From 76573685d953e89aa1e5c773ddb485af9845c8c9 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 11 Apr 2015 14:31:27 +0200 Subject: Enigma: Added user preferences to disable plugin features --- plugins/enigma/README | 2 +- plugins/enigma/config.inc.php.dist | 10 ++++++ plugins/enigma/enigma.php | 66 +++++++++++++++++++++++++++++++++-- plugins/enigma/lib/enigma_engine.php | 38 ++++++++++++++++---- plugins/enigma/localization/en_US.inc | 6 +++- 5 files changed, 111 insertions(+), 11 deletions(-) diff --git a/plugins/enigma/README b/plugins/enigma/README index fbc7bae2a..0566069ff 100644 --- a/plugins/enigma/README +++ b/plugins/enigma/README @@ -19,6 +19,7 @@ Implemented features: + PGP: Sending of encrypted/signed messages + PGP: keys management UI (keys import and delete) + Handling of PGP keys attached to incoming messages ++ User preferences to disable plugin features TODO (must have): ----------------- @@ -43,7 +44,6 @@ TODO (later): - Key server(s) support (search, import, upload, refresh) - Attaching public keys to email - Mark keys as trusted/untrasted, display appropriate message in verify/decrypt status -- User-preferences to disable signature verification, decrypting, encrypting or all enigma features - Change attachment icon on messages list for encrypted messages (like vcard_attachment plugin does) - Support for multi-server installations (store keys in sql database?) - Per-Identity settings (including keys/certs) diff --git a/plugins/enigma/config.inc.php.dist b/plugins/enigma/config.inc.php.dist index b58ce8bad..832f355b1 100644 --- a/plugins/enigma/config.inc.php.dist +++ b/plugins/enigma/config.inc.php.dist @@ -13,8 +13,18 @@ $config['enigma_smime_driver'] = 'phpssl'; // Must be writeable by PHP process $config['enigma_pgp_homedir'] = null; +// Enables signatures verification feature. +$config['enigma_signatures'] = true; + +// Enables messages decryption feature. +$config['enigma_decryption'] = true; + // Enable signing all messages by default $config['enigma_sign_all'] = false; // Enable encrypting all messages by default $config['enigma_encrypt_all'] = false; + +// Default for how long to store private key passwords (in minutes). +// When set to 0 passwords will be stored for the whole session. +$config['enigma_password_time'] = 5; diff --git a/plugins/enigma/enigma.php b/plugins/enigma/enigma.php index 10b8048c6..3b9aa0bb9 100644 --- a/plugins/enigma/enigma.php +++ b/plugins/enigma/enigma.php @@ -234,6 +234,44 @@ class enigma extends rcube_plugin $p['blocks']['main']['name'] = $this->gettext('mainoptions'); + if (!isset($no_override['enigma_signatures'])) { + if (!$p['current']) { + $p['blocks']['main']['content'] = true; + return $p; + } + + $field_id = 'rcmfd_enigma_signatures'; + $input = new html_checkbox(array( + 'name' => '_enigma_signatures', + 'id' => $field_id, + 'value' => 1, + )); + + $p['blocks']['main']['options']['enigma_signatures'] = array( + 'title' => html::label($field_id, $this->gettext('supportsignatures')), + 'content' => $input->show(intval($this->rc->config->get('enigma_signatures'))), + ); + } + + if (!isset($no_override['enigma_decryption'])) { + if (!$p['current']) { + $p['blocks']['main']['content'] = true; + return $p; + } + + $field_id = 'rcmfd_enigma_decryption'; + $input = new html_checkbox(array( + 'name' => '_enigma_decryption', + 'id' => $field_id, + 'value' => 1, + )); + + $p['blocks']['main']['options']['enigma_decryption'] = array( + 'title' => html::label($field_id, $this->gettext('supportdecryption')), + 'content' => $input->show(intval($this->rc->config->get('enigma_decryption'))), + ); + } + if (!isset($no_override['enigma_sign_all'])) { if (!$p['current']) { $p['blocks']['main']['content'] = true; @@ -272,6 +310,27 @@ class enigma extends rcube_plugin ); } + if (!isset($no_override['enigma_password_time'])) { + if (!$p['current']) { + $p['blocks']['main']['content'] = true; + return $p; + } + + $field_id = 'rcmfd_enigma_password_time'; + $select = new html_select(array('name' => '_enigma_password_time', 'id' => $field_id)); + + foreach (array(1, 5, 10, 15, 30) as $m) { + $label = $this->gettext(array('name' => 'nminutes', 'vars' => array('m' => $m))); + $select->add($label, $m); + } + $select->add($this->gettext('wholesession'), 0); + + $p['blocks']['main']['options']['enigma_password_time'] = array( + 'title' => html::label($field_id, $this->gettext('passwordtime')), + 'content' => $select->show(intval($this->rc->config->get('enigma_password_time'))), + ); + } + return $p; } @@ -287,8 +346,11 @@ class enigma extends rcube_plugin { if ($p['section'] == 'enigma') { $p['prefs'] = array( - 