1 | #!/bin/bash |
---|
2 | # |
---|
3 | # firma: GnuPG-based encrypted mailing list manager |
---|
4 | # Feedback: firma@sarava.org |
---|
5 | # |
---|
6 | # Firma is free software; you can redistribute it and/or modify it under the |
---|
7 | # terms of the GNU General Public License as published by the Free Software |
---|
8 | # Foundation; either version 2 of the License, or (at your option) any later |
---|
9 | # version. |
---|
10 | # |
---|
11 | # Firma is distributed in the hope that it will be useful, but WITHOUT ANY |
---|
12 | # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR |
---|
13 | # A PARTICULAR PURPOSE. See the GNU General Public License for more details. |
---|
14 | # |
---|
15 | # You should have received a copy of the GNU General Public License along with |
---|
16 | # this program; if not, write to the Free Software Foundation, Inc., 59 Temple |
---|
17 | # Place - Suite 330, Boston, MA 02111-1307, USA |
---|
18 | # |
---|
19 | |
---|
20 | function Usage { |
---|
21 | #------------------------------------------------------------- |
---|
22 | # display help |
---|
23 | # |
---|
24 | # parameter(s): none |
---|
25 | # depends on function(s): none |
---|
26 | # returns: 0 |
---|
27 | #------------------------------------------------------------- |
---|
28 | |
---|
29 | # this will be printed to STDOUT, so no indentation here |
---|
30 | echo "\ |
---|
31 | Usage: $BASENAME OPTION [LIST-NAME] |
---|
32 | GnuPG-based encrypted mailing list manager. |
---|
33 | |
---|
34 | -a, --admin-task LIST-NAME process administrative tasks on list |
---|
35 | -c, --create-newlist LIST-NAME create a new mailing list |
---|
36 | -e, --email-admin-task LIST-NAME process administrative tasks via email |
---|
37 | -h, --help display help and exit |
---|
38 | -p, --process-message LIST-NAME process a message sent to list |
---|
39 | -v, --version output version information and exit |
---|
40 | |
---|
41 | If option -a is given, read standard input for tasks to be performed. |
---|
42 | Tasks can be one or more of the following: |
---|
43 | $(AdminHelp) |
---|
44 | |
---|
45 | For help with admin and config paramaters, type $BASENAME --help task-name |
---|
46 | |
---|
47 | Report bugs to <firma@firma.sarava.org>, encrypting your message using the |
---|
48 | public key 3DF104314023E18358EFDD270D51B4E79E693CF7, available at keys.indymedia.org." |
---|
49 | } |
---|
50 | |
---|
51 | |
---|
52 | function Version { |
---|
53 | #------------------------------------------------------------- |
---|
54 | # display version information |
---|
55 | # |
---|
56 | # parameter(s): none |
---|
57 | # depends on function(s): none |
---|
58 | # returns: 0 |
---|
59 | #------------------------------------------------------------- |
---|
60 | |
---|
61 | # this will be printed to STDOUT, so no indentation here |
---|
62 | echo "\ |
---|
63 | firma $VERSION |
---|
64 | |
---|
65 | Copyright (C) 2005-2007 A Firma |
---|
66 | This program comes with ABSOLUTELY NO WARRANTY. |
---|
67 | This is free software, and you are welcome to redistribute it |
---|
68 | under certain conditions. See the GNU General Public License |
---|
69 | for more details." |
---|
70 | } |
---|
71 | |
---|
72 | |
---|
73 | function DeclareGpgVars { |
---|
74 | #------------------------------------------------------------- |
---|
75 | # declare gpg-related global variables |
---|
76 | # |
---|
77 | # parameter(s): none |
---|
78 | # depends on function(s): none |
---|
79 | # returns: 0 |
---|
80 | #------------------------------------------------------------- |
---|
81 | |
---|
82 | GPG_FLAGS="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-tty --batch --no-use-agent --no-permission-warning" |
---|
83 | GPG_FLAGS_NO_BATCH="--no-options --no-default-keyring --homedir $LIST_HOMEDIR --quiet --no-batch --no-use-agent --no-permission-warning" |
---|
84 | GPG="$GPG_BINARY $GPG_FLAGS" |
---|
85 | GPG_NOBATCH="$GPG_BINARY $GPG_FLAGS_NO_BATCH" |
---|
86 | GPG_LIST_KEYS="$GPG --list-keys --with-colons" |
---|
87 | GPG_DECRYPT="$GPG --passphrase-fd 0 --decrypt" |
---|
88 | GPG_ENCRYPT="$GPG --armor --trust-model always --local-user $LIST_ADDRESS --passphrase-fd 0 --no-emit-version --sign --encrypt" |
---|
89 | } |
---|
90 | |
---|
91 | |
---|
92 | function CheckPassphrase { |
---|
93 | #------------------------------------------------------------- |
---|
94 | # check if a passphrase is valid: is 25 characters long or more; |
---|
95 | #+includes lower and upper case letters, numbers and at least 1 |
---|
96 | #+punctuation character; and no character is sequentially |
---|
97 | #+repeated more than 4 times. |
---|
98 | # |
---|
99 | # parameter(s): none |
---|
100 | # depends on function(s): none |
---|
101 | # returns: 0 if passphrase is valid, |
---|
102 | # 1 if invalid |
---|
103 | #------------------------------------------------------------- |
---|
104 | |
---|
105 | local -i return_code=0 |
---|
106 | |
---|
107 | if [[ -z "$PASSPHRASE" || \ |
---|
108 | "$(echo "$PASSPHRASE" | wc -c)" -lt "25" || \ |
---|
109 | -z "$(echo "$PASSPHRASE" | tr -dc '[:lower:]')" || \ |
---|
110 | -z "$(echo "$PASSPHRASE" | tr -dc '[:upper:]')" || \ |
---|
111 | -z "$(echo "$PASSPHRASE" | tr -dc '[:digit:]')" || \ |
---|
112 | "$(echo "$PASSPHRASE" | tr -dc '[:punct:]' | wc -c)" -lt "1" || \ |
---|
113 | -n "$(echo "$PASSPHRASE" | fold -w1 | uniq -cd | grep -v '^ \{6\}[234] ')" |
---|
114 | ]]; then |
---|
115 | return_code=1 |
---|
116 | fi |
---|
117 | |
---|
118 | return $return_code |
---|
119 | } |
---|
120 | |
---|
121 | |
---|
122 | function CheckFirmaConfigFile { |
---|
123 | #------------------------------------------------------------- |
---|
124 | # check firma.conf parameters |
---|
125 | # |
---|
126 | # parameter(s): none |
---|
127 | # depends on function(s): none |
---|
128 | # returns: 0 if all checks are passed, |
---|
129 | # 1 on any fatal errors |
---|
130 | #------------------------------------------------------------- |
---|
131 | |
---|
132 | local -i return_code=0 |
---|
133 | local gpg_version |
---|
134 | |
---|
135 | # check LOG_TO_SYSLOG value first, since it will define if firma |
---|
136 | #+should print or log error messages |
---|
137 | if [[ -n "$LOG_TO_SYSLOG" && \ |
---|
138 | "$LOG_TO_SYSLOG" != "0" && \ |
---|
139 | "$LOG_TO_SYSLOG" != "1" |
---|
140 | ]]; then |
---|
141 | |
---|
142 | LOG_TO_SYSLOG="0" |
---|
143 | LogMessage "\ |
---|
144 | WARNING: LOG_TO_SYSLOG should be set either to '0' or '1'. |
---|
145 | WARNING: Setting LOG_TO_SYSLOG to '0' for this run." |
---|
146 | |
---|
147 | elif [[ -z "$LOG_TO_SYSLOG" ]]; then |
---|
148 | LOG_TO_SYSLOG="0" |
---|
149 | elif [[ "$LOG_TO_SYSLOG" == "1" ]]; then |
---|
150 | |
---|
151 | if [[ ! -f "$LOGGER_BINARY" || ! -x "$LOGGER_BINARY" ]]; then |
---|
152 | |
---|
153 | LOG_TO_SYSLOG="0" |
---|
154 | LogMessage "\ |
---|
155 | WARNING: Logger binary ($LOGGER_BINARY) could not be found. |
---|
156 | WARNING: Setting LOG_TO_SYSLOG to '0' for this run." |
---|
157 | |
---|
158 | else # SYSLOG_PRIORITY defaults to "user.err" |
---|
159 | SYSLOG_PRIORITY=${SYSLOG_PRIORITY:-"user.err"} |
---|
160 | fi |
---|
161 | |
---|
162 | fi |
---|
163 | |
---|
164 | # check GPG_BINARY value |
---|
165 | if [[ ! -f "$GPG_BINARY" || ! -x "$GPG_BINARY" ]]; then |
---|
166 | LogMessage "FATAL: GPG binary ($GPG_BINARY) could not be found. Quitting." |
---|
167 | return_code=1 |
---|
168 | |
---|
169 | # check MAIL_AGENT value |
---|
170 | elif [[ ! -f "$MAIL_AGENT" || ! -x "$MAIL_AGENT" ]]; then |
---|
171 | LogMessage "FATAL: Mail transport agent binary ($MAIL_AGENT) could not be found. Quitting." |
---|
172 | return_code=1 |
---|
173 | |
---|
174 | # check LISTS_DIR value |
---|
175 | elif [[ ! -d "$LISTS_DIR" ]]; then |
---|
176 | LogMessage "FATAL: Lists directory ($LISTS_DIR) could not be found. Quitting." |
---|
177 | return_code=1 |
---|
178 | |
---|
179 | # optional parameters |
---|
180 | else |
---|
181 | |
---|
182 | # check USE_GPG_HIDDEN_RECIPIENT_OPTION value |
---|
183 | if [[ -n "$USE_GPG_HIDDEN_RECIPIENT_OPTION" && \ |
---|
184 | "$USE_GPG_HIDDEN_RECIPIENT_OPTION" != "0" && \ |
---|
