From: <hol...@us...> - 2012-12-01 16:43:14
|
Revision: 44153 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=44153&view=rev Author: hollmeer Date: 2012-12-01 16:43:07 +0000 (Sat, 01 Dec 2012) Log Message: ----------- Altered Tiki OpenPGP implementation for PGP/MIME compliant emails, notifications, and newsletters, to use configurable preferences in Admin->Security->OpenPGP tab. Tested and working in tiki 11 SVN. Modified Paths: -------------- trunk/lib/mail/maillib.php trunk/lib/openpgp/openpgplib.php trunk/lib/webmail/htmlMimeMail.php trunk/messu-compose.php trunk/templates/admin/include_security.tpl trunk/tiki-setup.php Added Paths: ----------- trunk/lib/prefs/openpgp.php Modified: trunk/lib/mail/maillib.php =================================================================== --- trunk/lib/mail/maillib.php 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/lib/mail/maillib.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -87,9 +87,7 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION PREPARATION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION require_once('lib/openpgp/OpenPGP_Zend_Mail_Transport_Smtp.php'); require_once('lib/openpgp/OpenPGP_Zend_Mail.php'); @@ -119,9 +117,8 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION PREPARATION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + global $prefs; + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION return new OpenPGP_Zend_Mail('UTF-8'); } else { Modified: trunk/lib/openpgp/openpgplib.php =================================================================== --- trunk/lib/openpgp/openpgplib.php 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/lib/openpgp/openpgplib.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -28,9 +28,13 @@ // into lib/openpgp/ per now. No patches needed anymore // into ZF to enable 100% PGP/MIME encryption. // v0.11 -// 201411-04 hollmeer: Protected function naming to _xxxx +// 2014-11-04 hollmeer: Protected function naming to _xxxx +// v0.12 +// 2014-12-01 hollmeer: Changed all OpenGPG functionality configuration to use +// preferences // // +// ///////////////////////////////////////////////////////////////////////////// @@ -59,7 +63,7 @@ * @var string * @access public */ - public $EOL = "\n"; + private $EOL = "\n"; /** @@ -67,35 +71,35 @@ * @var string * @access protected */ - protected $_gpg_path; + private $_gpg_path; /** * Full path to keyring directory * @var string * @access protected */ - protected $_gpg_home; + private $_gpg_home; /** * gpg signer idfile * @var string * @access protected */ - protected $_gpg_sgn_id; + private $_gpg_sgn_id; /** - * gpg signer passfile + * gpg signer passphrase * @var string * @access protected */ - protected $_gpg_sgn_passfile; + private $_gpg_sgn_passphrase; /** * gpg signer full passfile path * @var string * @access protected */ - protected $_gpg_sgn_passfile_path; + private $_gpg_sgn_passfile_path; /** * gpg trust @@ -104,7 +108,7 @@ * @var string * @access protected */ - protected $_gpg_trust; + private $_gpg_trust; /** * Constructor function. Set initial defaults. @@ -113,11 +117,16 @@ { global $prefs,$tiki_p_admin; - $this->_gpg_path = '/usr/bin/gpg'; - $this->_gpg_home = '/home/www/.gnupg/'; + $this->_gpg_path = $prefs['openpgp_gpg_path']; + $this->_gpg_home = $prefs['openpgp_gpg_home']; $this->_gpg_sgn_id = $prefs['sender_email']; - $this->_gpg_sgn_passfile = 'signerpass'; - $this->_gpg_sgn_passfile_path = $this->_gpg_home.'/signer/'.$this->_gpg_sgn_passfile; + if ($prefs['openpgp_gpg_signer_passphrase_store'] == 'file') { + $this->_gpg_sgn_passfile_path = $prefs['openpgp_gpg_signer_passfile']; + $this->_gpg_sgn_passphrase = ''; + } else { + $this->_gpg_sgn_passfile_path = ''; + $this->_gpg_sgn_passphrase = $prefs['openpgp_gpg_signer_passphrase']; + } $this->_gpg_trust = ''; $this->setCrlf(); @@ -137,194 +146,7 @@ } } - function set_gpg_home($gpg_home = '/home/www/.gnupg') - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - - ////////////////////////////////////////////////////////////////////////////// - // sanity check - make sure "$gpg_home" is pointing to a directory - if (!is_dir($_gpg_home)) { - $error_msg = 'gpg homedir is not a directory: "'.