From 78ff04a0c74420e2ee5b87ce18cbb8689aaf232e Mon Sep 17 00:00:00 2001 From: luis Date: Tue, 31 Jul 2007 05:26:47 +0000 Subject: - Better list config file checking. - Slightly better firma config file checking. - Better logging/printing routine. --- firma | 134 +++++++++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 92 insertions(+), 42 deletions(-) (limited to 'firma') diff --git a/firma b/firma index 5fcc382..8e38bab 100755 --- a/firma +++ b/firma @@ -140,10 +140,11 @@ function CheckFirmaConfigFile { elif [[ ! -d "$LISTS_DIR" ]]; then LogMessage "FATAL: Lists directory ($LISTS_DIR) could not be found. Quitting." return_code=1 + + # optional parameters else if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" && "$($GPG_BINARY --version | head -n1 | tr -dc '[:digit:]')" -lt "140" ]]; then - # this warning will either be logged or printed to STDERR, so no indentation here LogMessage "\ WARNING: GPG's \"--hidden-recipient\" option is only available from version 1.4.0 onwards. WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'." @@ -152,7 +153,6 @@ WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0'." if [[ "$LOG_TO_SYSLOG" == "1" ]]; then if [[ ! -f "$LOGGER_BINARY" || ! -x "$LOGGER_BINARY" ]]; then - # this warning will either be logged or printed to STDERR, so no indentation here LogMessage "\ WARNING: logger binary ($LOGGER_BINARY) could not be found. WARNING: Setting LOG_TO_SYSLOG to '0'." @@ -160,15 +160,15 @@ WARNING: Setting LOG_TO_SYSLOG to '0'." fi fi - if [[ -z "$FIRMA_USER" ]]; then + if [[ -z "$(echo "$FIRMA_USER" | tr -d '[:space:]')" ]]; then FIRMA_USER="nobody" fi - if [[ -z "$FIRMA_GROUP" ]]; then + if [[ -z "$(echo "$FIRMA_GROUP" | tr -d '[:space:]')" ]]; then FIRMA_GROUP="nobody" fi - if [[ -z "$KEYSERVER" ]]; then + if [[ -z "$(echo "$KEYSERVER" | tr -d '[:space:]')" ]]; then KEYSERVER="keyserver.noreply.org" fi @@ -192,48 +192,112 @@ function CheckListConfigFile { local administrator local valid_admins + # check LIST_HOMEDIR value if [[ ! -d "$LIST_HOMEDIR" || ! -f "$LIST_HOMEDIR/pubring.gpg" || ! -f "$LIST_HOMEDIR/secring.gpg" ]]; then LogMessage "FATAL: $LIST_NAME: GPG home directory ($LIST_HOMEDIR) or the GPG keyrings could not be found. Quitting." return_code=1 + + # check PASSPHRASE value elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ]] || ! CheckPassphrase; then LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting." return_code=1 + + # check if the list private key is present elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then - LogMessage "FATAL: $LIST_NAME: Secret key for list \"$LIST_ADDRESS\" could not be found. Quitting." + LogMessage "FATAL: $LIST_NAME: List's secret key could not be found. Quitting." return_code=1 + + # optional parameters else - for administrator in $LIST_ADMIN; do { - if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$administrator>" 2> /dev/null | grep -v '^tru:')" ]]; then - # this warning will either be logged or printed to STDERR, so no indentation here - LogMessage "\ + # check if the list has an administrator (or more than one) + if [[ -z "$LIST_ADMIN" ]]; then + LogMessage "WARNING: $LIST_NAME: List has no administrators." + else + + # check if the public key(s) of the list administrator(s) is(are) present + valid_admins="" + for administrator in $LIST_ADMIN; do + + if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$administrator>" 2> /dev/null | grep -v '^tru:')" ]]; then + LogMessage "\ WARNING: $LIST_NAME: Public key for list administrator \"$administrator\" could not be found. WARNING: $LIST_NAME: Removing this address from LIST_ADMIN for this run." - else - valid_admins="$valid_admins $administrator" - fi; } - done - LIST_ADMIN="$valid_admins" + else + valid_admins="$valid_admins $administrator" + fi + + done + LIST_ADMIN="$valid_admins" + + if [[ -z "$LIST_ADMIN" ]]; then + LogMessage "WARNING: $LIST_NAME: List has no valid administrators." + fi - if [[ "$REQUIRE_SIGNATURE" != "0" ]]; then - REQUIRE_SIGNATURE="1" fi - if [[ -z "$LIST_REQUEST_ADDRESS" ]]; then + # check if LIST_REQUEST_ADDRESS has already been set + if [[ -z "$(echo "$LIST_REQUEST_ADDRESS" | tr -d '[:space:]')" ]]; then LIST_REQUEST_ADDRESS="$(echo $LIST_ADDRESS | cut -d @ -f 1)-request@$(echo $LIST_ADDRESS | cut -d @ -f 2)" fi - if [[ "$REPLAY_PROTECTION" == "1" ]]; then - REPLAY_COUNT="$(( 10#$(echo "$REPLAY_COUNT" | tr -dc '[:digit:]') ))" - if [[ "$REPLAY_COUNT" == "0" ]]; then + # check REQUIRE_SIGNATURE value + if [[ -n "$REQUIRE_SIGNATURE" && "$REQUIRE_SIGNATURE" != "0" && "$REQUIRE_SIGNATURE" != "1" ]]; then + + LogMessage "\ +WARNING: $LIST_NAME: REQUIRE_SIGNATURE should be set either to '0' or '1'. +WARNING: $LIST_NAME: Setting REQUIRE_SIGNATURE to '1'." + REQUIRE_SIGNATURE="1" + + elif [[ -z "$REQUIRE_SIGNATURE" ]]; then + REQUIRE_SIGNATURE="1" + fi + + # check REPLAY_PROTECTION, REPLAY_COUNT and REPLAY_FILE values + if [[ -n "$REPLAY_PROTECTION" && "$REPLAY_PROTECTION" != "0" && "$REPLAY_PROTECTION" != "1" ]]; then + + LogMessage "\ +WARNING: $LIST_NAME: REPLAY_PROTECTION should be set either to '0' or '1'. +WARNING: $LIST_NAME: Setting REPLAY_PROTECTION to '0'." + REPLAY_PROTECTION="0" + + elif [[ -z "$REPLAY_PROTECTION" ]]; then + REPLAY_PROTECTION="0" + elif [[ "$REPLAY_PROTECTION" == "1" ]]; then + + if [[ -n "$(echo "$REPLAY_COUNT" | tr -d '[:digit:]')" ]]; then + + LogMessage "\ +WARNING: $LIST_NAME: REPLAY_COUNT should contain just digits. +WARNING: $LIST_NAME: Setting REPLAY_COUNT to '150'." REPLAY_COUNT="150" + + else # REPLAY_COUNT is either empty/equals '0' (defaults to '150') or contains a valid value + + REPLAY_COUNT="$(( 10#$(echo "$REPLAY_COUNT" | tr -dc '[:digit:]') ))" + if [[ "$REPLAY_COUNT" -eq "0" ]]; then + REPLAY_COUNT="150" + fi + fi + if [[ -z "$REPLAY_FILE" ]]; then REPLAY_FILE="$REPLAY_DEFAULT_FILE" fi + fi - SetDeliveryRandomization + # check DELIVERY_RANDOMIZATION value + if [[ -n "$DELIVERY_RANDOMIZATION" && -n "$(echo "$DELIVERY_RANDOMIZATION" | tr -d '[:digit:]')" ]]; then + + LogMessage "\ +WARNING: $LIST_NAME: DELIVERY_RANDOMIZATION should contain just digits. +WARNING: $LIST_NAME: Setting DELIVERY_RANDOMIZATION to '0'." + DELIVERY_RANDOMIZATION="0" + + else # DELIVERY_RANDOMIZATION is either empty (defaults to '0') or contains a valid value + DELIVERY_RANDOMIZATION="$(( 10#$(echo $DELIVERY_RANDOMIZATION | tr -dc '[:digit:]') ))" + fi fi @@ -1538,11 +1602,16 @@ function LogMessage { #------------------------------------------------------------- local error_message="$*" + local line if [[ "$LOG_TO_SYSLOG" == "1" ]]; then echo "$error_message" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME" else - echo >&2 "$BASENAME: $error_message" + + echo "$error_message" | while read line; do + echo >&2 "$BASENAME: $line" + done + fi return 0 @@ -2188,24 +2257,6 @@ function ConfigHelp { } -function SetDeliveryRandomization { - #------------------------------------------------------------- - # setup delivery randomization - # - # parameter(s): none - # depends on function(s): none - # returns: 0 - #------------------------------------------------------------- - - if [[ "$DELIVERY_RANDOMIZATION" != "0" && -n "$DELIVERY_RANDOMIZATION" ]]; then - # remove non-digits - DELIVERY_RANDOMIZATION="$(( 10#$(echo $DELIVERY_RANDOMIZATION | tr -dc '[:digit:]') ))" - else - DELIVERY_RANDOMIZATION="0" - fi -} - - function DeliveryRandomization { #------------------------------------------------------------- # sleep according $DELIVERY_RANDOMIZATION @@ -2369,7 +2420,6 @@ FUNCTIONS=" SourceListConfig ConfigHelp AdminHelp - SetDeliveryRandomization DeliveryRandomization" for VAR in $GLOBAL_VARS; do -- cgit v1.2.3