Revision: miles@gnu.org--gnu-2005/emacs--cvs-trunk--0--patch-668 Merge from gnus--rel--5.10 Patches applied: * gnus--rel--5.10 (patch 157-168) - Merge from emacs--cvs-trunk--0 - Update from CVS - Update from CVS: texi/message.texi: Fix default values. 2005-12-08 Reiner Steib <Reiner.Steib@gmx.de> * lisp/gnus/mm-decode.el (mm-discouraged-alternatives): Fix custom type. Suggest image/.* in the doc string. 2005-12-07 Katsumi Yamaoka <yamaoka@jpl.org> * lisp/gnus/mm-decode.el (mm-display-external): Use nametemplate (defined in RFC1524) if it is in mailcap or add a suffix according to mailcap-mime-extensions when generating a temp filename; postpone deleting a temp file for 2 seconds for some wrappers, shell scripts, and so on, which might exit right after having started a viewer command as a background job. 2005-12-06 Reiner Steib <Reiner.Steib@gmx.de> * lisp/gnus/gnus-art.el (gnus-default-article-saver): Add user-defined `function' to custom type. 2005-12-02 ARISAWA Akihiro <ari@mbf.ocn.ne.jp> (tiny change) * lisp/gnus/mm-view.el (mm-inline-text-html-render-with-w3m): Fix misplaced parens. 2005-11-29 Reiner Steib <Reiner.Steib@gmx.de> * lisp/gnus/gnus-cache.el (gnus-cache-rename-group): Wrap doc strings and long lines. (gnus-cache-delete-group): Wrap doc strings. * lisp/gnus/gnus-agent.el (gnus-agent-rename-group) (gnus-agent-delete-group): Wrap doc strings. 2005-11-24 Pascal Rigaux <pixel@mandriva.com> (tiny change) * lisp/gnus/rfc2231.el (rfc2231-parse-string): Support non-ascii chars. 2005-11-22 Katsumi Yamaoka <yamaoka@jpl.org> * lisp/gnus/nnmail.el (nnmail-fancy-expiry-target): Use current-time instead of current-time-string. 2005-11-20 Stefan Schimanski <schimmi@debian.org> (tiny change) * lisp/gnus/nnmail.el (nnmail-fancy-expiry-target): Protect against invalid date header. 2005-11-16 Boris Samorodov <bsam@ipt.ru> (tiny patch) * lisp/gnus/imap.el (imap-kerberos4-open): Ignore SSL stuff. 2005-11-14 Kevin Greiner <kevin.greiner@compsol.cc> * lisp/gnus/gnus-agent.el (gnus-agent-article-alist-save-format): Changed internal variable to a custom variable. Changed default value from compressed(2) to uncompressed(1). (gnus-agent-read-agentview): Reversed revision 7.8 to restore support for uncompressed agentview files. Taken together, reading the agentview file should now be 6-7 times faster. (gnus-agent-long-article, gnus-agent-short-article, gnus-agent-score): Renamed category keywords to match gnus-cus. (gnus-agent-summary-fetch-series): Modified to protect against gnus-agent-summary-fetch-group clearing processable flags. (gnus-agent-synchronize-group-flags): Update live group buffer as synchronization may occur due to the user toggling the plugged status. (gnus-agent-braid-nov): Now tests new nov entries for duplicates which are removed. The invalid sort check then triggers a rescan after the sort as sorting may have moved duplicate entries such that they can be cheaply detected. (gnus-agent-read-local): Trivial fix to format of error message to display actual error condition. (gnus-agent-save-local): Avoid saving symbols that are bound to nil as they simply result in a warning message in gnus-agent-read-local. (gnus-agent-fetch-group-1): Clear downloadable flag when article successfully downloaded. (gnus-agent-regenerate-group): Use gnus-agent-synchronize-group-flags to reset read status in both gnus and server. * lisp/gnus/nntp.el (nntp-end-of-line): Doc fix. (nntp-authinfo-rejected): New error condition. (nntp-wait-for): Use new error condition to signal authentication error. (nntp-retrieve-data): Rethrow new error condition to break out of recursive call to nntp-send-authinfo. 