$gpg_home.'"'; - trigger_error($error_msg, E_USER_ERROR); - // if an error message directs you to the line above please - // double check that your full path to the .gnupg directory is correct - die(); - } else { - $this->_gpg_home = $gpg_home; - } - - } - /** - * Get full path to gpg_home - * - * @access public - * @return string - */ - function get_gpg_home() - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - return $this->_gpg_home; - } - - /** - * Set full path to gpg executable - * - * @param string $gpg_path - * @access public - * @return void - */ - function set_gpg_path($gpg_path = '/usr/bin/gpg') - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - - //////////////////////////////////////////////////////////////////////////////////////// - // sanity check - make sure "$gpg_path" is pointing to an executable program - if (!is_executable($gpg_path)) { - $error_msg = 'gpg is not executable: "'.$gpg_path.'" :: or you may need to comment out this sanity check - see the source'; - trigger_error($error_msg, E_USER_ERROR); - // if an error message directs you to the line above please - // double check that your full path to gpg is correct - // //////////////////////////////////////////////////////////////////////////////////////////// - // it has been reported that some (older) configurations of php will choke on this sanity check - // if this is causing an error, try to comment out this test - die(); - } else { - $this->_gpg_path = $gpg_path; - } - } - - /** - * Get full path to gpg - * - * @access public - * @return string - */ - function get_gpg_path() - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - return $this->_gpg_path; - } - - /** - * Set signer ID string - * - * @param string $gpg_sgn_id - * @access public - * @return void - */ - function set_gpg_sgn_id($gpg_sgn_id = '') - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - - ////////////////////////////////////////////////////////////////////////////// - // sanity check - make sure "$gpg_sgn_id" is pointing to a valid signer-capable keypair in keyring - if ($gpg_sgn_id != '') { - //TODO: test from keyring - $success = false; -// $success = this->check_sgn_id($gpg_sgn_id); - if ($success) { - $this->_gpg_sgn_id = $gpg_sgn_id; - } else { - $error_msg = 'gpg signer id is not found from the keyring: "'.$gpg_sgn_id.'"'; - trigger_error($error_msg, E_USER_ERROR); - // if an error message directs you to the line above please - // double check that your signer private-key is imported into keyring and/or the id is correct - die(); - } - } else { - // take sender_email as default - //TODO: add check if present in keyring... - $this->_gpg_sgn_id = $prefs['sender_email']; - } - - } - - /** - * Get signer ID string - * - * @access public - * @return string - */ - function get_gpg_sgn_id() - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - return $this->_gpg_sgn_id; - } - - /** - * Set signer passfile string - * - * @param string $gpg_sgn_passfile - * @access public - * @return void - */ - function set_gpg_sgn_passfile($gpg_sgn_passfile = '') - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - - ////////////////////////////////////////////////////////////////////////////// - // sanity check - make sure "$gpg_sgn_passfile" is pointing to a valid signerpass file - if ($gpg_sgn_passfile != '') { - //TODO: test file and if signing ok - $success = false; -//TODO: $success = this->check_sgn_passfile($gpg_sgn_passfile); - if ($success) { - $this->_gpg_sgn_passfile = $gpg_sgn_passfile; - $this->_gpg_sgn_passfile_path = $this->_gpg_home.'/signer/'.$this->_gpg_sgn_passfile; - } else { - $error_msg = 'gpg signer passfile is not found or not capable to sign: "'.