From d8079a6919ee523a3fd03b83275ec1b10553bfd5 Mon Sep 17 00:00:00 2001 From: rhatto Date: Wed, 11 Jul 2007 14:26:20 +0000 Subject: Small changes: 1 - Passphrase validation. 2 - NewList function doesn't show stdin key import option anymore, as this feature just works in the interactive mode. 3 - RandomString now generate also punct. chars. --- firma | 51 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/firma b/firma index 41b9695..69569e7 100755 --- a/firma +++ b/firma @@ -88,6 +88,28 @@ function DeclareGpgVars { } +function CheckPassphrase { + #------------------------------------------------------------- + # check if a passphrase is valid + # + # parameter(s): none + # depends on function(s): none + # returns: 0 if valid password, 1 if invalid + #------------------------------------------------------------- + if [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" || \ + -z "$PASSPHRASE" || \ + "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \ + -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \ + "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "1" || \ + "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then + return_code=1 + return $return_code + fi +} + + function CheckFirmaConfigFile { #------------------------------------------------------------- # check firma.conf parameters @@ -162,14 +184,7 @@ function CheckListConfigFile { if [[ ! -d "$LIST_HOMEDIR" || ! -f "$LIST_HOMEDIR/pubring.gpg" || ! -f "$LIST_HOMEDIR/secring.gpg" ]]; then LogMessage "FATAL: $LIST_NAME: GPG home directory ("$LIST_HOMEDIR") or the GPG keyrings could not be found. Quitting." return_code=1 - elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" || \ - -z "$PASSPHRASE" || \ - "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:lower:]]')" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:upper:]]')" || \ - -z "$(echo "$PASSPHRASE" | tr -dc '[[:digit:]]')" || \ - "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "5" || \ - "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" ]]; then + elif ! CheckPassphrase; then LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting." return_code=1 elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then @@ -927,13 +942,15 @@ function NewList { answer="$(echo $answer | tr '[:lower:]' '[:upper:]')" if [[ -z "$answer" || "$answer" == "Y" || "$answer" == "YES" ]]; then PASSPHRASE="$(RandomString 62)" + while ! CheckPassphrase; do + PASSPHRASE="$(RandomString 62)" + done break elif [[ "$answer" == "N" || "$answer" == "NO" ]]; then read -resp " Passphrase to protect the list's secret key (you'll type it once): " PASSPHRASE - if [[ -z "$PASSPHRASE" ]]; then - echo "You choosed an empty passphrase. Then firma will choose one for you." - PASSPHRASE="$(RandomString 62)" - fi + while ! CheckPassphrase; do + read -resp " Passphrase doesn't fit all the requirements, please choose another: " PASSPHRASE + done break else echo " Please answer either yes or no." @@ -1026,8 +1043,7 @@ EOF echo " Please choose a key import method:" echo " 1 - Fetch the keys from a keyserver" - echo " 2 - Read keys from stdin" - echo " 3 - Key material stored in a file" + echo " 2 - Key material stored in a file" while true; do read -rep " Please enter your choice: " answer @@ -1036,13 +1052,10 @@ EOF method="keyserver $answer" break elif [[ "$answer" == "2" ]]; then - method="stdin" - break - elif [[ "$answer" == "3" ]]; then method="file" break else - echo " Invalid answer. Choose either 1, 2 or 3." + echo " Invalid answer. Choose either 1 or 2." fi done @@ -1745,7 +1758,7 @@ function RandomString { # 1 if string size is greater than 62 #------------------------------------------------------------- - local n alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" + local n alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.,;:?!" if [[ -z "$1" ]]; then n=6 -- cgit v1.2.3