2005-11-13 Katsumi Yamaoka <yamaoka@jpl.org> * lisp/gnus/gnus-start.el (gnus-dribble-read-file): Use make-local-variable rather than make-variable-buffer-local for file-precious-flag. 2005-11-13 Katsumi Yamaoka <yamaoka@jpl.org> * lisp/gnus/gnus-start.el (gnus-dribble-read-file): Quote file-precious-flag. 2005-11-11 Jan Nieuwenhuizen <janneke@gnu.org> * lisp/gnus/gnus-start.el (gnus-dribble-read-file): Set file-precious-flag, as a buffer-local variable. This avoids creating truncated dribble files as a result of a hang up, eg. 2005-11-04 Ken Manheimer <ken.manheimer@gmail.com> * lisp/gnus/pgg-pgp.el (pgg-pgp-encrypt-region, pgg-pgp-decrypt-region) (pgg-pgp-encrypt-symmetric-region, pgg-pgp-encrypt-symmetric) (pgg-pgp-encrypt, pgg-pgp-decrypt-region, pgg-pgp-decrypt) (pgg-pgp-sign-region, pgg-pgp-sign): Add optional 'passphrase' argument to all these routines, so the passphrase can be managed externally and passed in to the system. (pgg-pgp-decrypt-region, pgg-pgp-sign-region): Use new name for pgg-add-passphrase-to-cache function. * lisp/gnus/pgg-pgp5.el (pgg-pgp5-encrypt-region, pgg-pgp5-decrypt-region) (pgg-pgp5-encrypt-symmetric-region, pgg-pgp5-encrypt-symmetric) (pgg-pgp5-encrypt, pgg-pgp5-decrypt-region, pgg-pgp5-decrypt) (pgg-pgp5-sign-region, pgg-pgp5-sign): Add optional 'passphrase' argument to all these routines, so the passphrase can be managed externally and passed in to the system. (pgg-pgp5-sign-region): Use new name of pgg-add-passphrase-to-cache function. 2005-10-30 Chong Yidong <cyd@stupidchicken.com> * lisp/gnus/imap.el (imap-open): Handle case where buffer is a buffer object. 2005-10-29 Ken Manheimer <ken.manheimer@gmail.com> * lisp/gnus/pgg-gpg.el (pgg-gpg-select-matching-key): Fix: look at the right part of the decoded armor to find the key-identifier. (pgg-gpg-lookup-key-owner): New function to return the human-readable identifier of a key owner. (pgg-gpg-lookup-id-from-key-owner): Make it easy to identify the key itself. (pgg-gpg-decrypt-region): Prompt with the key owner (rather than the key value) if we have a key and can match it against a secret key. Also, added a note pointing out fact that the prompt only indicates the first matching key. * lisp/gnus/pgg.el (pgg-decrypt): Passing along 'passphrase' in call to pgg-decrypt-region. (pgg-pending-timers): A new hash for tracking the passphrase cache timers, so that new ones supercede old ones. (pgg-add-passphrase-to-cache): Rename from `pgg-add-passphrase-cache' to reduce confusion (all callers changed). Modified to cancel old timers when new ones are added. (pgg-remove-passphrase-from-cache): Rename from `pgg-remove-passphrase-cache' to reduce confusion (all callers changed). Modified to cancel old timers when their keys are removed from the cache. (pgg-cancel-timer): In Emacs, an alias for cancel-timer; in XEmacs, an indirection to delete-itimer. (pgg-read-passphrase-from-cache, pgg-read-passphrase): Extract pgg-read-passphrase-from-cache from pgg-read-passphrase so users can only check cache without risk of prompting. Correct bug in notruncate behavior. (pgg-read-passphrase-from-cache, pgg-read-passphrase) (pgg-add-passphrase-cache, pgg-remove-passphrase-cache): Add informative docstrings. (pgg-decrypt): Convey provided passphrase in subordinate call to pgg-decrypt-region. 