$gpg_sgn_passfile.'"'; - trigger_error($error_msg, E_USER_ERROR); - // if an error message directs you to the line above please - // double check that your signer passfile if ok, dir/file access perms are ok, and/or the passphrase is ok - die(); - } - } else { - // take "signerpass" as default - //TODO: test file and if signing ok - $this->_gpg_sgn_passfile = 'signerpass'; - $this->_gpg_sgn_passfile_path = $this->_gpg_home.'/signer/'.$this->_gpg_sgn_passfile; - } - - } - - /** - * Get signer passfile string - * - * @access public - * @return string - */ - function get_gpg_sgn_passfile() - { - - global $tiki_p_admin; - - if (!$tiki_p_admin) die; - return $this->_gpg_sgn_passfile; - } - - /** * Gnupg version check; sets internal variable once * * @access protected @@ -507,6 +329,8 @@ function gpg_encrypt() { + global $prefs; + ////////////////////////////////////////////////////////// // sanity check - make sure there are at least 2 arguments // any extra arguments are considered to be additional key IDs @@ -545,7 +369,10 @@ /////////////////////////////// // open the GnuPG process and get the reply - $commandline = $this->_gpg_path + $commandline = ''; + if ($prefs['openpgp_gpg_signer_passphrase_store'] == 'file') { + // get signer-key passphrase from a file + $commandline .= $this->_gpg_path .' --no-random-seed-file' .' --homedir '.$this->_gpg_home .' '.$this->_gpg_trust @@ -554,6 +381,18 @@ .' --passphrase-file '.$this->_gpg_sgn_passfile_path .' -sea '.$gpg_recipient_list .' '; + } else { + // get signer-key passphrase from preferences + $commandline .= $this->_gpg_path + .' --no-random-seed-file' + .' --homedir '.$this->_gpg_home + .' '.$this->_gpg_trust + .' --batch' + .' --local-user '.$this->_gpg_sgn_id + .' --passphrase '.$this->_gpg_sgn_passphrase + .' -sea '.$gpg_recipient_list + .' '; + } $ret = $this->_gpg_exec_proc($commandline, $gpg_secret_message); unset($gpg_args, Added: trunk/lib/prefs/openpgp.php =================================================================== --- trunk/lib/prefs/openpgp.php (rev 0) +++ trunk/lib/prefs/openpgp.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -0,0 +1,59 @@ +<?php +// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project +// +// All Rights Reserved. See copyright.txt for details and a complete list of authors. +// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. + + +function prefs_openpgp_list() +{ + return array( + 'openpgp_gpg_pgpmimemail' => array( + 'name' => tra('PGP/MIME encrypted email messaging'), + 'description' => tra('Use OpenPGP PGP/MIME compliant encrypted email messaging (default is \'n\' ). All email-messaging/notifications/newsletters are sent as PGP/MIME-encrypted messages, signed with the signer-key, and are completely 100% opaque to outsiders. All user accounts need to be properly configured into gnupg keyring with public-keys related to their tiki-account-related email-addresses.'), + 'type' => 'flag', + 'default' => 'n', + 'warning' => tra('Enable only if gpg, keyring, and tikiaccounts are properly configured for PGP/MIME functionality. NOTE: Requires that all accounts have their public-keys configured into gnupg-keyring, so do not allow non-administred registrations (or e.g. non-configured emails for newsletters etc) to site if this feature turned on.'), + ), + 'openpgp_gpg_home' => array( + 'name' => tra('Path to gnupg keyring'), + 'description' => tra('Full directory path to gnupg keyring (default /home/www/.gnupg/ ). The directory, related subdirectories (e.g. a subdirectory \'signer\'), and files must have proper permissions for tiki to access/read the directories/files, and create/delete necessary temporary workfiles there.'), + 'type' => 'text', + 'size' => 60, + 'filter' => 'text', + 'default' => '/home/www/.gnupg/', + ), + 'openpgp_gpg_path' => array( + 'name' => tra('Path to gpg executable'), + 'description' => tra('Full