diff options
Diffstat (limited to 'misc/poc/firma-0.2.1')
-rwxr-xr-x | misc/poc/firma-0.2.1 | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/misc/poc/firma-0.2.1 b/misc/poc/firma-0.2.1 new file mode 100755 index 0000000..13ee6da --- /dev/null +++ b/misc/poc/firma-0.2.1 @@ -0,0 +1,133 @@ +#!/bin/bash +# +# firma v0.2.1: simple encrypted mailing list aliases +# feedback: rhatto@riseup.net luis@riseup.net | GPL +# +# list configuration is passed thru the config file, +# where you put PARAMETER=value (whithout spaces) +# +# MAIL= path for mail program +# GPG= path for gnupg binary +# TMP= where you want the temp files +# LISTNAME= list email +# LISTADMIN= list administrator email addresses (space separated) +# GPGDIR= gpg dir for the lists' keyring +# PASSWD= passwd for the lists' keyring + +# eval the config file +source $1 + +# declare GPG variables +GPGCOMMAND="$GPG --quiet --homedir $GPGDIR --batch --no-tty --no-use-agent --no-permission-warning" +GPGLIST="$GPGCOMMAND --list-keys --with-colons" +GPGDECRYPT="$GPGCOMMAND --passphrase-fd 0 --decrypt" +GPGENCRYPT="$GPGCOMMAND --passphrase-fd 0 --always-trust --encrypt --sign --armor --hidden-recipient" + +# check configuration file parameters +# todo: check if $TMP directory/files exist and if password is at least n characters long +if [ ! -x $GPG -o ! -f $GPG ]; then + echo -e "\n$1: GPG binary ($GPG) could not be found.\n" + exit +elif [ ! -x $MAIL -o ! -f $MAIL ]; then + echo -e "\n$1: Mail program ($MAIL) could not be found.\n" + exit +elif [ ! -d $GPGDIR -o ! -f $GPGDIR/pubring.gpg -o ! -f $GPGDIR/secring.gpg ]; then + echo -e "\n$1: GPG home directory ($GPGDIR) or the GPG keyrings could not be found.\n" + exit +elif [ -z $($GPGLIST | grep -o "<$LISTNAME>") ]; then + echo -e "\n$1: GPG key for list \"$LISTNAME\" could not be found." + echo -e "$1: Note that this parameter expects an email address.\n" + exit +else + for ADMIN in $LISTADMIN; do { + if [ -z $($GPGLIST | grep -o "<$ADMIN>") ]; then + echo -e "\n$1: GPG key for list administrator \"$ADMIN\" could not be found." + echo -e "$1: Note that this parameter expects one or more email addresses.\n" + exit + fi; } + done +fi + +# declare functions +# discard $GPGDECRYPT STDOUT and get its STDERR instead, for signature checking +function GPGSTDERR { + echo "$PASSWD" | ($GPGDECRYPT --status-fd 2 $TMP.gpg 1> /dev/null) 2>&1 ; +} + +# get list susbscriber addresses +function SUBSCRIBERS { + $GPGLIST | sed -n "/$LISTNAME/d;/pub/p" | grep -o "<.*>" | sed -e "s/[<>]//g" ; +} + +# create the temporary files and restrict their permissions +rm -f $TMP $TMP.gpg +touch $TMP; chmod 600 $TMP; +touch $TMP.gpg; chmod 600 $TMP.gpg; + +# todo: use an array +while read STDIN; do + echo $STDIN >> $TMP +done + +# get the message headers +# todo: find a better place for $FROMADD since its not part of the message headers +FROM=$(grep -m 1 "^From:" $TMP | cut -d : -f 2- | sed "s/^ //") +FROMADD=$(echo $FROM | if grep -q "<" ; then echo $FROM | grep -o "<.*>" | sed -e "s/[<>]//g" ; else echo $FROM ; fi) +DATE=$(grep -m 1 "^Date:" $TMP) +SUBJECT=$(grep -m 1 "^Subject:" $TMP | cut -d : -f 2- | sed "s/^ //") + +# get the encrypted message +sed -n "/-----BEGIN PGP MESSAGE-----/,/-----END PGP MESSAGE-----/p" $TMP >> $TMP.gpg + +# if signature is Good, encrypt and send it for each list subscriber +# todo: declare a function to decrypt, re-encrypt and send the list messages +if (GPGSTDERR | grep -q "GOODSIG") ; then + + for EMAIL in $(SUBSCRIBERS); do + + echo "$PASSWD + Message from: $FROM + Subject: $SUBJECT + $DATE + + $(GPGSTDERR | grep "gpg: Signature made") + $(GPGSTDERR | grep "gpg: Good signature from") + +$(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e "s/=20$//" | $GPGENCRYPT $EMAIL | $MAIL -r $LISTNAME $EMAIL + + done + +# else, if signature is BAD, email it back to sender and to list admins +elif (GPGSTDERR | grep -q "BADSIG") ; then + + echo "$PASSWD + Message from: $FROM + Subject: [BAD SIGNATURE] $SUBJECT + $DATE + + $(GPGSTDERR | grep "gpg: Signature made") + $(GPGSTDERR | grep "gpg: BAD signature from") + +$(echo "$PASSWD" | $GPGDECRYPT $TMP.gpg 2> /dev/null)" | sed -e "s/=20$//" | $GPGENCRYPT $LISTADMIN $FROMADD | $MAIL -r $LISTNAME $LISTADMIN $FROMADD + +# else, probably either the message was not signed or the sender is not subscribed to the list +# email the message back to sender including a note about this +# todo: parse STDERR to find out why the signature couldn't be checked and send more specific errors back to sender +else + + echo " + Message from: $FROM + Subject: [RETURNED MAIL] $SUBJECT + $DATE + + [ It was not possible to process this message. Either or both + the message was not encrypted and/or signed, or you are not + subscribed to this list. Contact the list administrator if + you have any questions. ] + + -- + firma v0.2.1" | $MAIL -r $LISTNAME $FROMADD + +fi + +rm -f $TMP $TMP.gpg |