diff options
author | luis <luis> | 2007-07-29 01:36:39 +0000 |
---|---|---|
committer | luis <luis> | 2007-07-29 01:36:39 +0000 |
commit | 86097e37e2f645e794d3090f4b414174ebf255a7 (patch) | |
tree | ed2eaa82903d74fc072dbfcb8ec674e35375e312 | |
parent | 5d15820bc7fb2c5650755baea955448a9b5eda24 (diff) | |
download | firma-86097e37e2f645e794d3090f4b414174ebf255a7.tar.gz firma-86097e37e2f645e794d3090f4b414174ebf255a7.tar.bz2 |
EXIT_CODE was being unset right before the end of the script. Fixed.
Passphrase check for sequentially repeated characters wasn't working. Fixed.
One occurrence of REQUIRE_SIGNATURE mistyped as REQUIRED_SIGNATURE. Fixed.
Other small changes on code and comments.
-rwxr-xr-x | firma | 80 |
1 files changed, 46 insertions, 34 deletions
@@ -78,6 +78,7 @@ function DeclareGpgVars { # depends on function(s): none # returns: 0 #------------------------------------------------------------- + GPG_FLAGS="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-tty --batch --no-use-agent --no-permission-warning" GPG_FLAGS_NO_BATCH="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-batch --no-use-agent --no-permission-warning" GPG="$GPG_BINARY $GPG_FLAGS" @@ -90,22 +91,31 @@ function DeclareGpgVars { function CheckPassphrase { #------------------------------------------------------------- - # check if a passphrase is valid + # check if a passphrase is valid: is 25 characters long or more; + #+includes lower and upper case letters, numbers and at least 1 + #+punctuation character; and no character is sequentially + #+repeated more than 4 times. # # parameter(s): none # depends on function(s): none - # returns: 0 if valid password, 1 if invalid + # returns: 0 if passphrase is valid, + # 1 if invalid #------------------------------------------------------------- + + local -i return_code=0 + if [[ -z "$PASSPHRASE" || \ "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[:lower:]')" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[:upper:]')" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[:digit:]')" || \ "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "1" || \ - "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then + -n "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" + ]]; then return_code=1 - return $return_code fi + + return $return_code } @@ -122,17 +132,18 @@ function CheckFirmaConfigFile { local -i return_code=0 if [[ ! -f "$GPG_BINARY" || ! -x "$GPG_BINARY" ]]; then - LogMessage "FATAL: GPG binary ("$GPG_BINARY") could not be found. Quitting." + LogMessage "FATAL: GPG binary ($GPG_BINARY) could not be found. Quitting." return_code=1 elif [[ ! -f "$MAIL_AGENT" || ! -x "$MAIL_AGENT" ]]; then - LogMessage "FATAL: Mail transport agent binary ("$MAIL_AGENT") could not be found. Quitting." + LogMessage "FATAL: Mail transport agent binary ($MAIL_AGENT) could not be found. Quitting." return_code=1 elif [[ ! -d "$LISTS_DIR" ]]; then - LogMessage "FATAL: Lists directory ("$LISTS_DIR") could not be found. Quitting." + LogMessage "FATAL: Lists directory ($LISTS_DIR) could not be found. Quitting." return_code=1 else - if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" && "$($GPG_BINARY --version | head -n1 | tr -dc '[[:digit:]]')" -lt "140" ]]; then + if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" && "$($GPG_BINARY --version | head -n1 | tr -dc '[:digit:]')" -lt "140" ]]; then + # this warning will either be logged or printed to STDERR, so no indentation here LogMessage "\ WARNING: GPG's \"--hidden-recipient\" option is only available from version 1.4.0 onwards. WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'." @@ -141,8 +152,9 @@ WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'." if [[ "$LOG_TO_SYSLOG" == "1" ]]; then