added permission checking on configuration (both local and global) and keyring files

1 files changed, 112 insertions, 15 deletions

diff --git a/firma b/firma
index bfa05f9..c14f3f6 100755
--- a/firma
+++ b/firma
@@ -33,6 +33,14 @@
 #
 # And it may contain the following optional parameters:
 #
+# USER= user that runs firma (usually the same as your MTA user);
+#       defaults to "nobody"; you can also specify this parameter
+#       in each mailing list config file if you plan to have one
+#       user per mailing list
+# GROUP= group that runs firma (usually the same as your MTA group);
+#        defaults to "nogroup"; you can also specify this parameter
+#        in each mailing list config file if you plan to have one
+#        group per mailing list
 # LOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma
 #                will print errors to STDERR
 # LOGGER_BINARY= if logging to syslog, set the path to logger's binary
@@ -175,6 +183,14 @@ WARNING: Setting LOG_TO_SYSLOG to '0'."
     fi
   fi
 
+  if [ -z "$USER" ]; then
+    USER="nobody"
+  fi
+
+  if [ -z "$GROUP" ]; then
+    GROUP="nobody"
+  fi
+
   return $return_code
 }
 
@@ -838,28 +854,28 @@ function NewList {
 
     echo "Creating folder $LIST_PATH..."
     if mkdir "$LIST_PATH"; then # || (echo "$(basename $0): error creating $LIST_PATH: installation aborted"; exit 1)
-      echo "creating list config file and will ask some questions."
+      echo "Creating list config file and will ask some questions."
 
     read -rep "  List keyring location: ("$LIST_PATH") " LIST_HOMEDIR
     LIST_HOMEDIR=${LIST_HOMEDIR:-"$LIST_PATH"}
 
-    # NAO USAR UTF-8 (VER DETAILS)
+    # Dont use UTF-8 (look at DETAILS)
     read -rep "  List email address: " LIST_ADDRESS
     read -rep "  List administrator(s) email address(es) (space delimited): " LIST_ADMIN
     read -rep "  List description (optional): " DESCRIPTION
     read -resp "  Passphrase to protect the list's secret key: " PASSPHRASE
 
-    # todo: key specs (size, expiry date...)
+    # TODO: key specs (size, expiry date...)
 
-    echo "creating your config..."
+    echo "Creating your config..."
     touch $LIST_CONFIG_FILE
-    chown root.root $LIST_CONFIG_FILE
     chmod 600 $LIST_CONFIG_FILE
+    chown $USER.$GROUP $LIST_CONFIG_FILE
     if [ -f "$LIST_CONFIG_FILE" ]; then
       DeclareGpgVars
       # removed: MAIL_AGENT=$MAIL_AGENT\nGPG_BINARY=$GPG_BINARY\n
-      echo -e "LIST_HOMEDIR=$LIST_HOMEDIR\nLIST_ADDRESS=$LIST_ADDRESS\nLIST_ADMIN=$LIST_ADMIN\nPASSPHRASE=$PASSPHRASE" > $LIST_CONFIG_FILE
-      echo "now generating your keyring..."
+      echo -e "LIST_HOMEDIR=\'$LIST_HOMEDIR\'\nLIST_ADDRESS=\'$LIST_ADDRESS\'\nLIST_ADMIN=\'$LIST_ADMIN\'\nPASSPHRASE=\'$PASSPHRASE\'" > $LIST_CONFIG_FILE
+      echo "Now generating your keyring..."
 
       $GPG --gen-key <<EOF
 
@@ -877,6 +893,8 @@ function NewList {
 
 EOF
 
+      chown -R $USER.$GROUP $LIST_HOMEDIR
+
     else
       echo "$(basename $0): cannot create $LIST_PATH: Installation aborted"
       return_code=1
@@ -888,7 +906,7 @@ EOF
     return_code=1
   fi
 