185 | "$USE_GPG_HIDDEN_RECIPIENT_OPTION" != "1" |
---|
186 | ]]; then |
---|
187 | |
---|
188 | LogMessage "\ |
---|
189 | WARNING: USE_GPG_HIDDEN_RECIPIENT_OPTION should be set either to '0' or '1'. |
---|
190 | WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0' for this run." |
---|
191 | USE_GPG_HIDDEN_RECIPIENT_OPTION="0" |
---|
192 | |
---|
193 | elif [[ -z "$USE_GPG_HIDDEN_RECIPIENT_OPTION" ]]; then |
---|
194 | USE_GPG_HIDDEN_RECIPIENT_OPTION="0" |
---|
195 | elif [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" ]]; then |
---|
196 | |
---|
197 | gpg_version="$($GPG_BINARY --version | head -n 1 | tr -dc '[:digit:]')" |
---|
198 | if [[ "$gpg_version" -lt "140" ]]; then |
---|
199 | |
---|
200 | LogMessage "\ |
---|
201 | WARNING: GPG's \"--hidden-recipient\" option is only available from version 1.4.0 onwards. |
---|
202 | WARNING: Setting USE_GPG_HIDDEN_RECIPIENT_OPTION to '0' for this run." |
---|
203 | USE_GPG_HIDDEN_RECIPIENT_OPTION="0" |
---|
204 | |
---|
205 | fi |
---|
206 | |
---|
207 | fi |
---|
208 | |
---|
209 | # check FIRMA_USER value |
---|
210 | if [[ -z "$(echo "$FIRMA_USER" | tr -d '[:space:]')" ]]; then |
---|
211 | FIRMA_USER="nobody" |
---|
212 | fi |
---|
213 | |
---|
214 | # check FIRMA_GROUP value |
---|
215 | if [[ -z "$(echo "$FIRMA_GROUP" | tr -d '[:space:]')" ]]; then |
---|
216 | FIRMA_GROUP="nobody" |
---|
217 | fi |
---|
218 | |
---|
219 | # check KEYSERVER value |
---|
220 | if [[ -z "$(echo "$KEYSERVER" | tr -d '[:space:]')" ]]; then |
---|
221 | KEYSERVER="keys.indymedia.org" |
---|
222 | fi |
---|
223 | |
---|
224 | fi |
---|
225 | |
---|
226 | return $return_code |
---|
227 | } |
---|
228 | |
---|
229 | |
---|
230 | function CheckListConfigFile { |
---|
231 | #------------------------------------------------------------- |
---|
232 | # check list configuration file parameters |
---|
233 | # |
---|
234 | # parameter(s): none |
---|
235 | # depends on function(s): DeclareGpgVars |
---|
236 | # returns: 0 if all checks are passed, |
---|
237 | # 1 on any fatal errors |
---|
238 | #------------------------------------------------------------- |
---|
239 | |
---|
240 | local -i return_code=0 |
---|
241 | local administrator |
---|
242 | local valid_admins |
---|
243 | local replay_default_file="/var/log/firma/replay.db" |
---|
244 | |
---|
245 | # check LIST_HOMEDIR value |
---|
246 | if [[ ! -d "$LIST_HOMEDIR" || \ |
---|
247 | ! -f "$LIST_HOMEDIR/pubring.gpg" || \ |
---|
248 | ! -f "$LIST_HOMEDIR/secring.gpg" |
---|
249 | ]]; then |
---|
250 | LogMessage "FATAL: $LIST_NAME: GPG home directory ($LIST_HOMEDIR) or the GPG keyrings could not be found. Quitting." |
---|
251 | return_code=1 |
---|
252 | |
---|
253 | # check PASSPHRASE value |
---|
254 | elif [[ -z "$(grep -o "^PASSPHRASE='[^']*'$" $LIST_CONFIG_FILE)" ]] || \ |
---|
255 | ! CheckPassphrase; then |
---|
256 | LogMessage "FATAL: $LIST_NAME: List passphrase is empty or does not meet the minimum complexity requirements. Quitting." |
---|
257 | return_code=1 |
---|
258 | |
---|
259 | # check LIST_ADDRESS value, confirming if the list private key is present |
---|
260 | elif [[ -z "$($GPG --list-secret-keys --with-colons --fixed-list-mode "<$LIST_ADDRESS>" 2> /dev/null)" ]]; then |
---|
261 | LogMessage "FATAL: $LIST_NAME: List's secret key could not be found. Quitting." |
---|
262 | return_code=1 |
---|
263 | |
---|
264 | # optional parameters |
---|
265 | else |
---|
266 | |
---|
267 | # check if the list has an administrator (or more than one) |
---|
268 | if [[ -z "$(echo "$LIST_ADMIN" | tr -d '[:space:]')" ]]; then |
---|
269 | LogMessage "WARNING: $LIST_NAME: List has no administrator." |
---|
270 | LIST_ADMIN="" |
---|
271 | else |
---|
272 | |
---|
273 | # check if the public key(s) of the list administrator(s) is(are) present |
---|
274 | valid_admins="" |
---|
275 | for administrator in $LIST_ADMIN; do |
---|
276 | |
---|
277 | if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$administrator>" 2> /dev/null | \ |
---|
278 | grep -v '^tru:')" |
---|
279 | ]]; then |
---|
280 | LogMessage "\ |
---|
281 | WARNING: $LIST_NAME: Public key for list administrator \"$administrator\" could not be found. |
---|
282 | WARNING: $LIST_NAME: Removing this address from LIST_ADMIN for this run." |
---|
283 | else |
---|
284 | valid_admins="$valid_admins $administrator" |
---|
285 | fi |
---|
286 | |
---|
287 | done |
---|
288 | LIST_ADMIN="$valid_admins" |
---|
289 | |
---|
290 | if [[ -z "$(echo "$LIST_ADMIN" | tr -d '[:space:]')" ]]; then |
---|
291 | LogMessage "WARNING: $LIST_NAME: List has no valid administrator." |
---|
292 | LIST_ADMIN="" |
---|
293 | fi |
---|
294 | |
---|
295 | fi |
---|
296 | |
---|
297 | # check if LIST_REQUEST_ADDRESS has already been set |
---|
298 | if [[ -z "$(echo "$LIST_REQUEST_ADDRESS" | tr -d '[:space:]')" ]]; then |
---|
299 | LIST_REQUEST_ADDRESS="$(echo $LIST_ADDRESS | cut -d @ -f 1)-request@$(echo $LIST_ADDRESS | cut -d @ -f 2)" |
---|
300 | fi |
---|
301 | |
---|
302 | # check REQUIRE_SIGNATURE value |
---|
303 | if [[ -n "$REQUIRE_SIGNATURE" && \ |
---|
304 | "$REQUIRE_SIGNATURE" != "0" && \ |
---|
305 | "$REQUIRE_SIGNATURE" != "1" |
---|
306 | ]]; then |
---|
307 | |
---|
308 | LogMessage "\ |
---|
309 | WARNING: $LIST_NAME: REQUIRE_SIGNATURE should be set either to '0' or '1'. |
---|
310 | WARNING: $LIST_NAME: Setting REQUIRE_SIGNATURE to '1' for this run." |
---|
311 | REQUIRE_SIGNATURE="1" |
---|
312 | |
---|
313 | elif [[ -z "$REQUIRE_SIGNATURE" ]]; then |
---|
314 | REQUIRE_SIGNATURE="1" |
---|
315 | fi |
---|
316 | |
---|
317 | # check REPLIES_SHOULD_GO_TO_LIST value |
---|
318 | if [[ -n "$REPLIES_SHOULD_GO_TO_LIST" && \ |
---|
319 | "$REPLIES_SHOULD_GO_TO_LIST" != "0" && \ |
---|
320 | "$REPLIES_SHOULD_GO_TO_LIST" != "1" |
---|
321 | ]]; then |
---|
322 | |
---|
323 | LogMessage "\ |
---|
324 | WARNING: $LIST_NAME: REPLIES_SHOULD_GO_TO_LIST should be set either to '0' or '1'. |
---|
325 | WARNING: $LIST_NAME: Setting REPLIES_SHOULD_GO_TO_LIST to '0' for this run." |
---|
326 | REPLIES_SHOULD_GO_TO_LIST="0" |
---|
327 | |
---|
328 | elif [[ -z "$REPLIES_SHOULD_GO_TO_LIST" ]]; then |
---|
329 | REPLIES_SHOULD_GO_TO_LIST="0" |
---|
330 | fi |
---|
331 | |
---|
332 | # check HIDE_SENDER value |
---|
333 | if [[ -n "$HIDE_SENDER" && \ |
---|
334 | "$HIDE_SENDER" != "0" && \ |
---|
335 | "$HIDE_SENDER" != "1" |
---|
336 | ]]; then |
---|
337 | |
---|
338 | LogMessage "\ |
---|
339 | WARNING: $LIST_NAME: HIDE_SENDER should be set either to '0' or '1'. |
---|
340 | WARNING: $LIST_NAME: Setting HIDE_SENDER to '0' for this run." |
---|
341 | HIDE_SENDER="0" |
---|
342 | |
---|
343 | elif [[ -z "$HIDE_SENDER" ]]; then |
---|
344 | HIDE_SENDER="0" |
---|
345 | fi |
---|
346 | |
---|
347 | # check REPLAY_PROTECTION value |
---|
348 | if [[ -n "$REPLAY_PROTECTION" && \ |
---|
349 | "$REPLAY_PROTECTION" != "0" && \ |
---|
350 | "$REPLAY_PROTECTION" != "1" |
---|
351 | ]]; then |
---|
352 | |
---|
353 | LogMessage "\ |
---|
354 | WARNING: $LIST_NAME: REPLAY_PROTECTION should be set either to '0' or '1'. |
---|
355 | WARNING: $LIST_NAME: Setting REPLAY_PROTECTION to '0' for this run." |
---|
356 | REPLAY_PROTECTION="0" |
---|
357 | |
---|
358 | elif [[ -z "$REPLAY_PROTECTION" ]]; then |
---|
359 | REPLAY_PROTECTION="0" |
---|
360 | elif [[ "$REPLAY_PROTECTION" == "1" ]]; then |
---|
361 | |
---|
362 | # check REPLAY_COUNT value |
---|
363 | if [[ -n "$REPLAY_COUNT" && \ |
---|
364 | -n "$(echo "$REPLAY_COUNT" | tr -d '[:digit:]')" |
---|
365 | ]]; then |
---|
366 | |
---|
367 | LogMessage "\ |
---|
368 | WARNING: $LIST_NAME: REPLAY_COUNT should be a number. |
---|
369 | WARNING: $LIST_NAME: Setting REPLAY_COUNT to '150' for this run." |
---|
370 | REPLAY_COUNT="150" |
---|
371 | |
---|
372 | elif [[ -z "$REPLAY_COUNT" ]]; then |
---|
373 | REPLAY_COUNT="150" |
---|
374 | else # REPLAY_COUNT is either set to 0 (defaults to 150) or |
---|
375 | #+contains a valid value |
---|
376 | |
---|
377 | REPLAY_COUNT="$(( 10#$(echo "$REPLAY_COUNT" | tr -dc '[:digit:]') ))" |
---|
378 | if [[ "$REPLAY_COUNT" == "0" ]]; then |
---|
379 | |
---|
380 | LogMessage "\ |
---|
