From: Thomas Roessler <roessler@does-not-exist.org>
Date: Sun, 28 May 2000 19:53:01 +0000 (+0000)
Subject: Modified version of Byrial Jensen's signature verification patch.
X-Git-Tag: mutt-1-3-3-rel~20
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a79f7d6dd983e79379914014bdb07d3e3110bfe;p=mutt

Modified version of Byrial Jensen's signature verification patch.
---

diff --git a/commands.c b/commands.c
index 8978e8ea..35ee03d1 100644
--- a/commands.c
+++ b/commands.c
@@ -143,8 +143,9 @@ int mutt_display_message (HEADER *cur)
     pager_t info;
 
 #ifdef HAVE_PGP
-    if (cur->pgp & PGPGOODSIGN)
-      mutt_message _("PGP signature successfully verified.");
+    mutt_message ((cur->pgp & PGPGOODSIGN) ?
+		  _("PGP signature successfully verified.") :
+		  _("PGP signature could NOT be verified."));
 #endif
 
     /* Invoke the builtin pager */
diff --git a/contrib/pgp2.rc b/contrib/pgp2.rc
index 2af9eb4b..bd66cf10 100644
--- a/contrib/pgp2.rc
+++ b/contrib/pgp2.rc
@@ -44,3 +44,5 @@ set pgp_list_pubring_command="pgpring -2 %r"
 # read in the secret key ring
 set pgp_list_secring_command="pgpring -s -2 %r"
 
+# pattern for good signature
+set pgp_good_sign="Good signature"
diff --git a/contrib/pgp5.rc b/contrib/pgp5.rc
index c0398d8f..d2e578fb 100644
--- a/contrib/pgp5.rc
+++ b/contrib/pgp5.rc
@@ -11,6 +11,9 @@ set pgp_decode_command="%?p?PGPPASSFD=0; export PGPPASSFD;? cat %?p?-? %f | pgpv
 # verify a pgp/mime signature
 set pgp_verify_command="pgpv +language=mutt +verbose=0 +batchmode --OutputInformationFD=1 %f %s"
 
+# string that the verify command outputs if the signature is good
+set pgp_good_sign = "Good signature"
+
 # decrypt a pgp/mime attachment
 set pgp_decrypt_command="PGPPASSFD=0; export PGPPASSFD; cat - %f | pgpv +language=mutt +verbose=0 +batchmode --OutputInformationFD=2 -f"
 
diff --git a/doc/manual.sgml.head b/doc/manual.sgml.head
index d796cca4..06ff4330 100644
--- a/doc/manual.sgml.head
+++ b/doc/manual.sgml.head
@@ -199,18 +199,19 @@ the disposition of each message is printed beside the message number.
 Zero or more of the following ``flags'' may appear, which mean:
 
 <p>
-<tscreen><verb>
-D       message is deleted
-K       contains a PGP public key
-M       requires mailcap to view
-N       message is new
-O       message is old
-P       message is PGP encrypted
-r       message has been replied to
-S       message is PGP signed
-!       message is flagged
-*       message is tagged
-</verb></tscreen>
+<descrip>
+<tag/D/ message is deleted (is marked for deletion)
+<tag/d/ message have attachments marked for deletion
+<tag/K/ contains a PGP public key
+<tag/N/ message is new
+<tag/O/ message is old
+<tag/P/ message is PGP encrypted
+<tag/r/ message has been replied to
+<tag/S/ message is PGP signed, and the signature is succesfully verified
+<tag/s/ message is PGP signed
+<tag/!/ message is flagged
+<tag/*/ message is tagged
+</descrip>
 
 Some of the status flags can be turned on or off using
 <itemize>
diff --git a/init.h b/init.h
index 099d3113..1e7a35ad 100644
--- a/init.h
+++ b/init.h
@@ -1102,6 +1102,14 @@ struct option_t MuttVars[] = {
   ** .dt %[<s>] .dd date of the key where <s> is an strftime(3) expression
   ** .de
   */
+  { "pgp_good_sign",	DT_RX,  R_NONE, UL &PgpGoodSign, UL "" },
+  /*
+  ** .pp
+  ** If you assign a text to this variable, then a PGP signature is only
+  ** considered verified if the output from $$pgp_verify_command contains
+  ** the text. Use this variable if the exit code from the command is 0
+  ** even for bad signatures.
+  */ 
   { "pgp_long_ids",	DT_BOOL, R_NONE, OPTPGPLONGIDS, 0 },
   /*
   ** .pp
diff --git a/pgp.c b/pgp.c
index 40c374a8..925f10d9 100644
--- a/pgp.c
+++ b/pgp.c
@@ -550,8 +550,8 @@ static int pgp_verify_one (BODY *sigbdy, STATE *s, const char *tempfile)
   char sigfile[_POSIX_PATH_MAX], pgperrfile[_POSIX_PATH_MAX];
   FILE *fp, *pgpout, *pgperr;
   pid_t thepid;
-  int rv = -1;
-  
+  int badsig = -1;
+
   snprintf (sigfile, sizeof (sigfile), "%s.asc", tempfile);
   
   if(!(fp = safe_fopen (sigfile, "w")))
@@ -578,14 +578,36 @@ static int pgp_verify_one (BODY *sigbdy, STATE *s, const char *tempfile)
 				   -1, -1, fileno(pgperr),
 				   tempfile, sigfile)) != -1)
   {
-    mutt_copy_stream(pgpout, s->fpout);
+    if (PgpGoodSign.pattern)
+    {
+      char *line = NULL;
+      int lineno = 0;
+      size_t linelen;
+
+      while ((line = mutt_read_line (line, &linelen, pgpout, &lineno)) != NULL)
+      {
+	if (regexec (PgpGoodSign.rx, line, 0, NULL, 0) == 0)
+	  badsig = 0;
+
+	fputs (line, s->fpout);
+	fputc ('\n', s->fpout);
+      }
+      safe_free ((void **) &line);
+    }
+    else
+    {
+      mutt_copy_stream(pgpout, s->fpout);
+      badsig = 0;
+    }
+
     fclose (pgpout);
     fflush(pgperr);
     rewind(pgperr);
     mutt_copy_stream(pgperr, s->fpout);
     fclose(pgperr);
     
-    rv = mutt_wait_filter (thepid);
+    if (mutt_wait_filter (thepid))
+      badsig = -1;
   }
   
   state_puts (_("[-- End of PGP output --]\n\n"), s);
@@ -593,7 +615,7 @@ static int pgp_verify_one (BODY *sigbdy, STATE *s, const char *tempfile)
   mutt_unlink (sigfile);
   mutt_unlink (pgperrfile);
 
-  return rv;
+  return badsig;
 }
 
 /*
diff --git a/pgp.h b/pgp.h
index f4fad9b1..32f26105 100644
--- a/pgp.h
+++ b/pgp.h
@@ -21,6 +21,8 @@
 
 #include "pgplib.h"
 
+WHERE REGEXP PgpGoodSign;
+
 WHERE char *PgpSignAs;
 WHERE char *PgpSignMicalg;
 WHERE short PgpTimeout;