From 0afeb2ff49f8dd489c16561d66eb09ac42238c0c Mon Sep 17 00:00:00 2001
From: Matthew Borger <matthew@borgernet.com>
Date: Tue, 2 Feb 2016 13:14:31 +0000
Subject: [PATCH] Added option to save generated emails to a given folder
 instead of sending via SMTP.

---
 doc/pius.1        |  2 ++
 libpius/mailer.py | 62 ++++++++++++++++++++++++++---------------------
 pius              |  7 +++++-
 3 files changed, 43 insertions(+), 28 deletions(-)
 mode change 100755 => 100644 pius

diff --git a/doc/pius.1 b/doc/pius.1
index c020b84..f7e0815 100644
--- a/doc/pius.1
+++ b/doc/pius.1
@@ -47,6 +47,8 @@ Hostname of SMTP server. [default: \fIlocalhost\fP]
 Use the pexpect module for signing and drop to the gpg shell for entering the passphrase. [default: false]
 .IP "\fB\-I\fP, \fB\-\-import\fP"
 Also import the unsigned keys from the keyring into the default keyring. Ignored if \fB\-r\fP is not specified, or if it's the same as the default keyring.
+.IP "\fB\-L\fP, \fB\-\-save\-to\-mail\-dir\fP"
+Instead of calling SMTP, save the email to this directory. Useful for signing from an air gapped machine. The saved email files can be sent using your own MTA such as sendmail or mailx.
 .IP "\fB\-m\fP \fIFROM\-EMAIL\fP, \fB\-\-mail=\fP\fIFROM\-EMAIL\fP"
 Email the encrypted, signed keys to the respective email addresses using \fIFROM\-EMAIL\fP as the sender. See also \fB\-H\fP and \fB\-P\fP.
 .IP "\fB\-M\fP \fIFILE\fP, \fB\-\-mail\-text=\fP\fIFILE\fP"
diff --git a/libpius/mailer.py b/libpius/mailer.py
index cea93ee..52313a3 100644
--- a/libpius/mailer.py
+++ b/libpius/mailer.py
@@ -3,6 +3,7 @@
 import os
 import smtplib
 import socket
+import os
 
 from email import message, quoprimime
 from email.utils import formatdate
@@ -21,7 +22,7 @@
 
 class PiusMailer(object):
   def __init__(self, mail, host, port, user, tls, no_mime, override, msg_text,
-               tmp_dir):
+               tmp_dir, local_mail_dir):
     self.mail = mail
     self.host = host
     self.port = port
@@ -32,6 +33,7 @@ def __init__(self, mail, host, port, user, tls, no_mime, override, msg_text,
     self.address_override = override
     self.message_text = msg_text
     self.tmp_dir = tmp_dir
+    self.local_mail_dir = local_mail_dir
 
   @staticmethod
   def add_options(parser):
@@ -254,36 +256,42 @@ def _send_mail(self, to, msg):
     msg['From'] = self.mail
     if self.address_override:
       msg['To'] = self.address_override
+      env_to = [msg['To']]
     else:
       msg['To'] = to
+      env_to = [msg['To'], self.mail]
     msg['Date'] = formatdate(localtime=True)
 
-    try:
-      smtp = smtplib.SMTP(self.host, self.port)
-      if self.tls:
-        # NOTE WELL: SECURITY IMPORTANT NOTE!
-        # In python 2.6 if you attempt to starttls() and the server doesn't
-        # understand an exception is raised. However before that, it just
-        # carried on # and one could attempt to auth over a plain-text session.
-        # This is BAD!
-        #
-        # So, in order be secure on older pythons we ehlo() and then check the
-        # response before attempting startls.
-        smtp.ehlo()
-        if not smtp.has_extn('STARTTLS'):
-          # Emulate 2.6 behavior
-          raise smtplib.SMTPException('Server does not support STARTTLS')
-        smtp.starttls()
-        # must re-ehlo after STARTTLS
-        smtp.ehlo()
-        # Don't want to send auth information unless we're TLS'd
-        if self.user:
-          smtp.login(self.user, self.password)
-      if self.address_override:
-        env_to = self.address_override
-      else:
-        # BCC the user...
-        env_to = [msg['To'], self.mail]
+    if self.local_mail_dir:
+      if not os.path.isdir(self.local_mail_dir):
+        os.mkdir(self.local_mail_dir)
+      if not self.address_ovrride:
+        msg['Bcc'] = self.mail
+      email = open(os.path.join(self.local_mail_dir, msg['To']), 'w')
+      email.write(str(msg))
+      email.close()
+    else:
+      try:
+        smtp = smtplib.SMTP(self.host, self.port)
+        if self.tls:
+          # NOTE WELL: SECURITY IMPORTANT NOTE!
+          # In python 2.6 if you attempt to starttls() and the server doesn't
+          # understand an exception is raised. However before that, it just
+          # carried on # and one could attempt to auth over a plain-text session.
+          # This is BAD!
+          #
+          # So, in order be secure on older pythons we ehlo() and then check the
+          # response before attempting startls.
+          smtp.ehlo()
+          if not smtp.has_extn('STARTTLS'):
+            # Emulate 2.6 behavior
+            raise smtplib.SMTPException('Server does not support STARTTLS')
+          smtp.starttls()
+          # must re-ehlo after STARTTLS
+          smtp.ehlo()
+          # Don't want to send auth information unless we're TLS'd
+          if self.user:
+            smtp.login(self.user, self.password)
 
       smtp.sendmail(self.mail, env_to, msg.as_string())
       smtp.quit()
diff --git a/pius b/pius
old mode 100755
new mode 100644
index de4ed67..be0eba8
--- a/pius
+++ b/pius
@@ -158,6 +158,10 @@ def main():
                          ' into the default keyring. Ignored if -r is not'
                          ' specified, or if it\'s the same as the default'
                          ' keyring.')
+  parser.add_option('-L', '--save-to-mail-dir', dest='local_mail_dir',
+                    metavar='FILE',
+                    help='Instead of calling SMTP, save'
+                         ' the email to this directory.')
   parser.add_option('-m', '--mail', dest='mail', metavar='EMAIL', nargs=1,
                     type='email',
                     help='Email the encrypted, signed keys to the'
@@ -238,7 +242,8 @@ def main():
         options.mail_no_pgp_mime,
         options.mail_override,
         options.mail_text,
-        options.tmp_dir
+        options.tmp_dir,
+        options.local_mail_dir
     )
   else:
     mailer = None