is part of the lacre source code.
+--
+-- lacre is free software: you can redistribute it and/or modify it under the
+-- terms of the GNU General Public License as published by the Free Software
+-- Foundation, either version 3 of the License, or (at your option) any later
+-- version.
+--
+-- lacre source code is distributed in the hope that it will be useful, but
+-- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+-- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+-- more details.
+--
+-- You should have received a copy of the GNU General Public License along
+-- with lacre source code. If not, see <http://www.gnu.org/licenses/>.
+
+-- confirm is empty once an email address has been confirmed, and otherwise is
+-- the confirmation key status
 --    initializes to 0
 --    is set to 1 after a public key with (confirm='', status=0) has been imported
 --    is set to 2 if a key should be deleted (will be deleted based on email address)
 -- publickey is the ASCII-armored PGP public key; can be cleared to save space if status > 0
-CREATE TABLE gpgmw_keys (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, email VARCHAR(256), publickey TEXT, confirm VARCHAR(32), status INT NOT NULL DEFAULT 0, time TIMESTAMP DEFAULT CURRENT_TIMESTAMP);
+CREATE TABLE lacre_keys (
+	id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
+	email VARCHAR(256),
+	publickey TEXT,
+	confirm VARCHAR(32),
+	status INT NOT NULL DEFAULT 0,
+	time TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
 
 -- see include/lock.php for documentation
-CREATE TABLE gpgmw_locks (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(16), time INT, action VARCHAR(16), num INT);
+CREATE TABLE lacre_locks (
+	id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
+	ip VARCHAR(16),
+	time INT,
+	action VARCHAR(16),
+	num INT
+);
+
+-- GnuPG identities known to lacre.
+--
+-- This table can be used instead of the file-based key store (pubring.kbx).
+-- Set lacre configuration option [keyring]type to 'database' to use this
+-- table.
+CREATE TABLE lacre_identities (
+	email VARCHAR (256) NOT NULL PRIMARY KEY,
+	fingerprint VARCHAR (64) NOT NULL
+);