381 | WARNING: $LIST_NAME: REPLAY_COUNT has to be greater than '0'. |
---|
382 | WARNING: $LIST_NAME: Setting REPLAY_COUNT to '150' for this run." |
---|
383 | REPLAY_COUNT="150" |
---|
384 | |
---|
385 | fi |
---|
386 | |
---|
387 | fi |
---|
388 | |
---|
389 | # check REPLAY_FILE value |
---|
390 | if [[ -z "$(echo "$REPLAY_FILE" | tr -d '[:space:]')" ]]; then |
---|
391 | REPLAY_FILE="$replay_default_file" |
---|
392 | fi |
---|
393 | |
---|
394 | touch "$REPLAY_FILE" 2> /dev/null |
---|
395 | chown "$FIRMA_USER":"$FIRMA_GROUP" "$REPLAY_FILE" 2> /dev/null |
---|
396 | chmod 600 "$REPLAY_FILE" 2> /dev/null |
---|
397 | |
---|
398 | if [[ ! -r "$REPLAY_FILE" || ! -w "$REPLAY_FILE" ]]; then |
---|
399 | |
---|
400 | LogMessage "\ |
---|
401 | WARNING: $LIST_NAME: REPLAY_FILE ($REPLAY_FILE) can't be read or written to. |
---|
402 | WARNING: $LIST_NAME: Setting REPLAY_PROTECTION to '0' for this run." |
---|
403 | REPLAY_PROTECTION="0" |
---|
404 | |
---|
405 | fi |
---|
406 | |
---|
407 | fi |
---|
408 | |
---|
409 | # check DELIVERY_RANDOMIZATION value |
---|
410 | if [[ -n "$DELIVERY_RANDOMIZATION" && \ |
---|
411 | -n "$(echo "$DELIVERY_RANDOMIZATION" | tr -d '[:digit:]')" |
---|
412 | ]]; then |
---|
413 | |
---|
414 | LogMessage "\ |
---|
415 | WARNING: $LIST_NAME: DELIVERY_RANDOMIZATION should be a number. |
---|
416 | WARNING: $LIST_NAME: Setting DELIVERY_RANDOMIZATION to '0' for this run." |
---|
417 | DELIVERY_RANDOMIZATION="0" |
---|
418 | |
---|
419 | else # DELIVERY_RANDOMIZATION is either empty (defaults to 0) or |
---|
420 | #+contains a valid value |
---|
421 | |
---|
422 | DELIVERY_RANDOMIZATION="$(( 10#$(echo $DELIVERY_RANDOMIZATION | tr -dc '[:digit:]') ))" |
---|
423 | |
---|
424 | fi |
---|
425 | |
---|
426 | # check SILENTLY_DISCARD_INVALID_MESSAGES value |
---|
427 | if [[ -n "$SILENTLY_DISCARD_INVALID_MESSAGES" && \ |
---|
428 | "$SILENTLY_DISCARD_INVALID_MESSAGES" != "0" && \ |
---|
429 | "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" |
---|
430 | ]]; then |
---|
431 | |
---|
432 | LogMessage "\ |
---|
433 | WARNING: $LIST_NAME: SILENTLY_DISCARD_INVALID_MESSAGES should be set either to '0' or '1'. |
---|
434 | WARNING: $LIST_NAME: Setting SILENTLY_DISCARD_INVALID_MESSAGES to '0' for this run." |
---|
435 | SILENTLY_DISCARD_INVALID_MESSAGES="0" |
---|
436 | |
---|
437 | elif [[ -z "$SILENTLY_DISCARD_INVALID_MESSAGES" ]]; then |
---|
438 | SILENTLY_DISCARD_INVALID_MESSAGES="0" |
---|
439 | fi |
---|
440 | |
---|
441 | fi |
---|
442 | |
---|
443 | return $return_code |
---|
444 | } |
---|
445 | |
---|
446 | |
---|
447 | function GetMessage { |
---|
448 | #------------------------------------------------------------- |
---|
449 | # read message from STDIN |
---|
450 | # |
---|
451 | # parameter(s): none |
---|
452 | # depends on function(s): none |
---|
453 | # returns: 0 on success, |
---|
454 | # 1 if there's no input |
---|
455 | #------------------------------------------------------------- |
---|
456 | |
---|
457 | local -i return_code=0 |
---|
458 | |
---|
459 | # store message in ORIG_MESSAGE |
---|
460 | ORIG_MESSAGE="$(sed -ne '1,$p')" |
---|
461 | |
---|
462 | # check if message was successfully stored |
---|
463 | if [[ -z "$ORIG_MESSAGE" ]]; then |
---|
464 | LogMessage "FATAL: Message couldn't be read from standard input. Quitting." |
---|
465 | return_code=1 |
---|
466 | fi |
---|
467 | |
---|
468 | return $return_code |
---|
469 | } |
---|
470 | |
---|
471 | |
---|
472 | function GetGpgMessage { |
---|
473 | #------------------------------------------------------------- |
---|
474 | # get the gpg encrypted part of the message |
---|
475 | # |
---|
476 | # parameter(s): none |
---|
477 | # depends on function(s): GetMessage |
---|
478 | # returns: 0 on success, |
---|
479 | # 1 if encrypted bloc can't be located within the message |
---|
480 | #------------------------------------------------------------- |
---|
481 | |
---|
482 | local -i return_code=0 |
---|
483 | |
---|
484 | # find the first blank line in the message |
---|
485 | FIRST_BLANK_LINE=$(echo "$ORIG_MESSAGE" | grep -nm 1 '^$' | cut -d : -f 1) |
---|
486 | |
---|
487 | # then, find the beginning of the encrypted bloc |
---|
488 | if [[ -n $FIRST_BLANK_LINE ]]; then |
---|
489 | ENCRYPTED_BLOC_BEGINS=$(echo "$ORIG_MESSAGE" | grep -nm 1 -- '^-----BEGIN PGP MESSAGE-----' | cut -d : -f 1) |
---|
490 | |
---|
491 | # and then find the end of the bloc |
---|
492 | if [[ -n $ENCRYPTED_BLOC_BEGINS ]]; then |
---|
493 | ENCRYPTED_BLOC_ENDS=$(echo "$ORIG_MESSAGE" | grep -nm 1 -- '^-----END PGP MESSAGE-----' | cut -d : -f 1) |
---|
494 | |
---|
495 | # if there's an encrypted bloc, store it in ORIG_GPG_MESSAGE |
---|
496 | if [[ -n $ENCRYPTED_BLOC_ENDS ]]; then |
---|
497 | ORIG_GPG_MESSAGE="$( |
---|
498 | echo "$ORIG_MESSAGE" | \ |
---|
499 | sed -ne "$((${ENCRYPTED_BLOC_ENDS} + 1))q;${ENCRYPTED_BLOC_BEGINS},${ENCRYPTED_BLOC_ENDS}p" |
---|
500 | )" |
---|
501 | fi |
---|
502 | fi |
---|
503 | fi |
---|
504 | |
---|
505 | # check if the bloc was successfully stored |
---|
506 | if [[ -z "$ORIG_GPG_MESSAGE" ]]; then |
---|
507 | LogMessage "WARNING: No valid GPG encrypted bloc found within the message" |
---|
508 | return_code=1 |
---|
509 | fi |
---|
510 | |
---|
511 | return $return_code |
---|
512 | } |
---|
513 | |
---|
514 | |
---|
515 | function ParseGpgDecryptStderr { |
---|
516 | #------------------------------------------------------------- |
---|
517 | # parse $GPG_DECRYPT STDERR for signature checking |
---|
518 | # |
---|
519 | # parameter(s): none |
---|
520 | # depends on function(s): DeclareGpgVars, GetGpgMessage, GetSenderAddress |
---|
521 | # returns: 0 |
---|
522 | #------------------------------------------------------------- |
---|
523 | |
---|
524 | local gpg_decrypt_stderr |
---|
525 | |
---|
526 | # get GPG_DECRYPT STDERR, discarding its STDOUT |
---|
527 | gpg_decrypt_stderr="$( |
---|
528 | echo -e "${PASSPHRASE}\n${ORIG_GPG_MESSAGE}" | \ |
---|
529 | ($GPG_DECRYPT --status-fd 2 1> /dev/null) 2>&1 |
---|
530 | )" |
---|
531 | |
---|
532 | # check if message was encrypted with the list's public key |
---|
533 | if |
---|
534 | echo "$gpg_decrypt_stderr" | \ |
---|
535 | grep -q "^\[GNUPG:] ENC_TO $( |
---|
536 | $GPG_LIST_KEYS $LIST_ADDRESS 2> /dev/null | \ |
---|
537 | sed -ne '/:[sca]*[^e][sca]*:$/d' -e '/^sub:[^ired]:/p' | \ |
---|
538 | cut -d : -f 5 |
---|
539 | )" |
---|
540 | then |
---|
541 | ENCRYPTED_TO_LIST="1" |
---|
542 | |
---|
543 | # if it was, check if its signature is valid |
---|
544 | if |
---|
545 | echo "$gpg_decrypt_stderr" | \ |
---|
546 | grep -q '^\[GNUPG:] GOODSIG' |
---|
547 | then |
---|
548 | GOOD_SIGNATURE="1" |
---|
549 | |
---|
550 | if [[ -z "$SENDER_ADDRESS" ]]; then |
---|
551 | GetSenderAddress |
---|
552 | fi |
---|
553 | |
---|
554 | if |
---|
555 | echo "$gpg_decrypt_stderr" | \ |
---|
556 | grep '^\[GNUPG:] GOODSIG' | \ |
---|
557 | grep -q "$SENDER_ADDRESS" |
---|
558 | then |
---|
559 | SIGNATURE_MADE_BY_SENDER="1" |
---|
560 | else |
---|
561 | SIGNATURE_MADE_BY_SENDER="0" |
---|
562 | fi |
---|
563 | |
---|
564 | # else, check if the signature is invalid (BAD signature) |
---|
565 | elif |
---|
566 | echo "$gpg_decrypt_stderr" | \ |
---|
567 | grep -q '^\[GNUPG:] BADSIG' |
---|
568 | then |
---|
569 | BAD_SIGNATURE="1" |
---|
570 | |
---|
571 | # else, check if the signature couldn't be verified |
---|
572 | elif |
---|
573 | echo "$gpg_decrypt_stderr" | \ |
---|
574 | grep -q '^\[GNUPG:] ERRSIG' |
---|
575 | then |
---|
576 | SIGNATURE_CHECKING_FAILED="1" |
---|
577 | |
---|
578 | # else, check if the message could at least be decrypted |
---|
579 | elif |
---|
580 | echo "$gpg_decrypt_stderr" | \ |
---|
581 | grep -q '^\[GNUPG:] DECRYPTION_OKAY' |
---|
582 | then |
---|
583 | MESSAGE_DECRYPTION_OKAY="1" |
---|
584 | |
---|
585 | fi |
---|
586 | fi |
---|
587 | } |
---|
588 | |
---|
589 | |
---|
590 | function GetSubscribersList { |
---|
591 | #------------------------------------------------------------- |
---|
592 | # get list subscriber addresses for message encryption and delivery |
---|
593 | # |
---|
594 | # parameter(s): none |
---|