path to gpg executable (default /usr/bin/gpg ).'), + 'type' => 'text', + 'size' => 60, + 'filter' => 'text', + 'default' => '/usr/bin/gpg', + ), + 'openpgp_gpg_signer_passphrase_store' => array( + 'name' => tra('Read signer passphase from prefs or from a file'), + 'description' => tra('Read GnuPG signer passphase from preferences or from a file (default is \'file\' ). With file option, configure other preference for the full path including the filename of the file containing the GnuPG signer private-key passphrase.'), + 'type' => 'list', + 'options' => array( + 'preferences' => tra('preferences'), + 'file' => tra('file'), + ), + 'default' => 'preferences', + ), + 'openpgp_gpg_signer_passphrase' => array( + 'name' => tra('Signer passphrase'), + 'description' => tra('GnuPG signer private-key passphrase (default is empty string). Define passphrase either here or in a signer passphrase file (leave empty if read from file).'), + 'type' => 'text', + 'size' => 60, + 'default' => '', + ), + 'openpgp_gpg_signer_passfile' => array( + 'name' => tra('Path to signer passphase filename'), + 'description' => tra('Full path including the filename of the file containing the GnuPG signer private-key passphrase (default /home/www/.gnupg/signer/signerpass ). The directory and file must have proper permissions for tiki to access/read the signer passphrase file.'), + 'type' => 'text', + 'size' => 60, + 'default' => '/home/www/.gnupg/signer/signerpass', + ), + ); +} Modified: trunk/lib/webmail/htmlMimeMail.php =================================================================== --- trunk/lib/webmail/htmlMimeMail.php 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/lib/webmail/htmlMimeMail.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -327,9 +327,8 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION PREPARATION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + global $prefs; + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION global $openpgplib; // prepend original subject from headers into text body @@ -356,9 +355,8 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION PREPARATION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + global $prefs; + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION global $openpgplib; // prepend original subject from headers into text body @@ -771,9 +769,8 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + global $prefs; + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION global $openpgplib; $pgpmime_msg = $openpgplib->prepareEncryptWithMailSender($headers, @@ -799,9 +796,7 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION $result = mail($to, $subject, $this->output, $pgp_mime_headers, $additional_parameters); } else { @@ -816,9 +811,7 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION $result = mail($to, $subject, $this->output, $pgp_mime_headers); } else { @@ -891,9 +884,8 @@ // hollmeer 2012-11-03: ADDED PGP/MIME ENCRYPTION // // USING lib/openpgp/opepgplib.php // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + global $prefs; + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION global $openpgplib; $pgpmime_msg = $openpgplib->prepareEncryptWithSmtpSender($headers, Modified: trunk/messu-compose.php =================================================================== --- trunk/messu-compose.php 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/messu-compose.