2005-10-20 Ken Manheimer <ken.manheimer+emacs@gmail.com> * lisp/gnus/pgg.el (pgg-encrypt-region, pgg-encrypt-symmetric-region) (pgg-encrypt-symmetric, pgg-encrypt, pgg-decrypt-region) (pgg-decrypt, pgg-sign-region, pgg-sign): Add optional 'passphrase' argument, so the passphrase can be managed externally and then passed in to the system. * lisp/gnus/pgg.el (pgg-read-passphrase, pgg-add-passphrase-cache) (pgg-remove-passphrase-cache): Add optional 'notruncate' argument, so the passphrase cache can be used reliably with identifiers besides a pgp packet's key id. * lisp/gnus/pgg-gpg.el (pgg-pgp-encrypt-region) (pgg-pgp-encrypt-symmetric-region, pgg-pgp-encrypt-symmetric) (pgg-pgp-encrypt, pgg-pgp-decrypt-region, pgg-pgp-decrypt) (pgg-pgp-sign-region, pgg-pgp-sign): Add optional 'passphrase' argument to all these routines, so the passphrase can be managed externally and passed in to the system. * lisp/gnus/pgg-gpg.el (pgg-gpg-possibly-cache-passphrase): Add optional 'notruncate' argument, so the passphrase cache can be used reliably with identifiers besides a pgp packet's key id. 2005-10-29 Sascha Wilde <swilde@sha-bang.de> * lisp/gnus/pgg-gpg.el (pgg-gpg-encrypt-symmetric-region): New function for symmetric encryption. (pgg-gpg-symmetric-key-p): New function to check for an symmetric encrypted session key. (pgg-gpg-decrypt-region): When decrypting a symmetric encrypted message ask for the passphrase in a proper way. * lisp/gnus/pgg.el (pgg-encrypt-symmetric, pgg-encrypt-symmetric-region): New user commands for symmetric encryption. 2005-12-05 Katsumi Yamaoka <yamaoka@jpl.org> * man/pgg.texi (User Commands): Fix description of pgg-verify-region. (Selecting an implementation): Fix descriptions. 2005-11-30 Katsumi Yamaoka <yamaoka@jpl.org> * man/message.texi (Various Message Variables): Addition. 2005-11-29 Katsumi Yamaoka <yamaoka@jpl.org> * man/message.texi: Fix default values. 2005-11-25 Katsumi Yamaoka <yamaoka@jpl.org> * man/message.texi (Header Commands): Clarify descriptions of message-cross-post-followup-to, message-reduce-to-to-cc, and message-insert-wide-reply. (Various Commands): Fix kindex for message-kill-to-signature; clarify description of message-tab. 2005-11-22 Katsumi Yamaoka <yamaoka@jpl.org> * man/message.texi (Mailing Lists): Fix description about MFT. * man/gnus.texi (Emacs Lisp): Use ~/.gnus.el instead of ~/.emacs. 2005-11-17 Katsumi Yamaoka <yamaoka@jpl.org> * man/gnus.texi (Slow Terminal Connection): Replace old description with new one. 2005-11-16 Katsumi Yamaoka <yamaoka@jpl.org> * man/gnus.texi (Oort Gnus): Use ~/.gnus.el instead of ~/.emacs; replace X-Draft-Headers with X-Draft-From. 2005-11-14 Katsumi Yamaoka <yamaoka@jpl.org> * man/gnus.texi (Various Various): Fix the default value of nnheader-max-head-length. (Gnus Versions): Fix typo.