595 | # depends on function(s): DeclareGpgVars |
---|
596 | # returns: 0 on success, |
---|
597 | # 1 if there are no valid subscribers on list |
---|
598 | #------------------------------------------------------------- |
---|
599 | |
---|
600 | local -i return_code=0 |
---|
601 | |
---|
602 | # get subscribers' email addresses, excluding invalid, revoked, |
---|
603 | #+expired and disabled keys, as well as any signing only keys |
---|
604 | SUBSCRIBERS_LIST="$( |
---|
605 | $GPG_LIST_KEYS 2> /dev/null | \ |
---|
606 | sed -ne "/$LIST_ADDRESS/Id" -e '/:[scaeSCA]*[^E][scaeSCA]*:$/d' -e '/:[scaeSCAE]*D[scaeSCAE]*:$/d' -e '/^pub:[^ired]:/p' | \ |
---|
607 | cut -d : -f 10 | \ |
---|
608 | grep -o '<[^<>]*>$' | \ |
---|
609 | sed -e 's/[<>]//g' | \ |
---|
610 | sort -d |
---|
611 | )" |
---|
612 | |
---|
613 | # check if the list has valid subscribers |
---|
614 | if [[ -z "$SUBSCRIBERS_LIST" ]]; then |
---|
615 | LogMessage "FATAL: $LIST_NAME: No valid subscribers on list \"$LIST_ADDRESS\". Quitting." |
---|
616 | return_code=1 |
---|
617 | fi |
---|
618 | |
---|
619 | return $return_code |
---|
620 | } |
---|
621 | |
---|
622 | |
---|
623 | function GetMessageHeadersAndBody { |
---|
624 | #------------------------------------------------------------- |
---|
625 | # store the message headers and body in two separate variables |
---|
626 | # |
---|
627 | # parameter(s): none |
---|
628 | # depends on function(s): GetMessage, GetGpgMessage |
---|
629 | # returns: 0 |
---|
630 | #------------------------------------------------------------- |
---|
631 | |
---|
632 | # store everything up to the first blank line in ORIG_MESSAGE_HEADERS, |
---|
633 | #+unfolding any folded headers |
---|
634 | ORIG_MESSAGE_HEADERS="$( |
---|
635 | echo "$ORIG_MESSAGE" | \ |
---|
636 | sed -ne "${FIRST_BLANK_LINE}q;1,$(($FIRST_BLANK_LINE - 1))p" | \ |
---|
637 | sed -e :a -e '$!N;s/[ \t]*\n[ \t]\+/ /;ta' -e 'P;D' |
---|
638 | )" |
---|
639 | |
---|
640 | # store everything after this line in ORIG_MESSAGE_BODY |
---|
641 | ORIG_MESSAGE_BODY="$( |
---|
642 | echo "$ORIG_MESSAGE" | \ |
---|
643 | sed -ne "$(($FIRST_BLANK_LINE + 1)),\$p" |
---|
644 | )" |
---|
645 | } |
---|
646 | |
---|
647 | |
---|
648 | function EditListMessageHeaders { |
---|
649 | #------------------------------------------------------------- |
---|
650 | # edit the headers of a list message, removing specific lines, adding |
---|
651 | #+a prefix to the Subject, etc |
---|
652 | # |
---|
653 | # parameter(s): none |
---|
654 | # depends on function(s): GetMessageHeadersAndBody |
---|
655 | # returns: 0 |
---|
656 | #------------------------------------------------------------- |
---|
657 | |
---|
658 | local header |
---|
659 | local sed_args |
---|
660 | |
---|
661 | MESSAGE_HEADERS="$ORIG_MESSAGE_HEADERS" |
---|
662 | |
---|
663 | # remove headers as/if defined by firma configuration file |
---|
664 | if [[ -n "$REMOVE_THESE_HEADERS_ON_ALL_LISTS" ]]; then |
---|
665 | for header in $REMOVE_THESE_HEADERS_ON_ALL_LISTS; do |
---|
666 | sed_args="$sed_args -e /^${header}/Id" |
---|
667 | done |
---|
668 | |
---|
669 | MESSAGE_HEADERS="$( |
---|
670 | echo "$MESSAGE_HEADERS" | \ |
---|
671 | sed $sed_args |
---|
672 | )" |
---|
673 | fi |
---|
674 | |
---|
675 | # remove additional headers as/if defined by the list configuration file |
---|
676 | if [[ -n "$REMOVE_THESE_HEADERS" ]]; then |
---|
677 | |
---|
678 | # remove local variables contents, in case they have been used above |
---|
679 | header="" |
---|
680 | sed_args="" |
---|
681 | |
---|
682 | for header in $REMOVE_THESE_HEADERS; do |
---|
683 | sed_args="$sed_args -e /^${header}/Id" |
---|
684 | done |
---|
685 | |
---|
686 | MESSAGE_HEADERS="$( |
---|
687 | echo "$MESSAGE_HEADERS" | \ |
---|
688 | sed $sed_args |
---|
689 | )" |
---|
690 | fi |
---|
691 | |
---|
692 | # insert/replace the Reply-To header |
---|
693 | if [[ "$REPLIES_SHOULD_GO_TO_LIST" == "1" ]]; then |
---|
694 | |
---|
695 | if ! echo "$MESSAGE_HEADERS" | \ |
---|
696 | grep -iq '^Reply-To:'; then |
---|
697 | |
---|
698 | # these are the headers of the message to be sent, so no indentation here |
---|
699 | MESSAGE_HEADERS="\ |
---|
700 | $MESSAGE_HEADERS |
---|
701 | Reply-To: $LIST_ADDRESS" |
---|
702 | |
---|
703 | else |
---|
704 | MESSAGE_HEADERS="$( |
---|
705 | echo "$MESSAGE_HEADERS" | \ |
---|
706 | sed -e "s/^Reply-To:.*$/Reply-To: $LIST_ADDRESS/I" |
---|
707 | )" |
---|
708 | fi |
---|
709 | fi |
---|
710 | |
---|
711 | # hide the sender |
---|
712 | if [[ "$HIDE_SENDER" == "1" ]]; then |
---|
713 | MESSAGE_HEADERS="$( |
---|
714 | echo "$MESSAGE_HEADERS" | \ |
---|
715 | sed -e "s/^From:.*$/From: $LIST_ADDRESS/I" |
---|
716 | )" |
---|
717 | fi |
---|
718 | |
---|
719 | # insert the Subject prefix, if any |
---|
720 | if [[ -n "$SUBJECT_PREFIX" ]]; then |
---|
721 | |
---|
722 | # first, check if there's a Subject line |
---|
723 | if echo "$MESSAGE_HEADERS" | grep -iq '^Subject:'; then |
---|
724 | |
---|
725 | # and then check if the Subject already contains the list prefix |
---|
726 | if ! echo "$MESSAGE_HEADERS" | \ |
---|
727 | grep -im 1 '^Subject:' | \ |
---|
728 | grep -qF "$SUBJECT_PREFIX"; then |
---|
729 | |
---|
730 | # if it doesn't, insert it |
---|
731 | MESSAGE_HEADERS="$( |
---|
732 | echo "$MESSAGE_HEADERS" | \ |
---|
733 | sed -e "s/^Subject:[ \t]*/Subject: $SUBJECT_PREFIX/I" |
---|
734 | )" |
---|
735 | fi |
---|
736 | |
---|
737 | # else, if there's no Subject line, add one containing only the list prefix |
---|
738 | else |
---|
739 | |
---|
740 | # these are the headers of the message to be sent, so no indentation here |
---|
741 | MESSAGE_HEADERS="\ |
---|
742 | $MESSAGE_HEADERS |
---|
743 | Subject: $SUBJECT_PREFIX" |
---|
744 | |
---|
745 | fi |
---|
746 | fi |
---|
747 | } |
---|
748 | |
---|
749 | |
---|
750 | function DecryptGpgMessage { |
---|
751 | #------------------------------------------------------------- |
---|
752 | # decrypt the gpg encrypted part of the message |
---|
753 | # |
---|
754 | # parameter(s): none |
---|
755 | # depends on function(s): DeclareGpgVars, GetGpgMessage |
---|
756 | # returns: 0 |
---|
757 | #------------------------------------------------------------- |
---|
758 | |
---|
759 | DECRYPTED_MESSAGE="$( |
---|
760 | echo -e "${PASSPHRASE}\n${ORIG_GPG_MESSAGE}" | \ |
---|
761 | $GPG_DECRYPT 2> /dev/null |
---|
762 | )" |
---|
763 | } |
---|
764 | |
---|
765 | |
---|
766 | function ReplaceGpgMessage { |
---|
767 | #------------------------------------------------------------- |
---|
768 | # replace the original encrypted bloc by one generated for the list subscribers |
---|
769 | # |
---|
770 | # parameter(s): none |
---|
771 | # depends on function(s): GetGpgMessage, GetMessageHeadersAndBody |
---|
772 | # returns: 0 |
---|
773 | #------------------------------------------------------------- |
---|
774 | |
---|
775 | MESSAGE_BODY="$( |
---|
776 | echo "$ORIG_MESSAGE_BODY" | \ |
---|
777 | sed -e "$(($ENCRYPTED_BLOC_BEGINS - $FIRST_BLANK_LINE)),$(($ENCRYPTED_BLOC_ENDS - $FIRST_BLANK_LINE))c $( |
---|
778 | echo "$GPG_MESSAGE" | \ |
---|
779 | sed -e '$! s/$/\\/' |
---|
780 | )" |
---|
781 | )" |
---|
782 | } |
---|
783 | |
---|
784 | |
---|
785 | function GetSenderAddress { |
---|
786 | #------------------------------------------------------------- |
---|
787 | # get the sender address, needed for warning and bounce messages processing |
---|
788 | # |
---|
789 | # parameter(s): none |
---|
790 | # depends on function(s): GetMessage |
---|
791 | # returns: 0 |
---|
792 | #------------------------------------------------------------- |
---|
793 | |
---|
794 | local from |
---|
795 | |
---|
796 | from="$(echo "$ORIG_MESSAGE" | grep -im 1 '^From:')" |
---|
797 | SENDER_ADDRESS=$( |
---|
798 | if [[ -z "$(echo $from | grep '>$')" ]]; then |
---|
799 | echo $from |
---|
800 | else |
---|
801 | echo $from | grep -o '<[^<>]*>$' | sed -e 's/[<>]//g' |
---|
802 | fi |
---|
803 | ) |
---|
804 | } |
---|
805 | |
---|
806 | |
---|
807 | function AssembleMessage { |
---|
808 | #------------------------------------------------------------- |
---|
809 | # just put the message headers and body together |
