aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluis <luis>2007-07-29 01:36:39 +0000
committerluis <luis>2007-07-29 01:36:39 +0000
commit86097e37e2f645e794d3090f4b414174ebf255a7 (patch)
treeed2eaa82903d74fc072dbfcb8ec674e35375e312
parent5d15820bc7fb2c5650755baea955448a9b5eda24 (diff)
downloadfirma-86097e37e2f645e794d3090f4b414174ebf255a7.tar.gz
firma-86097e37e2f645e794d3090f4b414174ebf255a7.tar.bz2
EXIT_CODE was being unset right before the end of the script. Fixed.
Passphrase check for sequentially repeated characters wasn't working. Fixed. One occurrence of REQUIRE_SIGNATURE mistyped as REQUIRED_SIGNATURE. Fixed. Other small changes on code and comments.
-rwxr-xr-xfirma80
1 files changed, 46 insertions, 34 deletions
diff --git a/firma b/firma
index 9083d44..e2f2e1c 100755
--- a/firma
+++ b/firma
@@ -78,6 +78,7 @@ function DeclareGpgVars {
# depends on function(s): none
# returns: 0
#-------------------------------------------------------------
+
GPG_FLAGS="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-tty --batch --no-use-agent --no-permission-warning"
GPG_FLAGS_NO_BATCH="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-batch --no-use-agent --no-permission-warning"
GPG="$GPG_BINARY $GPG_FLAGS"
@@ -90,22 +91,31 @@ function DeclareGpgVars {
function CheckPassphrase {
#-------------------------------------------------------------
- # check if a passphrase is valid
+ # check if a passphrase is valid: is 25 characters long or more;
+ #+includes lower and upper case letters, numbers and at least 1
+ #+punctuation character; and no character is sequentially
+ #+repeated more than 4 times.
#
# parameter(s): none
# depends on function(s): none
- # returns: 0 if valid password, 1 if invalid
+ # returns: 0 if passphrase is valid,
+ # 1 if invalid
#-------------------------------------------------------------
+
+ local -i return_code=0
+
if [[ -z "$PASSPHRASE" || \
"$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \
- -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[:lower:]')" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[:upper:]')" || \
+ -z "$(echo "$PASSPHRASE" | tr -dc '[:digit:]')" || \
"$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "1" || \
- "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then
+ -n "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')"
+ ]]; then
return_code=1
- return $return_code
fi
+
+ return $return_code
}
@@ -122,17 +132,18 @@ function CheckFirmaConfigFile {
local -i return_code=0
if [[ ! -f "$GPG_BINARY" || ! -x "$GPG_BINARY" ]]; then
- LogMessage "FATAL: GPG binary ("$GPG_BINARY") could not be found. Quitting."
+ LogMessage "FATAL: GPG binary ($GPG_BINARY) could not be found. Quitting."
return_code=1
elif [[ ! -f "$MAIL_AGENT" || ! -x "$MAIL_AGENT" ]]; then
- LogMessage "FATAL: Mail transport agent binary ("$MAIL_AGENT") could not be found. Quitting."
+ LogMessage "FATAL: Mail transport agent binary ($MAIL_AGENT) could not be found. Quitting."
return_code=1
elif [[ ! -d "$LISTS_DIR" ]]; then
- LogMessage "FATAL: Lists directory ("$LISTS_DIR") could not be found. Quitting."
+ LogMessage "FATAL: Lists directory ($LISTS_DIR) could not be found. Quitting."
return_code=1
else
- if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" && "$($GPG_BINARY --version | head -n1 | tr -dc '[[:digit:]]')" -lt "140" ]]; then
+ if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" && "$($GPG_BINARY --version | head -n1 | tr -dc '[:digit:]')" -lt "140" ]]; then
+ # this warning will either be logged or printed to STDERR, so no indentation here
LogMessage "\
WARNING: GPG's \"--hidden-recipient\" option is only available from version 1.4.0 onwards.
WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'."
@@ -141,8 +152,9 @@ WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'."
if [[ "$LOG_TO_SYSLOG" == "1" ]]; then
if [[ ! -f "$LOGGER_BINARY" || ! -x "$LOGGER_BINARY" ]]; then
+ # this warning will either be logged or printed to STDERR, so no indentation here
LogMessage "\
-WARNING: logger binary ("$LOGGER_BINARY") could not be found.
+WARNING: logger binary ($LOGGER_BINARY) could not be found.
WARNING: Setting LOG_TO_SYSLOG to '0'."
LOG_TO_SYSLOG=0
fi
@@ -181,21 +193,22 @@ function CheckListConfigFile {
local valid_admins
if [[ ! -d "$LIST_HOMEDIR" || ! -f "$LIST_HOMEDIR/pubring.gpg" || ! -f "$LIST_HOMEDIR/secring.gpg" ]]; then
- LogMessage "FATAL: $LIST_NAME: GPG home directory ("$LIST_HOMEDIR") or the GPG keyrings could not be found. Quitting."
+ LogMessage "FATAL: $LIST_NAME: GPG home directory ($LIST_HOMEDIR) or the GPG keyrings could not be found. Quitting."
return_code=1
- elif [ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ] || ! CheckPassphrase; then
+ elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ]] || ! CheckPassphrase; then
LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting."
return_code=1
elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then
- LogMessage "FATAL: $LIST_NAME: Secret key for list "$LIST_ADDRESS" could not be found. Quitting."
+ LogMessage "FATAL: $LIST_NAME: Secret key for list \"$LIST_ADDRESS\" could not be found. Quitting."
return_code=1
else
for administrator in $LIST_ADMIN; do {
if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$administrator>" 2> /dev/null | grep -v '^tru:')" ]]; then
+ # this warning will either be logged or printed to STDERR, so no indentation here
LogMessage "\
-WARNING: $LIST_NAME: Public key for list administrator "$administrator" could not be found.
-WARNING: $LIST_NAME: Removing this address from LIST_ADMIN."
+WARNING: $LIST_NAME: Public key for list administrator \"$administrator\" could not be found.
+WARNING: $LIST_NAME: Removing this address from LIST_ADMIN for this run."
else
valid_admins="$valid_admins $administrator"
fi; }
@@ -615,7 +628,7 @@ function ReEncryptAndSendListMessage {
recipients="$(echo $SUBSCRIBERS_LIST)"
# check if message should be encrypted and sent to all subscribers at once
- if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == 1 ]]; then
+ if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" ]]; then
GPG_MESSAGE="$(
echo -e "${PASSPHRASE}\n${DECRYPTED_MESSAGE}" | \
@@ -846,7 +859,7 @@ function ProcessMessage {
else
# if bounce processing is enabled, continue
- if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != 1 ]]; then
+ if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then
GetSenderAddress
if [[ -n "$SENDER_ADDRESS" ]]; then
@@ -887,7 +900,7 @@ function NewList {
echo "Firma will ask you some questions to setup your list."
echo "Please don't use UTF-8 characters."
- read -rep " List keyring location: ("$LIST_PATH") " LIST_HOMEDIR
+ read -rep " List keyring location: ($LIST_PATH) " LIST_HOMEDIR
LIST_HOMEDIR=${LIST_HOMEDIR:-"$LIST_PATH"}
if [[ -d "$LIST_HOMEDIR" ]]; then
@@ -942,7 +955,7 @@ function NewList {
# list description, passphrase and key size
if [[ "$return_code" == "0" ]]; then
read -rep " List description (optional): " KEY_DESCRIPTION
- if [ ! -z "$KEY_DESCRIPTION" ]; then
+ if [[ ! -z "$KEY_DESCRIPTION" ]]; then
KEY_DESCRIPTION="Name-Real: $KEY_DESCRIPTION"
fi
while true; do
@@ -1027,7 +1040,7 @@ function NewList {
echo "Creating your config..."
touch $LIST_CONFIG_FILE
chmod 600 $LIST_CONFIG_FILE
- chown $FIRMA_USER.$FIRMA_GROUP $LIST_CONFIG_FILE
+ chown $FIRMA_USER:$FIRMA_GROUP $LIST_CONFIG_FILE
if [[ -f "$LIST_CONFIG_FILE" ]]; then
DeclareGpgVars
echo -e "LIST_HOMEDIR='$LIST_HOMEDIR'\nLIST_ADDRESS='$LIST_ADDRESS'\nLIST_ADMIN='$LIST_ADMIN'\nPASSPHRASE='$PASSPHRASE'" > $LIST_CONFIG_FILE
@@ -1105,7 +1118,7 @@ EOF
done
# fix permissions
- chown -R $FIRMA_USER.$FIRMA_GROUP $LIST_HOMEDIR
+ chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_HOMEDIR
echo "Your list was created. Now check its configuration at $LIST_CONFIG_FILE."
echo "To see a list of optional config parameters, type firma --help config."