;;; mml-smime.el --- S/MIME support for MML

;; Copyright (C) 2000, 2001, 2002, 2003, 2004,
;;   2005 Free Software Foundation, Inc.

;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: Gnus, MIME, S/MIME, MML

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published
;; by the Free Software Foundation; either version 2, or (at your
;; option) any later version.

;; GNU Emacs is distributed in the hope that it will be useful, but
;; WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
;; General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Commentary:

;;; Code:

(eval-when-compile (require 'cl))

(require 'smime)
(require 'mm-decode)
(autoload 'message-narrow-to-headers "message")
(autoload 'message-fetch-field "message")

(defun mml-smime-sign (cont)
  (when (null smime-keys)
    (customize-variable 'smime-keys)
    (error "No S/MIME keys configured, use customize to add your key"))
  (smime-sign-buffer (cdr (assq 'keyfile cont)))
  (goto-char (point-min))
  (while (search-forward "\r\n" nil t)
    (replace-match "\n" t t))
  (goto-char (point-max)))

(defun mml-smime-encrypt (cont)
  (let (certnames certfiles tmp file tmpfiles)
    ;; xxx tmp files are always an security issue
    (while (setq tmp (pop cont))
      (if (and (consp tmp) (eq (car tmp) 'certfile))
	  (push (cdr tmp) certnames)))
    (while (setq tmp (pop certnames))
      (if (not (and (not (file-exists-p tmp))
		    (get-buffer tmp)))
	  (push tmp certfiles)
	(setq file (mm-make-temp-file (expand-file-name "mml."
							mm-tmp-directory)))
	(with-current-buffer tmp
	  (write-region (point-min) (point-max) file))
	(push file certfiles)
	(push file tmpfiles)))
    (if (smime-encrypt-buffer certfiles)
	(progn
	  (while (setq tmp (pop tmpfiles))
	    (delete-file tmp))
	  t)
      (while (setq tmp (pop tmpfiles))
	(delete-file tmp))
      nil))
  (goto-char (point-max)))

(defun mml-smime-sign-query ()
  ;; query information (what certificate) from user when MML tag is
  ;; added, for use later by the signing process
  (when (null smime-keys)
    (customize-variable 'smime-keys)
    (error "No S/MIME keys configured, use customize to add your key"))
  (list 'keyfile
	(if (= (length smime-keys) 1)
	    (cadar smime-keys)
	  (or (let ((from (cadr (funcall (if (boundp
					      'gnus-extract-address-components)
					     gnus-extract-address-components
					   'mail-extract-address-components)
					 (or (save-excursion
					       (save-restriction
						 (message-narrow-to-headers)
						 (message-fetch-field "from")))
					     "")))))
		(and from (smime-get-key-by-email from)))
	      (smime-get-key-by-email
	       (completing-read "Sign this part with what signature? "
				smime-keys nil nil
				(and (listp (car-safe smime-keys))
				     (caar smime-keys))))))))

(defun mml-smime-get-file-cert ()
  (ignore-errors
    (list 'certfile (read-file-name
		     "File with recipient's S/MIME certificate: "
		     smime-certificate-directory nil t ""))))

(defun mml-smime-get-dns-cert ()
  ;; todo: deal with comma separated multiple recipients
  (let (result who bad cert)
    (condition-case ()
	(while (not result)
	  (setq who (read-from-minibuffer
		     (format "%sLookup certificate for: " (or bad ""))
		     (cadr (funcall (if (boundp
					 'gnus-extract-address-components)
					gnus-extract-address-components
				      'mail-extract-address-components)
				    (or (save-excursion
					  (save-restriction
					    (message-narrow-to-headers)
					    (message-fetch-field "to")))
					"")))))
	  (if (setq cert (smime-cert-by-dns who))
	      (setq result (list 'certfile (buffer-name cert)))
	    (setq bad (format "`%s' not found. " who))))
      (quit))
    result))