---|
810 | # |
---|
811 | # parameter(s): none |
---|
812 | # depends on function(s): EditListMessageHeaders, ReplaceGpgMessage, |
---|
813 | # ComposeAndSendWarningMessage, |
---|
814 | # ComposeAndSendBounceMessage |
---|
815 | # returns: 0 |
---|
816 | #------------------------------------------------------------- |
---|
817 | |
---|
818 | # this is the actual message which will be sent, so no indentation here |
---|
819 | MESSAGE="\ |
---|
820 | $MESSAGE_HEADERS |
---|
821 | |
---|
822 | $MESSAGE_BODY" |
---|
823 | |
---|
824 | } |
---|
825 | |
---|
826 | |
---|
827 | function ReEncryptAndSendListMessage { |
---|
828 | #------------------------------------------------------------- |
---|
829 | # send message to list subscribers |
---|
830 | # |
---|
831 | # parameter(s): none |
---|
832 | # depends on function(s): DeclareGpgVars, DecryptGpgMessage, |
---|
833 | # GetSubscribersList, AssembleMessage |
---|
834 | # returns: 0 |
---|
835 | #------------------------------------------------------------- |
---|
836 | |
---|
837 | local recipients |
---|
838 | local subscriber |
---|
839 | |
---|
840 | recipients="$(echo $SUBSCRIBERS_LIST)" |
---|
841 | |
---|
842 | # check if message should be encrypted and sent to all subscribers at once |
---|
843 | if [[ "$USE_GPG_HIDDEN_RECIPIENT_OPTION" == "1" ]]; then |
---|
844 | |
---|
845 | GPG_MESSAGE="$( |
---|
846 | echo -e "${PASSPHRASE}\n${DECRYPTED_MESSAGE}" | \ |
---|
847 | $GPG_ENCRYPT --group subscribers="$recipients" --hidden-recipient subscribers 2> /dev/null |
---|
848 | )" |
---|
849 | |
---|
850 | ReplaceGpgMessage |
---|
851 | AssembleMessage |
---|
852 | DeliveryRandomization |
---|
853 | |
---|
854 | # send message |
---|
855 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $recipients |
---|
856 | |
---|
857 | # else, message should be encrypted and sent to one subscriber at a time |
---|
858 | else |
---|
859 | for subscriber in $recipients; do |
---|
860 | |
---|
861 | GPG_MESSAGE="$( |
---|
862 | echo -e "${PASSPHRASE}\n${DECRYPTED_MESSAGE}" | \ |
---|
863 | $GPG_ENCRYPT --recipient $subscriber |
---|
864 | )" |
---|
865 | |
---|
866 | ReplaceGpgMessage |
---|
867 | AssembleMessage |
---|
868 | DeliveryRandomization |
---|
869 | |
---|
870 | # send message |
---|
871 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $subscriber |
---|
872 | |
---|
873 | done |
---|
874 | fi |
---|
875 | } |
---|
876 | |
---|
877 | |
---|
878 | function ComposeAndSendWarningMessage { |
---|
879 | #------------------------------------------------------------- |
---|
880 | # send a "BAD signature" warning to the list administrator(s) and to sender |
---|
881 | # |
---|
882 | # parameter(s): none |
---|
883 | # depends on function(s): GetMessage, GetSenderAddress, AssembleMessage |
---|
884 | # returns: 0 |
---|
885 | #------------------------------------------------------------- |
---|
886 | |
---|
887 | local recipients |
---|
888 | |
---|
889 | recipients="$LIST_ADMIN $SENDER_ADDRESS" |
---|
890 | |
---|
891 | # these are the headers of the message to be sent, so no indentation here |
---|
892 | MESSAGE_HEADERS="\ |
---|
893 | From: $LIST_ADDRESS |
---|
894 | Subject: BAD signature from $SENDER_ADDRESS |
---|
895 | To: $SENDER_ADDRESS |
---|
896 | Cc: $(echo $LIST_ADMIN | sed -e 's/ /, /g')" |
---|
897 | |
---|
898 | # this is the body of the message to be sent, so no indentation here |
---|
899 | MESSAGE_BODY="\ |
---|
900 | -------- Original Message -------- |
---|
901 | $ORIG_MESSAGE" |
---|
902 | |
---|
903 | AssembleMessage |
---|
904 | |
---|
905 | # send message |
---|
906 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $recipients |
---|
907 | } |
---|
908 | |
---|
909 | |
---|
910 | function ComposeAndSendBounceMessage { |
---|
911 | #------------------------------------------------------------- |
---|
912 | # send a bounce message back to sender |
---|
913 | # |
---|
914 | # parameter(s): none |
---|
915 | # depends on function(s): GetMessage, GetSenderAddress, AssembleMessage |
---|
916 | # returns: 0 |
---|
917 | #------------------------------------------------------------- |
---|
918 | |
---|
919 | local subject |
---|
920 | |
---|
921 | subject="$(echo "$ORIG_MESSAGE" | grep -im 1 '^Subject:' | cut -d : -f 2- )" |
---|
922 | |
---|
923 | # these are the headers of the message to be sent, so no indentation here |
---|
924 | MESSAGE_HEADERS="\ |
---|
925 | From: $LIST_ADDRESS |
---|
926 | Subject: [RETURNED MAIL]$subject |
---|
927 | To: $SENDER_ADDRESS" |
---|
928 | |
---|
929 | # this is the body of the message to be sent, so no indentation here |
---|
930 | MESSAGE_BODY="\ |
---|
931 | $MESSAGE_BODY |
---|
932 | |
---|
933 | -- |
---|
934 | firma" |
---|
935 | |
---|
936 | AssembleMessage |
---|
937 | |
---|
938 | # send message |
---|
939 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $SENDER_ADDRESS |
---|
940 | } |
---|
941 | |
---|
942 | |
---|
943 | function ProcessMessage { |
---|
944 | #------------------------------------------------------------- |
---|
945 | # process a received message |
---|
946 | # |
---|
947 | # parameter(s): none |
---|
948 | # depends on function(s): GetMessage, GetGpgMessage, GetSubscribersList, |
---|
949 | # GetSenderAddress |
---|
950 | # returns: 0 on success, |
---|
951 | # 1 if any of the above functions return an error |
---|
952 | #------------------------------------------------------------- |
---|
953 | |
---|
954 | local -i return_code=0 |
---|
955 | |
---|
956 | # try to read message from STDIN |
---|
957 | if GetMessage; then |
---|
958 | |
---|
959 | # check if the message was encrypted |
---|
960 | if GetGpgMessage; then |
---|
961 | |
---|
962 | # look for replay attacks |
---|
963 | if ReplayProtectionCheck; then |
---|
964 | |
---|
965 | # if it was, parse gpg decrypt STDERR to decide what to do next |
---|
966 | ParseGpgDecryptStderr |
---|
967 | |
---|
968 | # if the message was encrypted with the list's public key and if the |
---|
969 | #+message signature is valid, send message to list subscribers |
---|
970 | if AllowMessageProcessing; then |
---|
971 | |
---|
972 | # check if the list has valid subscribers |
---|
973 | |
---|
974 | GetSenderAddress |
---|
975 | GetMessageHeadersAndBody |
---|
976 | EditListMessageHeaders |
---|
977 | DecryptGpgMessage |
---|
978 | |
---|
979 | if [[ "$MODE" == "list-message" ]]; then |
---|
980 | if GetSubscribersList; then |
---|
981 | ReEncryptAndSendListMessage |
---|
982 | else |
---|
983 | return_code=1 |
---|
984 | fi |
---|
985 | elif [[ "$MODE" == "admin-non-interactive" ]]; then |
---|
986 | EmailListAdministration |
---|
987 | fi |
---|
988 | |
---|
989 | # else, if the message was correctly encrypted but its signature is invalid, |
---|
990 | #+send a warning about this to the list administrator(s) and to sender |
---|
991 | elif [[ "$ENCRYPTED_TO_LIST" == "1" && "$BAD_SIGNATURE" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then |
---|
992 | |
---|
993 | GetSenderAddress |
---|
994 | |
---|
995 | if [[ -n $(echo $LIST_ADMIN) || -n "$SENDER_ADDRESS" ]]; then |
---|
996 | ComposeAndSendWarningMessage |
---|
997 | fi |
---|
998 | |
---|
999 | # else, a bounce should be sent |
---|
1000 | else |
---|
1001 | |
---|
1002 | # if bounce processing is enabled, continue |
---|
1003 | if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then |
---|
1004 | |
---|
1005 | GetSenderAddress |
---|
1006 | if [[ -n "$SENDER_ADDRESS" ]]; then |
---|
1007 | |
---|
1008 | # if the message was encrypted with the list's public key |
---|
1009 | if [[ $ENCRYPTED_TO_LIST == "1" ]]; then |
---|
1010 | |
---|
1011 | # then, if signature can't be checked, then probably the sender is not subscribed to the list |
---|
1012 | # send a bounce, if possible |
---|
1013 | if [[ "$SIGNATURE_CHECKING_FAILED" == "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then |
---|
1014 | |
---|
1015 | # this is the body of the message to be sent, so no indentation here |
---|
1016 | MESSAGE_BODY="\ |
---|
1017 | It was not possible to process this message. Your email |
---|
1018 | address is not subscribed to this list. Contact the list |
