From cafd85b13d6a1a12b8034e90867a14963eef8c94 Mon Sep 17 00:00:00 2001 From: rhatto Date: Wed, 11 Oct 2006 15:32:09 +0000 Subject: ProcessMessage and EmailAdminTask updated --- firma | 115 ++++++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 62 insertions(+), 53 deletions(-) (limited to 'firma') diff --git a/firma b/firma index 90bf9d4..ea097f4 100755 --- a/firma +++ b/firma @@ -339,11 +339,12 @@ function ParseGpgDecryptStderr { # parse $GPG_DECRYPT STDERR for signature checking # # parameter(s): none - # depends on function(s): DeclareGpgVars, GetGpgMessage + # depends on function(s): DeclareGpgVars, GetGpgMessage, GetSenderAddress # returns: 0 #------------------------------------------------------------- local gpg_decrypt_stderr + local sender_address # get GPG_DECRYPT STDERR, discarding its STDOUT gpg_decrypt_stderr="$( @@ -369,6 +370,18 @@ function ParseGpgDecryptStderr { then GOOD_SIGNATURE=1 + if [ ! -z "$SENDER_ADDRESS" ]; then + GetSenderAddress + fi + + sender_address="`echo "$gpg_decrypt_stderr" | grep '^\[GNUPG:] GOODSIG' | awk '{ print $4 }'`" + + if [ "$sender_address" == "$SENDER_ADDRESS" ]; then + SIGNATURE_MADE_BY_SENDER="1" + else + SIGNATURE_MADE_BY_SENDER="0" + fi + # else, check if the signature is invalid (BAD signature) elif echo "$gpg_decrypt_stderr" | \ @@ -760,18 +773,23 @@ function ProcessMessage { # if the message was encrypted with the list's public key and if the #+message signature is valid, send message to list subscribers - if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 ]]; then + if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 && $SIGNATURE_MADE_BY_SENDER == 1 ]]; then # check if the list has valid subscribers - if GetSubscribersList; then - GetMessageHeadersAndBody - EditListMessageHeaders - DecryptGpgMessage - ReEncryptAndSendListMessage + if [ "$MODE" == "list-message" ]; then + if GetSubscribersList; then - else - return_code=1 + GetMessageHeadersAndBody + EditListMessageHeaders + DecryptGpgMessage + ReEncryptAndSendListMessage + + else + return_code=1 + fi + elif [ "$MODE" == "admin-non-interactive" ]; then + EmailAdminTask fi # else, if the message was correctly encrypted but its signature is invalid, @@ -817,6 +835,15 @@ function ProcessMessage { not signed. Contact the list administrator if you have any questions." ComposeAndSendBounceMessage + + elif [[ SIGNATURE_MADE_BY_SENDER != 1 ]]; then + + # this is the body of the message to be sent, so no indentation here + MESSAGE_BODY="\ + It was not possible to process this message. Message was + not sent by the person who signed it." + ComposeAndSendBounceMessage + fi # else, message wasn't encrypted with the list's public key @@ -1119,8 +1146,6 @@ function ListAdministration { local -i return_code=0 local subscribers - ADMIN_MODE="interactive" - case $# in 1) case $1 in @@ -1493,7 +1518,7 @@ function SubscribeUsers { " elif [ "$1" == "stdin" ]; then echo "Please enter the key material here, finninshing with Ctrl-D sequence..." - $GPG --import + $GPG_NOBATCH --import elif [ "$1" == "file" ]; then if [ ! -z "$2" ]; then if [ -f "$2" ]; then @@ -1737,7 +1762,7 @@ function AdminLog { # returns: 0 #------------------------------------------------------------- - if [ "$ADMIN_MODE" == "interactive" ]; then + if [ "$MODE" == "admin-interactive" ]; then echo >&2 "$*" else ADMIN_MESSAGE="$ADMIN_MESSAGE $*" @@ -1750,54 +1775,34 @@ function EmailAdminTask { # parse and execute admin tasks via email # # parameter(s): none - # depends on function(s): GetMessage, GetGpgMessage, GetSubscribersList, - # GetSenderAddress + # depends on function(s): ProcessMessage should be called first # returns: 0 on success :) # 1 on failure :/ #------------------------------------------------------------- - # TODO: - process message - # - check whether message is properly encrypted - # and signed by a list admin - # - parse commands + # TODO: - parse commands # - call admin functions local -i return_code=0 local sender found - ADMIN_MODE="non-interactive" - - #TODO: else cases - # try to read message from STDIN - if GetMessage; then - - # check if the message was encrypted - if GetGpgMessage; then - - # if it was, parse gpg decrypt STDERR to decide what to do next - ParseGpgDecryptStderr - - # if the message was encrypted with the list's public key and - #+if the message signature is valid - if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 ]]; then - GetSenderAddress - found=0 - for sender in $LIST_ADMIN; do - if [ "$sender" == "$SENDER_ADDRESS" ]; then - found=1 - break - fi - done - # TODO: check if the signature was made with the sender address pubkey - if [ "$found" == "1" ]; then - # message was sent by an admin - true - else - # message was sent by a normal subscriber - false - fi - fi + found=0 + for sender in $LIST_ADMIN; do + if [ "$sender" == "$SENDER_ADDRESS" ]; then + found=1 + break fi + done + if [ "$found" == "1" ]; then + # message was sent by an admin + true # parse and process admin tasks + else + # message was sent by a normal subscriber + # this is the body of the message to be sent, so no indentation here + MESSAGE_BODY="\ + It was not possible to process this message. Message was + not sent by a list administrator." + ComposeAndSendBounceMessage fi return $return_code @@ -1842,8 +1847,9 @@ GLOBAL_VARS=" FIRMA_USER FIRMA_GROUP KEYSERVER - ADMIN_MODE - ADMIN_MESSAGE" + MODE + ADMIN_MESSAGE + SIGNATURE_MADE_BY_SENDER" FUNCTIONS=" Usage @@ -1970,6 +1976,7 @@ case $# in case $1 in -a|--admin-task) + MODE="admin-interactive" # while a quit command isn't entered (returns 2), read STDIN while (( $EXIT_CODE != 3 )) && read -rep "Command> " STDIN; do # if line is not empty or commented, process command @@ -1984,10 +1991,12 @@ case $# in ;; -p|--process-message) + MODE="list-message" ProcessMessage EXIT_CODE=$? ;; -e|--email-admin-task) + MODE="admin-non-interactive" EmailAdminTask EXIT_CODE=$? ;; -- cgit v1.2.3