if [[ ! -f "$LOGGER_BINARY" || ! -x "$LOGGER_BINARY" ]]; then + # this warning will either be logged or printed to STDERR, so no indentation here LogMessage "\ -WARNING: logger binary ("$LOGGER_BINARY") could not be found. +WARNING: logger binary ($LOGGER_BINARY) could not be found. WARNING: Setting LOG_TO_SYSLOG to '0'." LOG_TO_SYSLOG=0 fi @@ -181,21 +193,22 @@ function CheckListConfigFile { local valid_admins if [[ ! -d "$LIST_HOMEDIR" || ! -f "$LIST_HOMEDIR/pubring.gpg" || ! -f "$LIST_HOMEDIR/secring.gpg" ]]; then - LogMessage "FATAL: $LIST_NAME: GPG home directory ("$LIST_HOMEDIR") or the GPG keyrings could not be found. Quitting." + LogMessage "FATAL: $LIST_NAME: GPG home directory ($LIST_HOMEDIR) or the GPG keyrings could not be found. Quitting." return_code=1 - elif [ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ] || ! CheckPassphrase; then + elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ]] || ! CheckPassphrase; then LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting." return_code=1 elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then - LogMessage "FATAL: $LIST_NAME: Secret key for list "$LIST_ADDRESS" could not be found. Quitting." + LogMessage "FATAL: $LIST_NAME: Secret key for list \"$LIST_ADDRESS\" could not be found. Quitting." return_code=1 else for administrator in $LIST_ADMIN; do { if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$administrator>" 2> /dev/null | grep -v '^tru:')" ]]; then + # this warning will either be logged or printed to STDERR, so no indentation here LogMessage "\ -WARNING: $LIST_NAME: Public key for list administrator "$administrator" could not be found. -WARNING: $LIST_NAME: Removing this address from LIST_ADMIN." +WARNING: $LIST_NAME: Public key for list administrator \"$administrator\" could not be found. +WARNING: $LIST_NAME: Removing this address from LIST_ADMIN for this run." else valid_admins="$valid_admins $administrator" fi; } @@ -615,7 +628,7 @@ function ReEncryptAndSendListMessage { recipients="$(echo $SUBSCRIBERS_LIST)" # check if message should be encrypted and sent to all subscribers at once - if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == 1 ]]; then + if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" ]]; then GPG_MESSAGE="$( echo -e "${PASSPHRASE}\n${DECRYPTED_MESSAGE}" | \ @@ -846,7 +859,7 @@ function ProcessMessage { else # if bounce processing is enabled, continue - if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != 1 ]]; then + if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then GetSenderAddress if [[ -n "$SENDER_ADDRESS" ]]; then @@ -887,7 +900,7 @@ function NewList { echo "Firma will ask you some questions to setup your list." echo "Please don't use UTF-8 characters." - read -rep " List keyring location: ("$LIST_PATH") " LIST_HOMEDIR + read -rep " List keyring location: ($LIST_PATH) " LIST_HOMEDIR LIST_HOMEDIR=${LIST_HOMEDIR:-"$LIST_PATH"} if [[ -d "$LIST_HOMEDIR" ]]; then @@ -942,7 +955,7 @@ function NewList { # list description, passphrase and key size if [[ "$return_code" == "0" ]]; then read -rep " List description (optional): " KEY_DESCRIPTION - if [ ! -z "$KEY_DESCRIPTION" ]; then + if [[ ! -z "$KEY_DESCRIPTION" ]]; then KEY_DESCRIPTION="Name-Real: $KEY_DESCRIPTION" fi while true; do @@ -1027,7 +1040,7 @@ function NewList { echo "Creating your config..." touch $LIST_CONFIG_FILE chmod 600 $LIST_CONFIG_FILE - chown $FIRMA_USER.$FIRMA_GROUP $LIST_CONFIG_FILE + chown $FIRMA_USER:$FIRMA_GROUP $LIST_CONFIG_FILE if [[ -f "$LIST_CONFIG_FILE" ]]; then DeclareGpgVars echo -e "LIST_HOMEDIR='$LIST_HOMEDIR'\nLIST_ADDRESS='$LIST_ADDRESS'\nLIST_ADMIN='$LIST_ADMIN'\nPASSPHRASE='$PASSPHRASE'" > $LIST_CONFIG_FILE @@ -1105,7 +1118,7 @@ EOF done # fix permissions - chown -R $FIRMA_USER.$FIRMA_GROUP $LIST_HOMEDIR + chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_HOMEDIR echo "Your list was created. Now check its configuration at $LIST_CONFIG_FILE." echo "To see a list of optional config parameters, type firma --help config." @@ -1332,7 +1345,7 @@ function ChooseUid { AdminLog "use: \"$1\" is not associated with any public key on this keyring." return_code=1 # then check if there's more than one UID on this public key - elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep ^uid | wc -l)" == 1 )); then + elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep ^uid | wc -l)" == "1" )); then AdminLog "use: \"$1\" is part of the only UID on public key ${keyid:32}." return_code=1 # and then check if there's only one public key associated with this address @@ -1343,7 +1356,7 @@ function ChooseUid { fi # if all checks are OK, run the expect script bellow - if (( $return_code == 0 )); then + if (( $return_code == "0" )); then expect -nN -- << EOF # no output to STDOUT log_user 0 @@ -1434,7 +1447,7 @@ function CheckListPermissions { local folder local config - # check and fix permissions on all files from $LIST_PATH to $FIRMA_USER.$FIRMA_GROUP + # check and fix permissions on all files from $LIST_PATH to $FIRMA_USER:$FIRMA_GROUP if [[ -n "$1" ]]; then folder="$(dirname $1)" config="$(basename $1)" @@ -1442,7 +1455,7 @@ function CheckListPermissions { if ! CheckPermission $folder/$file; then LogMessage "Fixing permission and ownership for $folder/$file" chmod 600 $folder/$file - chown $FIRMA_USER.$FIRMA_GROUP $folder/$file + chown $FIRMA_USER:$FIRMA_GROUP $folder/$file fi done fi @@ -1524,7 +1537,7 @@ function LogMessage { local error_message="$*" - if [[ "$LOG_TO_SYSLOG" == 1 ]]; then + if [[ "$LOG_TO_SYSLOG" == "1" ]]; then echo "$error_message" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME" else echo >&2 "$BASENAME: $error_message" @@ -1748,7 +1761,7 @@ function FixListOwnership { #------------------------------------------------------------- if [[ -d "$LIST_PATH" ]]; then - chown -R $FIRMA_USER.$FIRMA_GROUP $LIST_PATH + chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_PATH fi return $? } @@ -1870,7 +1883,7 @@ function AllowMessageProcessing { fi if [[ "$ENCRYPTED_TO_LIST" == "1" ]]; then - if [[ "$REQUIRED_SIGNATURE" == "yes" ]]; then + if [[ "$REQUIRE_SIGNATURE" == "1" ]]; then if [[ "$GOOD_SIGNATURE" == "1" && "$SIGNATURE_MADE_BY_SENDER" == "1" ]]; then return_code=0 else @@ -2227,7 +2240,7 @@ function ReplayProtectionFlush { fi else touch $REPLAY_FILE - chown $FIRMA_USER.$FIRMA_GROUP $REPLAY_FILE + chown $FIRMA_USER:$FIRMA_GROUP $REPLAY_FILE chmod 600 $REPLAY_FILE fi fi @@ -2254,7 +2267,7 @@ function ReplayProtectionCheck { sha1="$(echo $GPG_MESSAGE | sha1sum | cut -d " " -f 1)" if grep -q "^$sha1$" $REPLAY_FILE; then touch $REPLAY_FILE.tmp - chown $FIRMA_USER.$FIRMA_GROUP $REPLAY_FILE.tmp + chown $FIRMA_USER:$FIRMA_GROUP $REPLAY_FILE.tmp chmod 600 $REPLAY_FILE.tmp sed -e "/^$sha1$/d" $REPLAY_FILE > $REPLAY_FILE.tmp mv -f $REPLAY_FILE.tmp $REPLAY_FILE @@ -2287,7 +2300,6 @@ GLOBAL_VARS=" USE_GPG_HIDDEN_RECIPIENT_OPTION REMOVE_THESE_HEADERS_ON_ALL_LISTS SILENTLY_DISCARD_INVALID_MESSAGES LIST_ADDRESS LIST_ADMIN LIST_HOMEDIR PASSPHRASE SUBJECT_PREFIX REMOVE_THESE_HEADERS REPLIES_SHOULD_GO_TO_LIST FIRMA_CONFIG_FILE VERSION - EXIT_CODE KEY_DESCRIPTION LIST_NAME LIST_PATH LIST_CONFIG_FILE KEY_EXPIRATION KEY_SIZE GPG_FLAGS GPG GPG_LIST_KEYS GPG_DECRYPT GPG_ENCRYPT STDIN @@ -2413,7 +2425,7 @@ case $# in SourceFirmaConfig # set SYSLOG_PRIORITY to the default value, if needed - if [[ "$LOG_TO_SYSLOG" == 1 ]]; then + if [[ "$LOG_TO_SYSLOG" == "1" ]]; then SYSLOG_PRIORITY=${SYSLOG_PRIORITY:-"user.err"} fi |