---|
1019 | administrator if you have any questions." |
---|
1020 | ComposeAndSendBounceMessage |
---|
1021 | |
---|
1022 | # or, if message can be decrypted but its signature can't be checked, then message wasn't signed |
---|
1023 | # send a bounce, if possible |
---|
1024 | elif [[ $MESSAGE_DECRYPTION_OKAY == "1" ]]; then |
---|
1025 | |
---|
1026 | # this is the body of the message to be sent, so no indentation here |
---|
1027 | MESSAGE_BODY="\ |
---|
1028 | It was not possible to process this message. Message was |
---|
1029 | not signed. Contact the list administrator if you have any |
---|
1030 | questions." |
---|
1031 | ComposeAndSendBounceMessage |
---|
1032 | |
---|
1033 | elif [[ "$SIGNATURE_MADE_BY_SENDER" != "1" && "$REQUIRE_SIGNATURE" == "1" ]]; then |
---|
1034 | |
---|
1035 | # this is the body of the message to be sent, so no indentation here |
---|
1036 | MESSAGE_BODY="\ |
---|
1037 | It was not possible to process this message. Message was |
---|
1038 | not sent by the person who signed it." |
---|
1039 | |
---|
1040 | ComposeAndSendBounceMessage |
---|
1041 | |
---|
1042 | fi |
---|
1043 | |
---|
1044 | # else, message wasn't encrypted with the list's public key |
---|
1045 | # send a bounce, if possible |
---|
1046 | else |
---|
1047 | |
---|
1048 | # this is the body of the message to be sent, so no indentation here |
---|
1049 | MESSAGE_BODY="\ |
---|
1050 | It was not possible to process this message. Message was |
---|
1051 | not encrypted with the list's public key. Contact the list |
---|
1052 | administrator if you have any questions." |
---|
1053 | ComposeAndSendBounceMessage |
---|
1054 | fi |
---|
1055 | fi |
---|
1056 | fi |
---|
1057 | fi |
---|
1058 | else |
---|
1059 | |
---|
1060 | # if bounce processing is enabled, continue |
---|
1061 | if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then |
---|
1062 | |
---|
1063 | GetSenderAddress |
---|
1064 | if [[ -n "$SENDER_ADDRESS" ]]; then |
---|
1065 | |
---|
1066 | # the anti-replay mechanism detected a repeated message |
---|
1067 | MESSAGE_BODY="\ |
---|
1068 | It was not possible to process this message. This list |
---|
1069 | is configured to discard replayed messages as an attack |
---|
1070 | protection measure. It looks like your message has been |
---|
1071 | sent to the list before and so it was discarded. Contact |
---|
1072 | the list administrator if you have any questions." |
---|
1073 | ComposeAndSendBounceMessage |
---|
1074 | fi |
---|
1075 | fi |
---|
1076 | fi |
---|
1077 | # else, message wasn't encrypted at all |
---|
1078 | # send a bounce, if possible |
---|
1079 | else |
---|
1080 | |
---|
1081 | # if bounce processing is enabled, continue |
---|
1082 | if [[ "$SILENTLY_DISCARD_INVALID_MESSAGES" != "1" ]]; then |
---|
1083 | |
---|
1084 | GetSenderAddress |
---|
1085 | if [[ -n "$SENDER_ADDRESS" ]]; then |
---|
1086 | |
---|
1087 | # this is the body of the message to be sent, so no indentation here |
---|
1088 | MESSAGE_BODY="\ |
---|
1089 | It was not possible to process this message. Message was |
---|
1090 | not encrypted. Contact the list administrator if you have |
---|
1091 | have any questions." |
---|
1092 | ComposeAndSendBounceMessage |
---|
1093 | fi |
---|
1094 | fi |
---|
1095 | fi |
---|
1096 | |
---|
1097 | # else, message could not be read from STDIN |
---|
1098 | else |
---|
1099 | return_code=1 |
---|
1100 | fi |
---|
1101 | |
---|
1102 | return $return_code |
---|
1103 | } |
---|
1104 | |
---|
1105 | |
---|
1106 | function NewList { |
---|
1107 | #------------------------------------------------------------- |
---|
1108 | # create a list if it doesn't exist yet |
---|
1109 | # |
---|
1110 | # parameter(s): none |
---|
1111 | # depends on function(s): DeclareGpgVars |
---|
1112 | # returns: 0 on success, 1 if list already exists or cannot be created |
---|
1113 | #------------------------------------------------------------- |
---|
1114 | |
---|
1115 | local -i return_code=0 |
---|
1116 | local answer admin invalid method |
---|
1117 | local last_char digits_only |
---|
1118 | |
---|
1119 | # UTF-8 is avoided in DETAILS |
---|
1120 | echo "Firma will ask you some questions to setup your list." |
---|
1121 | echo "Please don't use UTF-8 characters." |
---|
1122 | |
---|
1123 | read -rep " List keyring location: ($LIST_PATH) " LIST_HOMEDIR |
---|
1124 | LIST_HOMEDIR=${LIST_HOMEDIR:-"$LIST_PATH"} |
---|
1125 | |
---|
1126 | if [[ -d "$LIST_HOMEDIR" ]]; then |
---|
1127 | echo "Cannot create list $LIST_NAME: List already exists at $LIST_HOMEDIR" |
---|
1128 | return_code=1 |
---|
1129 | else |
---|
1130 | |
---|
1131 | echo "Creating folder $LIST_HOMEDIR..." |
---|
1132 | mkdir -p $LIST_HOMEDIR |
---|
1133 | |
---|
1134 | if [[ -d "$LIST_HOMEDIR" ]]; then |
---|
1135 | |
---|
1136 | # list address |
---|
1137 | while true; do |
---|
1138 | read -rep " List email address or 'quit' to exit: " LIST_ADDRESS |
---|
1139 | if [[ "$LIST_ADDRESS" == "quit" ]]; then |
---|
1140 | echo "Deleting folder $LIST_HOMEDIR..." |
---|
1141 | rm -rf $LIST_HOMEDIR |
---|
1142 | echo "List creation aborted." |
---|
1143 | return_code=1 |
---|
1144 | break |
---|
1145 | elif CheckValidEmail $LIST_ADDRESS; then |
---|
1146 | break |
---|
1147 | elif [[ -n "$LIST_ADDRESS" ]]; then |
---|
1148 | echo " Invalid email address: $LIST_ADDRESS" |
---|
1149 | fi |
---|
1150 | done |
---|
1151 | |
---|
1152 | # admin emails |
---|
1153 | if [[ "$return_code" == "0" ]]; then |
---|
1154 | while true; do |
---|
1155 | read -rep " List administrator(s) email address(es) (space delimited) or 'quit' to exit: " LIST_ADMIN |
---|
1156 | if [[ "$LIST_ADMIN" == "quit" ]]; then |
---|
1157 | echo "Deleting folder $LIST_HOMEDIR..." |
---|
1158 | rm -rf $LIST_HOMEDIR |
---|
1159 | echo "List creation aborted." |
---|
1160 | return_code=1 |
---|
1161 | break |
---|
1162 | elif [[ -n "$LIST_ADMIN" ]]; then |
---|
1163 | for admin in $LIST_ADMIN; do |
---|
1164 | if ! CheckValidEmail $admin; then |
---|
1165 | invalid="$(echo $invalid $admin | sed -e 's/ / /')" |
---|
1166 | fi |
---|
1167 | done |
---|
1168 | if [[ -n "$invalid" ]]; then |
---|
1169 | echo " Invalid email address: $invalid" |
---|
1170 | invalid="" |
---|
1171 | else |
---|
1172 | break |
---|
1173 | fi |
---|
1174 | fi |
---|
1175 | done |
---|
1176 | fi |
---|
1177 | |
---|
1178 | # list description, passphrase and key size |
---|
1179 | if [[ "$return_code" == "0" ]]; then |
---|
1180 | read -rep " List description (optional): " KEY_DESCRIPTION |
---|
1181 | if [[ ! -z "$KEY_DESCRIPTION" ]]; then |
---|
1182 | KEY_DESCRIPTION="Name-Real: $KEY_DESCRIPTION" |
---|
1183 | fi |
---|
1184 | while true; do |
---|
1185 | read -rep " Automatically create a passphrase for the list pubkey? (Y/n) " answer |
---|
1186 | answer="$(echo $answer | tr '[:lower:]' '[:upper:]')" |
---|
1187 | if [[ -z "$answer" || "$answer" == "Y" || "$answer" == "YES" ]]; then |
---|
1188 | PASSPHRASE="$(RandomString 62)" |
---|
1189 | while ! CheckPassphrase; do |
---|
1190 | PASSPHRASE="$(RandomString 62)" |
---|
1191 | done |
---|
1192 | break |
---|
1193 | elif [[ "$answer" == "N" || "$answer" == "NO" ]]; then |
---|
1194 | read -resp " Passphrase to protect the list's secret key (you'll type it once): " PASSPHRASE |
---|
1195 | while ! CheckPassphrase; do |
---|
1196 | echo "" |
---|
1197 | read -resp " Passphrase doesn't fit all the requirements, please choose another: " PASSPHRASE |
---|
1198 | done |
---|
1199 | break |
---|
1200 | else |
---|
1201 | echo " Please answer either yes or no." |
---|
1202 | fi |
---|
1203 | done |
---|
1204 | |
---|
1205 | while true; do |
---|
1206 | echo " Please choose a key size:" |
---|
1207 | echo " 1 - 1024" |
---|
1208 | echo " 2 - 2048" |
---|
1209 | echo " 3 - 4096 (default)" |
---|
1210 | read -rep " Please choose a key size or 'quit' to exit: " answer |
---|
1211 | answer="$(echo $answer | tr '[:lower:]' '[:upper:]')" |
---|
1212 | if [[ "$answer" == "QUIT" ]]; then |
---|
1213 | echo "Deleting folder $LIST_HOMEDIR..." |
---|
1214 | rm -rf $LIST_HOMEDIR |
---|
1215 | echo "List creation aborted." |
---|
1216 | return_code=1 |
---|
1217 | break |
---|
1218 | elif [[ "$answer" == "1" || "$answer" == "1024" ]]; then |
---|
1219 | KEY_SIZE="1024" |
---|
1220 | break |
---|
1221 | elif [[ "$answer" == "2" || "$answer" == "2048" ]]; then |
---|
1222 | KEY_SIZE="2048" |
---|
1223 | break |
---|
1224 | elif [[ -z "$answer" || "$answer" == "3" || "$answer" == "4096" ]]; then |
---|
1225 | KEY_SIZE="4096" |
---|
1226 | break |
---|
1227 | else |
---|
1228 | echo " Invalid answer." |
---|
1229 | fi |
---|
1230 | done |
---|
1231 | fi |
---|
1232 | |
---|
1233 | # key expiration |
---|
1234 | if [[ "$return_code" == "0" ]]; then |
---|
1235 | echo " Choose a key validity:" |
---|
1236 | echo " 0 = key does not expire (default)" |
---|
1237 | echo " <n> = key expires in n days" |
---|
1238 | echo " <n>w = key expires in n weeks" |
---|
1239 | echo " <n>m = key expires in n months" |
---|
1240 | echo " <n>y = key expires in n years" |
---|
1241 | |
---|
1242 | while true; do |
---|
1243 | read -rep " Please enter the key expiration time or 'quit' to exit: " KEY_EXPIRATION |
---|
1244 | KEY_EXPIRATION="$(echo $KEY_EXPIRATION | tr '[:upper:]' '[:lower:]')" |
---|
1245 | last_char="$(echo "$KEY_EXPIRATION" | grep -o '[wmy]$')" |
---|
1246 | digits_only="$(echo "$KEY_EXPIRATION" | sed -e "s/${last_char}$//")" |
---|
1247 | if [[ -z "$KEY_EXPIRATION" ]]; then |
---|
1248 | KEY_EXPIRATION="0" |
---|
1249 | break |
---|
1250 | elif [[ "$KEY_EXPIRATION" == "quit" ]]; then |
---|
1251 | echo "Deleting folder $LIST_HOMEDIR..." |
---|
1252 | rm -rf $LIST_HOMEDIR |
---|
1253 | echo "List creation aborted." |
---|
1254 | return_code=1 |
---|
1255 | break |
---|
1256 | elif [[ -z "$(echo $digits_only | sed -e 's/[0-9]//g')" ]]; then |
---|
1257 | break |
---|
1258 | else |
---|
1259 | echo " Invalid key expiration time." |
---|
1260 | fi |
---|
1261 | done |
---|
1262 | fi |
---|
1263 | |
---|
1264 | # config file creation |
---|
1265 | if [[ "$return_code" == "0" ]]; then |
---|
1266 | echo "Creating your config..." |
---|
1267 | touch $LIST_CONFIG_FILE 2> /dev/null |
---|
1268 | chmod 600 $LIST_CONFIG_FILE 2> /dev/null |
---|
1269 | chown $FIRMA_USER:$FIRMA_GROUP $LIST_CONFIG_FILE 2> /dev/null |
---|
1270 | if [[ -f "$LIST_CONFIG_FILE" ]]; then |
---|
1271 | DeclareGpgVars |
---|
1272 | echo -e "LIST_HOMEDIR='$LIST_HOMEDIR'\nLIST_ADDRESS='$LIST_ADDRESS'\nLIST_ADMIN='$LIST_ADMIN'\nPASSPHRASE='$PASSPHRASE'" > $LIST_CONFIG_FILE |
---|
1273 | echo -e "KEY_SIZE='$KEY_SIZE'\nKEY_DESCRIPTION='$KEY_DESCRIPTION'" >> $LIST_CONFIG_FILE |
---|
1274 | echo "Now generating your keyring..." |
---|
1275 | |
---|
1276 | $GPG --gen-key <<EOF |
---|
1277 | |
---|
1278 | Key-Type: DSA |
---|
1279 | Key-Length: $KEY_SIZE |
---|
1280 | Subkey-Type: ELG-E |
---|
1281 | Subkey-Length: $KEY_SIZE |
---|
1282 | |
---|
1283 | $KEY_DESCRIPTION |
---|
1284 | Name-Email: $LIST_ADDRESS |
---|
1285 | |
---|
1286 | Expire-Date: $KEY_EXPIRATION |
---|
1287 | Passphrase: $PASSPHRASE |
---|
1288 | %commit |
---|
1289 | |
---|
1290 | EOF |
---|
1291 | |
---|
1292 | # import admins pubkeys |
---|
1293 | while true; do |
---|
1294 | read -rep " Import list admins' pubkeys? (Y/n) " answer |
---|
1295 | answer="$(echo $answer | tr '[:lower:]' '[:upper:]')" |
---|
1296 | if [[ -z "$answer" || "$answer" == "Y" || "$answer" == "YES" ]]; then |
---|
1297 | |
---|
1298 | echo " Please choose a key import method:" |
---|
1299 | echo " 1 - Fetch the keys from a keyserver" |
---|
1300 | echo " 2 - Key material stored in a file" |
---|
1301 | |
---|
1302 | while true; do |
---|
1303 | read -rep " Please enter your choice: " answer |
---|
1304 | if [[ "$answer" == "1" ]]; then |
---|
1305 | read -rep " Please enter the keyserver address (defaults to $KEYSERVER): " answer |
---|
1306 | method="keyserver $answer" |
---|
1307 | break |
---|
1308 | elif [[ "$answer" == "2" ]]; then |
---|
1309 | method="file" |
---|
1310 | break |
---|
1311 | else |
---|
1312 | echo " Invalid answer. Choose either 1 or 2." |
---|
1313 | fi |
---|
1314 | done |
---|
1315 | |
---|
1316 | SubscribeUsers $method $LIST_ADMIN |
---|
1317 | |
---|
1318 | # send list pubkey to admins |
---|
1319 | if [[ "$?" == "0" ]]; then |
---|
1320 | while true; do |
---|
1321 | read -rep " Send list public key to list admins? (Y/n) " answer |
---|
1322 | answer="$(echo $answer | tr '[:lower:]' '[:upper:]')" |
---|
1323 | if [[ -z "$answer" || "$answer" == "Y" || "$answer" == "YES" ]]; then |
---|
1324 | SourceListConfig |
---|
1325 | CheckListConfigFile |
---|
1326 | SendListPubkey $LIST_ADMIN |
---|
1327 | break |
---|
1328 | elif [[ "$answer" == "N" || "$answer" == "NO" ]]; then |
---|
1329 | echo " Not sending public key from list to admins. Do it manually." |
---|
1330 | break |
---|
1331 | else |
---|
1332 | echo " Please answer either yes or no." |
---|
1333 | fi |
---|
1334 | done |
---|
1335 | fi |
---|
1336 | |
---|
1337 | break |
---|
1338 | elif [[ "$answer" == "N" || "$answer" == "NO" ]]; then |
---|
1339 | echo " Not sending public key from list to admins. Do it manually." |
---|
1340 | break |
---|
1341 | else |
---|
1342 | echo " Please answer either yes or no." |
---|
1343 | fi |
---|
1344 | done |
---|
1345 | |
---|
1346 | # fix permissions |
---|
1347 | chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_HOMEDIR 2> /dev/null |
---|
1348 | |
---|
1349 | echo "Your list was created. Now check its configuration at $LIST_CONFIG_FILE." |
---|
1350 | echo "To see a list of optional config parameters, type firma --help config." |
---|
1351 | fi |
---|
1352 | fi |
---|
1353 | else |
---|
1354 | echo "Could not create list homedir $LIST_HOMEDIR." |
---|
1355 | return_code=1 |
---|
1356 | fi |
---|
1357 | fi |
---|
1358 | |
---|
1359 | # list creation should be atomic |
---|
1360 | if [[ "$return_code" == "0" ]]; then |
---|
1361 | echo "List creation complete." |
---|
1362 | fi |
---|
1363 | |
---|
1364 | return $return_code |
---|
1365 | } |
---|
1366 | |
---|
1367 | |
---|
1368 | function AdminHelp { |
---|
1369 | #------------------------------------------------------------- |
---|
1370 | # display help on admin commands |
---|
1371 | # |
---|
1372 | # parameter(s): none |
---|
1373 | # depends on function(s): none |
---|
1374 | # returns: 0 |
---|
1375 | #------------------------------------------------------------- |
---|
1376 | |
---|
1377 | # this will be printed to STDOUT, so no indentation here |
---|
1378 | echo " |
---|
1379 | quit quit the admin prompt |
---|
1380 | help show this help |
---|
1381 | list show list subscribers |
---|
1382 | listinfo show list information |
---|
1383 | config list configuration |
---|
1384 | info EMAIL-ADDRESS show info of a given subscriber |
---|
1385 | sendkey SUBSCRIBER send list pubkey to subscriber |
---|
1386 | sub|subscribe [..] subscribe users ('subscribe help' for options) |
---|
1387 | unsub|unsubscribe EMAIL-ADDRESS unsubscribe an email from the list |
---|
1388 | use EMAIL-ADDRESS use the given address for message delivery instead |
---|
1389 | of the primary address on key |
---|
1390 | " |
---|
1391 | } |
---|
1392 | |
---|
1393 | |
---|
1394 | function ListAdministration { |
---|
1395 | #------------------------------------------------------------- |
---|
1396 | # process administrative tasks |
---|
1397 | # |
---|
1398 | # parameter(s): task to be performed (plus its argument(s)) |
---|
1399 | # depends on function(s): ChooseUid, CheckValidEmail, UbsubscribeUser |
---|
1400 | # SubscribeUsers, SendListPubkey |
---|
1401 | # returns: 0 if task is executed successfully, |
---|
1402 | # 1 if task can't be executed (command not found, too many/missing arguments, etc.), |
---|
1403 | # 3 if a quit command is entered |
---|
1404 | #------------------------------------------------------------- |
---|
1405 | |
---|
1406 | local -i return_code=0 |
---|
1407 | local subscribers |
---|
1408 | |
---|
1409 | # NOTE: when adding a new admin command, dont forget to |
---|
1410 | # - add a summary on AdminHelp function |
---|
1411 | # - if needed, add a "help" option to show more detailed help |
---|
1412 | |
---|
1413 | case $# in |
---|
1414 | 1) |
---|
1415 | case $1 in |
---|
1416 | help) |