'enigma_sign_all' => intval(rcube_utils::get_input_value('_enigma_sign_all', rcube_utils::INPUT_POST)), - 'enigma_encrypt_all' => intval(rcube_utils::get_input_value('_enigma_encrypt_all', rcube_utils::INPUT_POST)), + 'enigma_signatures' => (bool) rcube_utils::get_input_value('_enigma_signatures', rcube_utils::INPUT_POST), + 'enigma_decryption' => (bool) rcube_utils::get_input_value('_enigma_decryption', rcube_utils::INPUT_POST), + 'enigma_sign_all' => intval(rcube_utils::get_input_value('_enigma_sign_all', rcube_utils::INPUT_POST)), + 'enigma_encrypt_all' => intval(rcube_utils::get_input_value('_enigma_encrypt_all', rcube_utils::INPUT_POST)), + 'enigma_password_time' => intval(rcube_utils::get_input_value('_enigma_password_time', rcube_utils::INPUT_POST)), ); } diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php index 6c5ee3cc9..0111d9388 100644 --- a/plugins/enigma/lib/enigma_engine.php +++ b/plugins/enigma/lib/enigma_engine.php @@ -26,15 +26,13 @@ class enigma_engine private $enigma; private $pgp_driver; private $smime_driver; + private $password_time; public $decryptions = array(); public $signatures = array(); public $signed_parts = array(); public $encrypted_parts = array(); - - const PASSWORD_TIME = 120; - const SIGN_MODE_BODY = 1; const SIGN_MODE_SEPARATE = 2; const SIGN_MODE_MIME = 3; @@ -51,8 +49,12 @@ class enigma_engine $this->rc = rcmail::get_instance(); $this->enigma = $enigma; + $this->password_time = $this->rc->config->get('enigma_password_time'); + // this will remove passwords from session after some time - $this->get_passwords(); + if ($this->password_time) { + $this->get_passwords(); + } } /** @@ -445,7 +447,9 @@ class enigma_engine // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { - $sig = $this->pgp_verify($body); + if ($this->rc->config->get('enigma_signatures', true)) { + $sig = $this->pgp_verify($body); + } } // @TODO: Handle big bodies using (temp) files @@ -495,6 +499,10 @@ class enigma_engine */ private function parse_pgp_signed(&$p) { + if (!$this->rc->config->get('enigma_signatures', true)) { + return; + } + // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $this->load_pgp_driver(); @@ -536,6 +544,10 @@ class enigma_engine { return; // @TODO + if (!$this->rc->config->get('enigma_signatures', true)) { + return; + } + // Verify signature if ($this->rc->action == 'show' || $this->rc->action == 'preview') { $this->load_smime_driver(); @@ -568,6 +580,10 @@ class enigma_engine */ private function parse_plain_encrypted(&$p, $body) { + if (!$this->rc->config->get('enigma_decryption', true)) { + return; + } + $this->load_pgp_driver(); $part = $p['structure']; @@ -642,6 +658,10 @@ class enigma_engine */ private function parse_pgp_encrypted(&$p) { + if (!$this->rc->config->get('enigma_decryption', true)) { + return; + } + $this->load_pgp_driver(); $struct = $p['structure']; @@ -682,6 +702,10 @@ class enigma_engine */ private function parse_smime_encrypted(&$p) { + if (!$this->rc->config->get('enigma_decryption', true)) { + return; + } + // $this->load_smime_driver(); } @@ -982,12 +1006,12 @@ class enigma_engine $config = @unserialize($config); } - $threshold = time() - self::PASSWORD_TIME; + $threshold = time() - $this->password_time; $keys = array(); // delete expired passwords foreach ((array) $config as $key => $value) { - if ($value[1] < $threshold) { + if ($pass_time && $value[1] < $threshold) { unset($config[$key]); $modified = true; } diff --git a/plugins/enigma/localization/en_US.inc b/plugins/enigma/localization/en_US.inc index d8e80a871..410a52e56 100644 --- a/plugins/enigma/localization/en_US.inc +++ b/plugins/enigma/localization/en_US.inc @@ -18,8 +18,13 @@ $labels['typekeypair'] = 'key pair'; $labels['keyattfound'] = 'This message contains attached PGP key(s).'; $labels['keyattimport'] = 'Import key(s)'; +$labels['supportsignatures'] = 'Enable message signatures verification'; +$labels['supportdecryption'] = 'Enable message decryption'; $labels['signdefault'] = 'Sign all messages by default'; $labels['encryptdefault'] = 'Encrypt all messages by default'; +$labels['passwordtime'] = 'Keep private key passwords for'; +$labels['nminutes'] = '$m minute(s)'; +$labels['wholesession'] = 'the whole session'; $labels['createkeys'] = 'Create a new key pair'; $labels['importkeys'] = 'Import key(s)'; @@ -32,7 +37,6 @@ $labels['keysend'] = 'Send public key in a message'; $labels['keychpass'] = 'Change password'; $labels['encryptionoptions'] = 'Encryption options...'; -$labels['identdefault'] = 'Use settings of selected identity'; $labels['encryptmsg'] = 'Encrypt this message'; $labels['signmsg'] = 'Digitally sign this message'; -- cgit v1.2.3