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -158,9 +158,7 @@ // // // get publickey armor block for email // // // - // get from globals (set in tiki-setup.php) - global $use_pgpmime_mail; - if ($use_pgpmime_mail) { + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { global $openpgplib; $aux_pgpmime_content = $openpgplib->getPublickeyArmorBlock($_REQUEST['priority'], $_REQUEST['to'], $_REQUEST['cc']); $prepend_email_body = $aux_pgpmime_content[0]; @@ -176,7 +174,7 @@ // A changed encryption-related version was copied from lib/messu/messulib.pgp // // into lib/openpgp/openpgplib.php for prepending/appending content into // // message body // - if ($use_pgpmime_mail) { + if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // USE PGP/MIME MAIL VERSION $result = $openpgplib->post_message_with_pgparmor_attachment( $a_user, Modified: trunk/templates/admin/include_security.tpl =================================================================== --- trunk/templates/admin/include_security.tpl 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/templates/admin/include_security.tpl 2012-12-01 16:43:07 UTC (rev 44153) @@ -120,7 +120,34 @@ </fieldset> {/tab} - + {tab name="{tr}OpenPGP{/tr}"} + <fieldset> + <legend>{tr}OpenPGP fuctionality for PGP/MIME encrypted email messaging{/tr}</legend> + {remarksbox type="tip" title="{tr}Note{/tr}"} + {tr}Experimental OpenPGP fuctionality for PGP/MIME encrypted email messaging.{/tr}<br><br> + {tr}All email-messaging/notifications/newsletters are sent as PGP/MIME-encrypted messages, signed with the signer-key, and are completely 100% opaque to outsiders. All user accounts need to be properly configured into gnupg keyring with public-keys related to their tiki-account-related email-addresses.{/tr} + {/remarksbox} + {preference name=openpgp_gpg_pgpmimemail} + <div class="adminoptionboxchild" id="openpgp_gpg_pgpmimemail_childcontainer"> + {preference name=openpgp_gpg_home} + {preference name=openpgp_gpg_path} + {preference name=openpgp_gpg_signer_passphrase_store} + <div class="adminoptionboxchild openpgp_gpg_signer_passphrase_store_childcontainer preferences"> + {preference name=openpgp_gpg_signer_passphrase} + <br /><em>{tr}If you use preferences option for the signer passphrase, clear the file option just for security{/tr}</em> + </div> + <div class="adminoptionboxchild openpgp_gpg_signer_passphrase_store_childcontainer file"> + {preference name=openpgp_gpg_signer_passfile} + <br /><em>{tr}If you use file for the signer passphrase, clear the preferences option just for security{/tr}</em> + </div> + {remarksbox type="tip" title="{tr}Note{/tr}"} + {tr}The email of preference <a href="tiki-admin.php?page=general&alt=General">'sender_email'</a> is used as signer key ID, and it must have both private and public key in the gnupg keyring.{/tr} + {/remarksbox} + </div> + </fieldset> + + {/tab} + {/tabset} <div class="input_submit_container" style="margin-top: 5px; text-align: center"> Modified: trunk/tiki-setup.php =================================================================== --- trunk/tiki-setup.php 2012-12-01 16:25:01 UTC (rev 44152) +++ trunk/tiki-setup.php 2012-12-01 16:43:07 UTC (rev 44153) @@ -589,12 +589,12 @@ // ** IMPORTANT NOTE: ** // // ** USE THE GLOBAL VARIABLE BELOW TO CONTROL THE VERSION OF EMAIL ** // // ** WHICH IS USED: ** // -// ** $use_pgpmime_mail = true; ** // +// ** $prefs['openpgp_gpg_pgpmimemail'] == 'y' ** // // ** USE TIKI OpenPGP Enabled PGP/MIME-standard mail ** // -// ** $use_pgpmime_mail = false; ** // +// ** $prefs['openpgp_gpg_pgpmimemail'] == 'n' ** // // ** USE TIKI normal mail functionality ** // // ** ** // -// ** SETTING THIS GLOBAL VARIABLE TO "true" NEED PROPER ** // +// ** SETTING THIS PREFERENCES VARIABLE TO "y" NEED PROPER ** // // ** CONFIGURATION OF gnupg AND RELATED KEYRING WITH PROPERLY ** // // ** CONFIGURED TIKI-SENDER KEYPAIR (PRIVATE/PUBLIC) AND ALL USER ** // // ** ACCOUNT-RELATED PUBLIC KEYS ** // @@ -620,8 +620,7 @@ // ** IT IS ASSUMED, THAT IF AND WHEN YOU TURN SUCH PGP/MIME ON ** // // ** YOU ARE FULLY AWARE OF THE REQUIREMENTS AND CONSEQUENCES. ** // // ** ** // -static $use_pgpmime_mail = false; // NOTE: TURN true WITH YOUR RISK! -if ($use_pgpmime_mail) { +if ($prefs['openpgp_gpg_pgpmimemail'] == 'y') { // hollmeer 2012-11-03: // TURNED ON openPGP support from a lib based class require_once( 'lib/openpgp/openpgplib.php' ); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |