# HG changeset patch # User Kevin McCarthy # Date 1423248575 28800 # Fri Feb 06 10:49:35 2015 -0800 # Node ID 44a0805f0053ac7300ec25f23e146d3f1d4b234f # Parent 5e7d9353476447940b9118254d812a1eb4c24359 Add a security bit to the message for oppenc mode. This allows oppenc to be enabled/disabled on a message level. If something initially enables encryption, such as crypt_autoencrypt or crypt_replyencrypt, oppenc is turned off for the message. Change the postpone/resume code to persist the oppenc bit. Also change resend message to enable and invoke oppenc if the option is set. diff --git a/crypt.c b/crypt.c --- a/crypt.c +++ b/crypt.c @@ -768,18 +768,17 @@ void crypt_opportunistic_encrypt(HEADER *msg) { char *pgpkeylist = NULL; if (!WithCrypto) return; - /* crypt_autoencrypt should override crypt_opportunistic_encrypt */ - if (option (OPTCRYPTAUTOENCRYPT)) + if (! (option (OPTCRYPTOPPORTUNISTICENCRYPT) && (msg->security & OPPENCRYPT)) ) return; crypt_get_keys (msg, &pgpkeylist, 1); if (pgpkeylist != NULL ) { msg->security |= ENCRYPT; FREE (&pgpkeylist); } diff --git a/mutt.h b/mutt.h --- a/mutt.h +++ b/mutt.h @@ -700,18 +700,18 @@ } BODY; /* #3279: AIX defines conflicting struct thread */ typedef struct mutt_thread THREAD; typedef struct header { - unsigned int security : 11; /* bit 0-6: flags, bit 7,8: application. - see: crypt.h pgplib.h, smime.h */ + unsigned int security : 12; /* bit 0-8: flags, bit 9,10: application. + see: mutt_crypt.h pgplib.h, smime.h */ unsigned int mime : 1; /* has a MIME-Version header? */ unsigned int flagged : 1; /* marked important? */ unsigned int tagged : 1; unsigned int deleted : 1; unsigned int changed : 1; unsigned int attach_del : 1; /* has an attachment marked for deletion */ unsigned int old : 1; diff --git a/mutt_crypt.h b/mutt_crypt.h --- a/mutt_crypt.h +++ b/mutt_crypt.h @@ -34,21 +34,22 @@ #define ENCRYPT (1 << 0) #define SIGN (1 << 1) #define GOODSIGN (1 << 2) #define BADSIGN (1 << 3) #define PARTSIGN (1 << 4) #define SIGNOPAQUE (1 << 5) #define KEYBLOCK (1 << 6) /* KEY too generic? */ #define INLINE (1 << 7) +#define OPPENCRYPT (1 << 8) /* Opportunistic encrypt mode */ -#define APPLICATION_PGP (1 << 8) -#define APPLICATION_SMIME (1 << 9) +#define APPLICATION_PGP (1 << 9) +#define APPLICATION_SMIME (1 << 10) -#define PGP_TRADITIONAL_CHECKED (1 << 10) +#define PGP_TRADITIONAL_CHECKED (1 << 11) #define PGPENCRYPT (APPLICATION_PGP | ENCRYPT) #define PGPSIGN (APPLICATION_PGP | SIGN) #define PGPGOODSIGN (APPLICATION_PGP | GOODSIGN) #define PGPKEY (APPLICATION_PGP | KEYBLOCK) #define PGPINLINE (APPLICATION_PGP | INLINE) #define SMIMEENCRYPT (APPLICATION_SMIME | ENCRYPT) diff --git a/postpone.c b/postpone.c --- a/postpone.c +++ b/postpone.c @@ -399,16 +399,20 @@ #endif else { last = tmp; tmp = tmp->next; } } + + if (option (OPTCRYPTOPPORTUNISTICENCRYPT)) + crypt_opportunistic_encrypt (hdr); + return (code); } int mutt_parse_crypt_hdr (const char *p, int set_empty_signas, int crypt_app) { char smime_cryptalg[LONG_STRING] = "\0"; @@ -424,16 +428,21 @@ switch (*p) { case 'e': case 'E': flags |= ENCRYPT; break; + case 'o': + case 'O': + flags |= OPPENCRYPT; + break; + case 's': case 'S': flags |= SIGN; q = sign_as; if (*(p+1) == '<') { for (p += 2; diff --git a/send.c b/send.c --- a/send.c +++ b/send.c @@ -1084,17 +1084,38 @@ } int mutt_resend_message (FILE *fp, CONTEXT *ctx, HEADER *cur) { HEADER *msg = mutt_new_header (); if (mutt_prepare_template (fp, ctx, msg, cur, 1) < 0) return -1; - + + if (WithCrypto) + { + /* mutt_prepare_template doesn't always flip on an application bit. + * so fix that here */ + if (!(msg->security & (APPLICATION_SMIME | APPLICATION_PGP))) + { + if ((WithCrypto & APPLICATION_SMIME) && option (OPTSMIMEISDEFAULT)) + msg->security |= APPLICATION_SMIME; + else if (WithCrypto & APPLICATION_PGP) + msg->security |= APPLICATION_PGP; + else + msg->security |= APPLICATION_SMIME; + } + + if (option (OPTCRYPTOPPORTUNISTICENCRYPT)) + { + msg->security |= OPPENCRYPT; + crypt_opportunistic_encrypt(msg); + } + } + return ci_send_message (SENDRESEND, msg, NULL, ctx, cur); } static int is_reply (HEADER *reply, HEADER *orig) { return mutt_find_list (orig->env->references, reply->env->message_id) || mutt_find_list (orig->env->in_reply_to, reply->env->message_id); } @@ -1512,17 +1533,25 @@ else if ((WithCrypto & APPLICATION_SMIME) && option (OPTCRYPTAUTOSMIME)) msg->security |= APPLICATION_SMIME; } } /* opportunistic encrypt relys on SMIME or PGP already being selected */ if (option (OPTCRYPTOPPORTUNISTICENCRYPT)) { - crypt_opportunistic_encrypt(msg); + /* If something has already enabled encryption, e.g. OPTCRYPTAUTOENCRYPT + * or OPTCRYPTREPLYENCRYPT, then don't enable opportunistic encrypt for + * the message. + */ + if (! (msg->security & ENCRYPT)) + { + msg->security |= OPPENCRYPT; + crypt_opportunistic_encrypt(msg); + } } /* No permissible mechanisms found. Don't sign or encrypt. */ if (!(msg->security & (APPLICATION_SMIME|APPLICATION_PGP))) msg->security = 0; } /* specify a default fcc. if we are in batchmode, only save a copy of diff --git a/sendlib.c b/sendlib.c --- a/sendlib.c +++ b/sendlib.c @@ -2765,16 +2765,18 @@ /* (postponment) if the mail is to be signed or encrypted, save this info */ if ((WithCrypto & APPLICATION_PGP) && post && (hdr->security & APPLICATION_PGP)) { fputs ("X-Mutt-PGP: ", msg->fp); if (hdr->security & ENCRYPT) fputc ('E', msg->fp); + if (hdr->security & OPPENCRYPT) + fputc ('O', msg->fp); if (hdr->security & SIGN) { fputc ('S', msg->fp); if (PgpSignAs && *PgpSignAs) fprintf (msg->fp, "<%s>", PgpSignAs); } if (hdr->security & INLINE) fputc ('I', msg->fp); @@ -2786,16 +2788,18 @@ && post && (hdr->security & APPLICATION_SMIME)) { fputs ("X-Mutt-SMIME: ", msg->fp); if (hdr->security & ENCRYPT) { fputc ('E', msg->fp); if (SmimeCryptAlg && *SmimeCryptAlg) fprintf (msg->fp, "C<%s>", SmimeCryptAlg); } + if (hdr->security & OPPENCRYPT) + fputc ('O', msg->fp); if (hdr->security & SIGN) { fputc ('S', msg->fp); if (SmimeDefaultKey && *SmimeDefaultKey) fprintf (msg->fp, "<%s>", SmimeDefaultKey); } if (hdr->security & INLINE) fputc ('I', msg->fp); fputc ('\n', msg->fp);