(defun mml-smime-encrypt-query ()
  ;; todo: add ldap support (xemacs ldap api?)
  ;; todo: try dns/ldap automatically first, before prompting user
  (let (certs done)
    (while (not done)
      (ecase (read (gnus-completing-read-with-default
		    "dns" "Fetch certificate from"
		    '(("dns") ("file")) nil t))
	(dns (setq certs (append certs
				 (mml-smime-get-dns-cert))))
	(file (setq certs (append certs
				  (mml-smime-get-file-cert)))))
      (setq done (not (y-or-n-p "Add more recipients? "))))
    certs))

(defun mml-smime-verify (handle ctl)
  (with-temp-buffer
    (insert-buffer-substring (mm-handle-multipart-original-buffer ctl))
    (goto-char (point-min))
    (insert (format "Content-Type: %s; " (mm-handle-media-type ctl)))
    (insert (format "protocol=\"%s\"; "
		    (mm-handle-multipart-ctl-parameter ctl 'protocol)))
    (insert (format "micalg=\"%s\"; "
		    (mm-handle-multipart-ctl-parameter ctl 'micalg)))
    (insert (format "boundary=\"%s\"\n\n"
		    (mm-handle-multipart-ctl-parameter ctl 'boundary)))
    (when (get-buffer smime-details-buffer)
      (kill-buffer smime-details-buffer))
    (let ((buf (current-buffer))
	  (good-signature (smime-noverify-buffer))
	  (good-certificate (and (or smime-CA-file smime-CA-directory)
				 (smime-verify-buffer)))
	  addresses openssl-output)
      (setq openssl-output (with-current-buffer smime-details-buffer
			     (buffer-string)))
      (if (not good-signature)
	  (progn
	    ;; we couldn't verify message, fail with openssl output as message
	    (mm-set-handle-multipart-parameter
	     mm-security-handle 'gnus-info "Failed")
	    (mm-set-handle-multipart-parameter
	     mm-security-handle 'gnus-details
	     (concat "OpenSSL failed to verify message integrity:\n"
		     "-------------------------------------------\n"
		     openssl-output)))
	;; verify mail addresses in mail against those in certificate
	(when (and (smime-pkcs7-region (point-min) (point-max))
		   (smime-pkcs7-certificates-region (point-min) (point-max)))
	  (with-temp-buffer
	    (insert-buffer-substring buf)
	    (goto-char (point-min))
	    (while (re-search-forward "-----END CERTIFICATE-----" nil t)
	      (when (smime-pkcs7-email-region (point-min) (point))
		(setq addresses (append (smime-buffer-as-string-region
					 (point-min) (point)) addresses)))
	      (delete-region (point-min) (point)))
	    (setq addresses (mapcar 'downcase addresses))))
	(if (not (member (downcase (or (mm-handle-multipart-from ctl) "")) addresses))
	    (mm-set-handle-multipart-parameter
	     mm-security-handle 'gnus-info "Sender address forged")
	  (if good-certificate
	      (mm-set-handle-multipart-parameter
	       mm-security-handle 'gnus-info "Ok (sender authenticated)")
	    (mm-set-handle-multipart-parameter
	     mm-security-handle 'gnus-info "Ok (sender not trusted)")))
	(mm-set-handle-multipart-parameter
	 mm-security-handle 'gnus-details
	 (concat "Sender claimed to be: " (mm-handle-multipart-from ctl) "\n"
		 (if addresses
		     (concat "Addresses in certificate: "
			     (mapconcat 'identity addresses ", "))
		   "No addresses found in certificate. (Requires OpenSSL 0.9.6 or later.)")
		 "\n" "\n"
		 "OpenSSL output:\n"
		 "---------------\n" openssl-output "\n"
		 "Certificate(s) inside S/MIME signature:\n"
		 "---------------------------------------\n"
		 (buffer-string) "\n")))))
  handle)

(defun mml-smime-verify-test (handle ctl)
  smime-openssl-program)

(provide 'mml-smime)

;;; arch-tag: f1bf94d4-f2cd-4c6f-b059-ad69492817e2
;;; mml-smime.el ends here