@@ -1332,7 +1345,7 @@ function ChooseUid {
AdminLog "use: \"$1\" is not associated with any public key on this keyring."
return_code=1
# then check if there's more than one UID on this public key
- elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep ^uid | wc -l)" == 1 )); then
+ elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep ^uid | wc -l)" == "1" )); then
AdminLog "use: \"$1\" is part of the only UID on public key ${keyid:32}."
return_code=1
# and then check if there's only one public key associated with this address
@@ -1343,7 +1356,7 @@ function ChooseUid {
fi
# if all checks are OK, run the expect script bellow
- if (( $return_code == 0 )); then
+ if (( $return_code == "0" )); then
expect -nN -- << EOF
# no output to STDOUT
log_user 0
@@ -1434,7 +1447,7 @@ function CheckListPermissions {
local folder
local config
- # check and fix permissions on all files from $LIST_PATH to $FIRMA_USER.$FIRMA_GROUP
+ # check and fix permissions on all files from $LIST_PATH to $FIRMA_USER:$FIRMA_GROUP
if [[ -n "$1" ]]; then
folder="$(dirname $1)"
config="$(basename $1)"
@@ -1442,7 +1455,7 @@ function CheckListPermissions {
if ! CheckPermission $folder/$file; then
LogMessage "Fixing permission and ownership for $folder/$file"
chmod 600 $folder/$file
- chown $FIRMA_USER.$FIRMA_GROUP $folder/$file
+ chown $FIRMA_USER:$FIRMA_GROUP $folder/$file
fi
done
fi
@@ -1524,7 +1537,7 @@ function LogMessage {
local error_message="$*"
- if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
+ if [[ "$LOG_TO_SYSLOG" == "1" ]]; then
echo "$error_message" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME"
else
echo >&2 "$BASENAME: $error_message"
@@ -1748,7 +1761,7 @@ function FixListOwnership {
#-------------------------------------------------------------
if [[ -d "$LIST_PATH" ]]; then
- chown -R $FIRMA_USER.$FIRMA_GROUP $LIST_PATH
+ chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_PATH
fi
return $?
}
@@ -1870,7 +1883,7 @@ function AllowMessageProcessing {
fi
if [[ "$ENCRYPTED_TO_LIST" == "1" ]]; then
- if [[ "$REQUIRED_SIGNATURE" == "yes" ]]; then
+ if [[ "$REQUIRE_SIGNATURE" == "1" ]]; then
if [[ "$GOOD_SIGNATURE" == "1" && "$SIGNATURE_MADE_BY_SENDER" == "1" ]]; then
return_code=0
else
@@ -2227,7 +2240,7 @@ function ReplayProtectionFlush {
fi
else
touch $REPLAY_FILE
- chown $FIRMA_USER.$FIRMA_GROUP $REPLAY_FILE
+ chown $FIRMA_USER:$FIRMA_GROUP $REPLAY_FILE
chmod 600 $REPLAY_FILE
fi
fi
@@ -2254,7 +2267,7 @@ function ReplayProtectionCheck {
sha1="$(echo $GPG_MESSAGE | sha1sum | cut -d " " -f 1)"
if grep -q "^$sha1$" $REPLAY_FILE; then
touch $REPLAY_FILE.tmp
- chown $FIRMA_USER.$FIRMA_GROUP $REPLAY_FILE.tmp
+ chown $FIRMA_USER:$FIRMA_GROUP $REPLAY_FILE.tmp
chmod 600 $REPLAY_FILE.tmp
sed -e "/^$sha1$/d" $REPLAY_FILE > $REPLAY_FILE.tmp
mv -f $REPLAY_FILE.tmp $REPLAY_FILE
@@ -2287,7 +2300,6 @@ GLOBAL_VARS="
USE_GPG_HIDDEN_RECIPIENT_OPTION REMOVE_THESE_HEADERS_ON_ALL_LISTS SILENTLY_DISCARD_INVALID_MESSAGES
LIST_ADDRESS LIST_ADMIN LIST_HOMEDIR PASSPHRASE SUBJECT_PREFIX REMOVE_THESE_HEADERS REPLIES_SHOULD_GO_TO_LIST
FIRMA_CONFIG_FILE VERSION
- EXIT_CODE
KEY_DESCRIPTION LIST_NAME LIST_PATH LIST_CONFIG_FILE KEY_EXPIRATION KEY_SIZE
GPG_FLAGS GPG GPG_LIST_KEYS GPG_DECRYPT GPG_ENCRYPT
STDIN
@@ -2413,7 +2425,7 @@ case $# in
SourceFirmaConfig
# set SYSLOG_PRIORITY to the default value, if needed
- if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
+ if [[ "$LOG_TO_SYSLOG" == "1" ]]; then
SYSLOG_PRIORITY=${SYSLOG_PRIORITY:-"user.err"}
fi