modules/gnupg/gnupg.admin.inc

<?php
// $Id$

//////////////////////////////////////////////////////////////////////////////
// Settings form

function gnupg_admin_settings() {
  $form = array();

  // GNU Privacy Guard settings
  $form['gnupg'] = array('#type' => 'fieldset', '#title' => t('GNU Privacy Guard settings'), '#collapsible' => TRUE, '#collapsed' => gnupg_is_available());
  $form['gnupg']['gnupg_exec'] = array(
    '#type'          => 'textfield',
    '#title'         => t('Path to GnuPG executable'),
    '#default_value' => variable_get('gnupg_exec', gnupg_guess_binpath()),
    '#maxlength'     => 255,
    '#required'      => TRUE,
    '#description'   => t('A file system path to the <code>gpg</code> binary. On Unix systems, this would typically be located at <code>/usr/bin/gpg</code> or <code>/usr/local/bin/gpg</code>. On Mac OS X with MacPorts, the path would typically be <code>/opt/local/bin/gpg</code>.'),
  );
  $form['gnupg']['gnupg_homedir'] = array(
    '#type'          => 'textfield',
    '#title'         => t('Path to GnuPG home directory'),
    '#default_value' => GNUPG_HOMEDIR,
    '#maxlength'     => 255,
    '#required'      => TRUE,
    '#description'   => t('A file system path to the directory where <code>gpg</code> stores its configuration and keyrings. On Unix systems, this would typically be located at %path. If the directory doesn\'t exist, an attempt will be made to create it. Note that as this directory contains GnuPG\'s secure keyring, it is <strong>essential</strong> that you ensure the directory\'s access permissions are correctly set (i.e. not world-readable) and that the directory is not web accessible. Remember that security will only be as strong as the weakest link in the chain. For more information, please refer to <code>INSTALL.txt</code>.', array('%path' => '~/.gnupg')),
  );
  $form['gnupg']['gnupg_keyid'] = array(
    '#type'          => 'select',
    '#title'         => t('GnuPG system key ID'),
    '#default_value' => GNUPG_KEYID,
    '#options'       => array_merge(array('' => t('(none)')), gnupg_get_keys('titles')),
    '#description'   => t('The system key, that is, the key that will be used to e.g. sign outgoing e-mail. This would typically be a keypair specifically created for this server or site.'),
  );

  // E-mail encryption settings
  $form['mail'] = array('#type' => 'fieldset', '#title' => t('E-mail encryption settings'), '#collapsible' => TRUE, '#collapsed' => FALSE);
  $form['mail']['gnupg_mail_encrypt'] = array(
    '#type'          => 'radios',
    '#title'         => t('Encrypt outgoing e-mail'),
    '#default_value' => variable_get('gnupg_mail_encrypt', ''),
    '#options'       => array('' => t('Never'), 'custom' => t('Optionally, when possible'), 'always' => t('Always, when possible')),
    '#description'   => t('Whether to encrypt Drupal\'s outgoing e-mails using the public key of the recipient(s). This is only possible in those cases when the public keys for all of the message\'s recipients are <a href="@public-keys">on file</a>. When <strong>Optionally</strong> is selected, users themselves can choose, in their user profile, whether they wish to receive encrypted e-mail.', array('@public-keys' => url('admin/user/gnupg'))),
  );
  $form['mail']['gnupg_mail_comment'] = array(
    '#type'          => 'textfield',
    '#title'         => t('Encrypted e-mail comment'),
    '#default_value' => variable_get('gnupg_mail_comment', ''),
    '#maxlength'     => 60,
    '#description'   => t('Enter text to use as a comment string in clear text signatures and ASCII-armored messages. Keep the length below 60 characters to avoid problems with mail programs wrapping such lines. The default behavior is to not use a comment string.'),
  );
  $form['mail']['gnupg_mail_header'] = array(
    '#type'          => 'textarea',
    '#title'         => t('Encrypted e-mail header'),
    '#default_value' => variable_get('gnupg_mail_header', ''),
    '#rows'          => 2,
    '#description'   => t('Enter text to include in the e-mail message prior to the start of the actual encrypted message. This plaintext will be prepended immediately in front of the <tt>BEGIN PGP MESSAGE</tt> marker. By default no header text will be used.'),
  );
  $form['mail']['gnupg_mail_footer'] = array(
    '#type'          => 'textarea',
    '#title'         => t('Encrypted e-mail footer'),
    '#default_value' => variable_get('gnupg_mail_footer', ''),
    '#rows'          => 2,
    '#description'   => t('Enter text to include in the e-mail message subsequent to the end of the actual encrypted message. This plaintext will be appended immediately after the <tt>END PGP MESSAGE</tt> marker. By default no footer text will be used.'),
  );

  return system_settings_form($form);
}

function gnupg_admin_settings_validate($form, &$form_state) {
  extract($form_state['values'], EXTR_SKIP | EXTR_REFS);

  if (!file_exists($gnupg_exec)) {
    form_set_error('gnupg_exec', t('The GnuPG binary %path does not exist.', array('%path' => $gnupg_exec)));
  }
  else if (!is_executable($gnupg_exec)) {
    form_set_error('gnupg_exec', t('The GnuPG binary %path is not executable.', array('%path' => $gnupg_exec)));
  }

  gnupg_secure_homedir($gnupg_homedir = rtrim($gnupg_homedir, '/\\'), 'gnupg_homedir');
}

//////////////////////////////////////////////////////////////////////////////
// Public keys management

function gnupg_admin_users() {
  $head = array(t('User'), t('Key ID'), t('Key user ID'), array('data' => t('Key length'), 'class' => 'length'), t('Key created'));
  $rows = array();

  $result = db_query("SELECT k.uri, k.key_id, u.uid, u.name FROM {gnupg_keys} k LEFT JOIN {users} u ON k.uri = CONCAT('user/', u.uid) WHERE k.uri LIKE 'user/%' AND k.key_id IS NOT NULL ORDER BY u.name ASC"); // FIXME: this query is likely MySQL-specific at present.
  while ($user = db_fetch_object($result)) {
    $keys = gnupg_get_keys(NULL, $user->key_id);
    if (($key = $keys[$user->key_id])) {
      $rows[] = array(
        theme('username', $user),
        l($key && !empty($key->id) ? check_plain($key->id) : '-', 'user/' . $user->uid . '/public-key'),
        $key && !empty($key->user_id)    ? check_plain($key->user_id)    : '-',
        $key && !empty($key->length)     ? check_plain($key->length)     : '-',
        $key && !empty($key->created_at) ? check_plain($key->created_at) : '-',
      );
    }
  }

  if (empty($rows)) {
    $rows[] = array(array('data' => t('No public keys stored by users.'), 'colspan' => '5'));
  }