-  return return_code
+  return $return_code
 }
 
 
@@ -1040,6 +1058,68 @@ EOF
   return $return_code
 }
 
+
+function CheckPermission {
+  #-------------------------------------------------------------
+  # check if file has correct permissions (600) and also
+  # + if the file is owned by $USER
+  # +got the idea for this function from backupninja
+  #
+  # parameter(s): file name
+  # depends on function(s): none
+  # returns: 0 if file has correct permissions
+  #          1 if not, and also print a warning message
+  #-------------------------------------------------------------
+
+  local file="$1"
+  local perms="`ls -ld $file`"
+  perms=${perms:4:6}
+  if [ "$perms" != "------" ]; then
+    ERROR_MESSAGE="WARNING: Configuration files must not be group or world writable/readable! Dying on file $file"
+    echo $ERROR_MESSAGE
+    if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
+      echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME"
+    fi
+    return 1
+  fi
+
+  if [ `ls -ld $file | awk '{print $3}'` != "$USER" ]; then
+    echo "WARNING: Configuration files must be owned by $USER! Dying on file $file"
+  fi
+
+  return 0
+}
+
+
+function CheckListPermissions {
+  #-------------------------------------------------------------
+  # check if list files has correct permissions (600) and also
+  # + if the files are owned by $USER
+  #
+  # parameter(s): list config file
+  # depends on function(s): CheckPermission
+  # returns: 0 if file has correct permissions
+  #          1 if not, and also print a warning message
+  #-------------------------------------------------------------
+
+  local file
+  local folder
+  local config
+
+  # check and fix permissions on all files from $LIST_PATH to $USER.$GROUP
+  if [ ! -z "$1" ]; then
+    folder="`basedir $1`"
+    config="`basename $1`"
+    for file in $config pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg; do
+      if CheckPermission $folder/$file; then
+        echo "Fixing permission and ownership for $folder/$file"
+        chmod 600 $folder/$file
+        chown $USER.$GROUP $folder/$file
+      fi
+    done
+  fi
+}
+
 #-------------------------------------------------------------
 # main()
 #-------------------------------------------------------------
@@ -1072,7 +1152,10 @@ GLOBAL_VARS="
   MESSAGE_HEADERS MESSAGE_BODY
   MESSAGE
   FUNCTION FUNCTIONS
-  GLOBAL_VARS VAR"
+  GLOBAL_VARS VAR
+  USER
+  GROUP
+  BASENAME"
 
 FUNCTIONS="
   Usage
@@ -1096,7 +1179,9 @@ FUNCTIONS="
   ProcessMessage
   NewList
   ListAdministration
-  ChooseUid"
+  ChooseUid
+  CheckPermission
+  CheckListPermissions"
 
 for VAR in $GLOBAL_VARS; do
   declare $VAR
@@ -1105,6 +1190,9 @@ done
 # set initial exit code
 EXIT_CODE=0
 
+# set program name
+BASENAME="`basename $0`"
+
 # command line parsing:
 # first check number of arguments, then check what was entered
 # start main case
@@ -1140,8 +1228,11 @@ case $# in
     esac
     ;;
   2)
+    # if firma.conf exists but has wrong permissions or ownership
+    if [ -f "$FIRMA_CONFIG_FILE" ] && ! CheckPermission $FIRMA_CONFIG_FILE; then
+      EXIT_CODE="1"
     # if firma.conf exists
-    if [ -f "$FIRMA_CONFIG_FILE" ]; then
+    elif [ -f "$FIRMA_CONFIG_FILE" ]; then
 
       # evaluate its parameters
       shopt -u sourcepath && source "$FIRMA_CONFIG_FILE"
@@ -1166,11 +1257,17 @@ case $# in
           # options that depend on the list configuration file
           -a|--admin-task|-p|--process-message)
 
-            # if the configuration file exists, disable bash's
-            #+sourcepath and evaluate list parameters
-            if [[ -f "$LIST_CONFIG_FILE" ]]; then
+            # if config file exists but has wrong permissions or ownership
+            if [[ -f "$LIST_CONFIG_FILE" ]] && ! CheckPermission $LIST_CONFIG_FILE; then
+              EXIT_CODE="1"
+            elif [[ -f "$LIST_CONFIG_FILE" ]]; then
+
+              # if the configuration file exists, disable bash's
+              #+sourcepath and evaluate list parameters
               shopt -u sourcepath && source "$LIST_CONFIG_FILE"
 
+              CheckListPermissions $LIST_CONFIG_FILE
+
               # get gpg parameters
               DeclareGpgVars
 
@@ -1256,7 +1353,7 @@ esac
 # print/log error message, if any
 if [[ -n "$ERROR_MESSAGE" ]]; then
   if [[ "$LOG_TO_SYSLOG" == 1 ]]; then
-    echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$(basename $0)"
+    echo "$ERROR_MESSAGE" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME"
   else
     echo >&2 "$(basename $0): $ERROR_MESSAGE"
   fi