  return theme('table', $head, $rows, array('class' => 'gnupg public-keys'));
}
1	<?php
2	// $Id$
3
4	//////////////////////////////////////////////////////////////////////////////
5	// Settings form
6
7	function gnupg_admin_settings() {
8	$form = array();
9
10	// GNU Privacy Guard settings
11	$form['gnupg'] = array('#type' => 'fieldset', '#title' => t('GNU Privacy Guard settings'), '#collapsible' => TRUE, '#collapsed' => gnupg_is_available());
12	$form['gnupg']['gnupg_exec'] = array(
13	'#type' => 'textfield',
14	'#title' => t('Path to GnuPG executable'),
15	'#default_value' => variable_get('gnupg_exec', gnupg_guess_binpath()),
16	'#maxlength' => 255,
17	'#required' => TRUE,
18	'#description' => t('A file system path to the <code>gpg</code> binary. On Unix systems, this would typically be located at <code>/usr/bin/gpg</code> or <code>/usr/local/bin/gpg</code>. On Mac OS X with MacPorts, the path would typically be <code>/opt/local/bin/gpg</code>.'),
19	);
20	$form['gnupg']['gnupg_homedir'] = array(
21	'#type' => 'textfield',
22	'#title' => t('Path to GnuPG home directory'),
23	'#default_value' => GNUPG_HOMEDIR,
24	'#maxlength' => 255,
25	'#required' => TRUE,
26	'#description' => t('A file system path to the directory where <code>gpg</code> stores its configuration and keyrings. On Unix systems, this would typically be located at %path. If the directory doesn\'t exist, an attempt will be made to create it. Note that as this directory contains GnuPG\'s secure keyring, it is <strong>essential</strong> that you ensure the directory\'s access permissions are correctly set (i.e. not world-readable) and that the directory is not web accessible. Remember that security will only be as strong as the weakest link in the chain. For more information, please refer to <code>INSTALL.txt</code>.', array('%path' => '~/.gnupg')),
27	);
28	$form['gnupg']['gnupg_keyid'] = array(
29	'#type' => 'select',
30	'#title' => t('GnuPG system key ID'),
31	'#default_value' => GNUPG_KEYID,
32	'#options' => array_merge(array('' => t('(none)')), gnupg_get_keys('titles')),
33	'#description' => t('The system key, that is, the key that will be used to e.g. sign outgoing e-mail. This would typically be a keypair specifically created for this server or site.'),
34	);
35
36	// E-mail encryption settings
37	$form['mail'] = array('#type' => 'fieldset', '#title' => t('E-mail encryption settings'), '#collapsible' => TRUE, '#collapsed' => FALSE);
38	$form['mail']['gnupg_mail_encrypt'] = array(
39	'#type' => 'radios',
40	'#title' => t('Encrypt outgoing e-mail'),
41	'#default_value' => variable_get('gnupg_mail_encrypt', ''),
42	'#options' => array('' => t('Never'), 'custom' => t('Optionally, when possible'), 'always' => t('Always, when possible')),
43	'#description' => t('Whether to encrypt Drupal\'s outgoing e-mails using the public key of the recipient(s). This is only possible in those cases when the public keys for all of the message\'s recipients are <a href="@public-keys">on file</a>. When <strong>Optionally</strong> is selected, users themselves can choose, in their user profile, whether they wish to receive encrypted e-mail.', array('@public-keys' => url('admin/user/gnupg'))),
44	);
45	$form['mail']['gnupg_mail_comment'] = array(
46	'#type' => 'textfield',
47	'#title' => t('Encrypted e-mail comment'),
48	'#default_value' => variable_get('gnupg_mail_comment', ''),
49	'#maxlength' => 60,
50	'#description' => t('Enter text to use as a comment string in clear text signatures and ASCII-armored messages. Keep the length below 60 characters to avoid problems with mail programs wrapping such lines. The default behavior is to not use a comment string.'),
51	);
52	$form['mail']['gnupg_mail_header'] = array(
53	'#type' => 'textarea',
54	'#title' => t('Encrypted e-mail header'),
55	'#default_value' => variable_get('gnupg_mail_header', ''),
56	'#rows' => 2,
57	'#description' => t('Enter text to include in the e-mail message prior to the start of the actual encrypted message. This plaintext will be prepended immediately in front of the <tt>BEGIN PGP MESSAGE</tt> marker. By default no header text will be used.'),
58	);
59	$form['mail']['gnupg_mail_footer'] = array(
60	'#type' => 'textarea',
61	'#title' => t('Encrypted e-mail footer'),
62	'#default_value' => variable_get('gnupg_mail_footer', ''),
63	'#rows' => 2,
64	'#description' => t('Enter text to include in the e-mail message subsequent to the end of the actual encrypted message. This plaintext will be appended immediately after the <tt>END PGP MESSAGE</tt> marker. By default no footer text will be used.'),
65	);
66
67	return system_settings_form($form);
68	}
69
70	function gnupg_admin_settings_validate($form, &$form_state) {
71	extract($form_state['values'], EXTR_SKIP \| EXTR_REFS);
72
73	if (!file_exists($gnupg_exec)) {
74	form_set_error('gnupg_exec', t('The GnuPG binary %path does not exist.', array('%path' => $gnupg_exec)));
75	}
76	else if (!is_executable($gnupg_exec)) {
77	form_set_error('gnupg_exec', t('The GnuPG binary %path is not executable.', array('%path' => $gnupg_exec)));
78	}
79
80	gnupg_secure_homedir($gnupg_homedir = rtrim($gnupg_homedir, '/\\'), 'gnupg_homedir');
81	}
82
83	//////////////////////////////////////////////////////////////////////////////
84	// Public keys management
85
86	function gnupg_admin_users() {
87	$head = array(t('User'), t('Key ID'), t('Key user ID'), array('data' => t('Key length'), 'class' => 'length'), t('Key created'));
88	$rows = array();
89
90	$result = db_query("SELECT k.uri, k.key_id, u.uid, u.name FROM {gnupg_keys} k LEFT JOIN {users} u ON k.uri = CONCAT('user/', u.uid) WHERE k.uri LIKE 'user/%' AND k.key_id IS NOT NULL ORDER BY u.name ASC"); // FIXME: this query is likely MySQL-specific at present.
91	while ($user = db_fetch_object($result)) {
92	$keys = gnupg_get_keys(NULL, $user->key_id);
93	if (($key = $keys[$user->key_id])) {
94	$rows[] = array(
95	theme('username', $user),
96	l($key && !empty($key->id) ? check_plain($key->id) : '-', 'user/' . $user->uid . '/public-key'),
97	$key && !empty($key->user_id) ? check_plain($key->user_id) : '-',
98	$key && !empty($key->length) ? check_plain($key->length) : '-',
99	$key && !empty($key->created_at) ? check_plain($key->created_at) : '-',
100	);
101	}
102	}
103
104	if (empty($rows)) {
105	$rows[] = array(array('data' => t('No public keys stored by users.'), 'colspan' => '5'));
106	}
107
108	return theme('table', $head, $rows, array('class' => 'gnupg public-keys'));
109	}