---|
1417 | AdminHelp |
---|
1418 | ;; |
---|
1419 | quit) |
---|
1420 | return_code=3 |
---|
1421 | ;; |
---|
1422 | use) |
---|
1423 | AdminLog "$1: missing arguments (try \"help\")" |
---|
1424 | return_code=1 |
---|
1425 | ;; |
---|
1426 | unsub|unsubscribe) |
---|
1427 | AdminLog "$1: missing arguments (try \"help\")" |
---|
1428 | return_code=1 |
---|
1429 | ;; |
---|
1430 | list) |
---|
1431 | GetSubscribersList |
---|
1432 | for subscriber in $SUBSCRIBERS_LIST; do |
---|
1433 | AdminLog " $subscriber" |
---|
1434 | done |
---|
1435 | ;; |
---|
1436 | sub|subscribe) |
---|
1437 | AdminLog "$1: missing arguments (try \"$1 help\")" |
---|
1438 | return_code=1 |
---|
1439 | ;; |
---|
1440 | sendkey) |
---|
1441 | AdminLog "$1: missing arguments (try \"$1 help\")." |
---|
1442 | return_code=1 |
---|
1443 | ;; |
---|
1444 | info) |
---|
1445 | AdminLog "$1: missing arguments (try \"help\")." |
---|
1446 | return_code=1 |
---|
1447 | ;; |
---|
1448 | listinfo) |
---|
1449 | GetSubscribersInfo $LIST_ADDRESS |
---|
1450 | ;; |
---|
1451 | config) |
---|
1452 | AdminLog "$1: missing arguments (try \"$1 help\")." |
---|
1453 | return_code=1 |
---|
1454 | ;; |
---|
1455 | *) |
---|
1456 | AdminLog "Command not found -- $1 (try \"help\")" |
---|
1457 | return_code=1 |
---|
1458 | ;; |
---|
1459 | esac |
---|
1460 | ;; |
---|
1461 | 2) |
---|
1462 | case $1 in |
---|
1463 | use) |
---|
1464 | # check if argument is an email address |
---|
1465 | if CheckValidEmail $2; then |
---|
1466 | ChooseUid $2 |
---|
1467 | else |
---|
1468 | AdminLog "$1: invalid argument -- $2 (try \"help\")" |
---|
1469 | return_code=1 |
---|
1470 | fi |
---|
1471 | ;; |
---|
1472 | unsub|unsubscribe) |
---|
1473 | UnsubscribeUser $2 |
---|
1474 | return_code=$? |
---|
1475 | ;; |
---|
1476 | sub|subscribe) |
---|
1477 | SubscribeUsers $2 |
---|
1478 | return_code=$? |
---|
1479 | ;; |
---|
1480 | sendkey) |
---|
1481 | SendListPubkey $2 |
---|
1482 | return_code=$? |
---|
1483 | ;; |
---|
1484 | info) |
---|
1485 | GetSubscribersInfo $2 |
---|
1486 | return_code=$? |
---|
1487 | ;; |
---|
1488 | listinfo) |
---|
1489 | AdminLog "$1: too many arguments -- $@ (try \"help\")" |
---|
1490 | return_code=1 |
---|
1491 | ;; |
---|
1492 | config) |
---|
1493 | if [[ "$2" == "help" ]]; then |
---|
1494 | ConfigHelp |
---|
1495 | return_code=$? |
---|
1496 | else |
---|
1497 | AdminLog "$1: too many arguments -- $@ (try \"$1 help\")" |
---|
1498 | return_code=1 |
---|
1499 | fi |
---|
1500 | ;; |
---|
1501 | help|quit) |
---|
1502 | AdminLog "$1: too many arguments -- $@ (try \"help\")" |
---|
1503 | return_code=1 |
---|
1504 | ;; |
---|
1505 | *) |
---|
1506 | AdminLog "Command not found -- $1 (try \"help\")" |
---|
1507 | return_code=1 |
---|
1508 | ;; |
---|
1509 | esac |
---|
1510 | ;; |
---|
1511 | *) |
---|
1512 | case $1 in |
---|
1513 | help|quit|use) |
---|
1514 | AdminLog "$1: too many arguments -- $@ (try \"help\")" |
---|
1515 | return_code=1 |
---|
1516 | ;; |
---|
1517 | sub|subscribe) |
---|
1518 | shift |
---|
1519 | SubscribeUsers $* |
---|
1520 | return_code=$? |
---|
1521 | ;; |
---|
1522 | sendkey) |
---|
1523 | shift |
---|
1524 | SendListPubkey $* |
---|
1525 | return_code=$? |
---|
1526 | ;; |
---|
1527 | info) |
---|
1528 | shift |
---|
1529 | GetSubscribersInfo $* |
---|
1530 | return_code=$? |
---|
1531 | ;; |
---|
1532 | listinfo) |
---|
1533 | AdminLog "$1: too many arguments -- $@ (try \"help\")" |
---|
1534 | return_code=1 |
---|
1535 | ;; |
---|
1536 | *) |
---|
1537 | AdminLog "Command not found -- $1 (try \"help\")" |
---|
1538 | return_code=1 |
---|
1539 | ;; |
---|
1540 | esac |
---|
1541 | ;; |
---|
1542 | esac |
---|
1543 | |
---|
1544 | return $return_code |
---|
1545 | } |
---|
1546 | |
---|
1547 | |
---|
1548 | function ChooseUid { |
---|
1549 | #------------------------------------------------------------- |
---|
1550 | # choose which UID of a public key should be used for message delivery, |
---|
1551 | #+deleting all other UIDs on the key |
---|
1552 | # |
---|
1553 | # parameter(s): chosen email address |
---|
1554 | # depends on function(s): DeclareGpgVars |
---|
1555 | # returns: 0 on success, |
---|
1556 | # 1 if task can't be executed (public key not found, only one UID on key, etc.) |
---|
1557 | #------------------------------------------------------------- |
---|
1558 | |
---|
1559 | local -i return_code=0 |
---|
1560 | local keyid="$($GPG_LIST_KEYS --with-fingerprint $1 2> /dev/null | grep ^fpr | cut -d : -f 10)" |
---|
1561 | local uid_count="$($GPG_LIST_KEYS --fixed-list-mode $keyid 2> /dev/null | grep ^uid | wc -l)" |
---|
1562 | local chosen_uid_number="$($GPG_LIST_KEYS --fixed-list-mode $keyid 2> /dev/null | grep ^uid | grep -ni "$1" | cut -d : -f 1)" |
---|
1563 | |
---|
1564 | # check if supplied address is associated with a public key |
---|
1565 | if [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$1>" 2> /dev/null | grep -v '^tru:')" ]]; then |
---|
1566 | AdminLog "use: \"$1\" is not associated with any public key on this keyring." |
---|
1567 | return_code=1 |
---|
1568 | # then check if there's more than one UID on this public key |
---|
1569 | elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep ^uid | wc -l)" == "1" )); then |
---|
1570 | AdminLog "use: \"$1\" is part of the only UID on public key ${keyid:32}." |
---|
1571 | return_code=1 |
---|
1572 | # and then check if there's only one public key associated with this address |
---|
1573 | elif (( "$($GPG_LIST_KEYS --fixed-list-mode $1 2> /dev/null | grep -i "<$1>:$" | wc -l)" > 1 )); then |
---|
1574 | AdminLog "use: \"$1\" is listed in more than one UID on this keyring." |
---|
1575 | AdminLog "Delete all but one of the public keys or UIDs associated with this email address." |
---|
1576 | return_code=1 |
---|
1577 | fi |
---|
1578 | |
---|
1579 | # if all checks are OK, run the expect script bellow |
---|
1580 | if (( $return_code == "0" )); then |
---|
1581 | expect -nN -- << EOF |
---|
1582 | # no output to STDOUT |
---|
1583 | log_user 0 |
---|
1584 | # set a 5 seconds timeout in case anything goes wrong |
---|
1585 | set timeout 5 |
---|
1586 | |
---|
1587 | # call gpg with the "--edit-key" option |
---|
1588 | eval spawn -noecho $GPG --with-colons --command-fd 0 --status-fd 1 --edit-key $keyid |
---|
1589 | expect "GET_LINE keyedit.prompt" { |
---|
1590 | # select for deletion all UIDs other than the chosen one |
---|
1591 | set uid 1 |
---|
1592 | while { \$uid <= $uid_count } { |
---|
1593 | if { \$uid != $chosen_uid_number } { |
---|
1594 | send "uid \$uid\n" |
---|
1595 | expect "GET_LINE keyedit.prompt" |
---|
1596 | } |
---|
1597 | set uid [incr uid] |
---|
1598 | } |
---|
1599 | # delete selected UIDs |
---|
1600 | send "deluid\n" |
---|
1601 | # confirm deletion |
---|
1602 | expect "GET_BOOL keyedit.remove.uid.okay" {send "yes\n"} |
---|
1603 | # save and exit |
---|
1604 | expect "GET_LINE keyedit.prompt" {send "save\n"} |
---|
1605 | expect "GOT_IT" |
---|
1606 | } |
---|
1607 | |
---|
1608 | # delay until the process above terminates |
---|
1609 | wait |
---|
1610 | # send following message to user |
---|
1611 | # send_user "use: \"$1\" chosen for message delivery. [ expr $uid_count - 1 ] UID(s) deleted from public key ${keyid:32}.\n" |
---|
1612 | exit |
---|
1613 | EOF |
---|
1614 | fi |
---|
1615 | |
---|
1616 | if [[ "$return_code" == "0" || "$?" == "0" ]]; then |
---|
1617 | AdminLog "use: $1 chosen for message delivery. $(($uid_count - 1)) UID(s) deleted from public key ${keyid:32}." |
---|
1618 | else |
---|
1619 | return_code=1 |
---|
1620 | fi |
---|
1621 | |
---|
1622 | FixListOwnership |
---|
1623 | return $return_code |
---|
1624 | } |
---|
1625 | |
---|
1626 | |
---|
1627 | function CheckPermission { |
---|
1628 | #------------------------------------------------------------- |
---|
1629 | # check if file has correct permissions (600) and also |
---|
1630 | #+if the file is owned by $FIRMA_USER |
---|
1631 | #+got the idea for this function from backupninja |
---|
1632 | # |
---|
1633 | # parameter(s): file name |
---|
1634 | # depends on function(s): none |
---|
1635 | # returns: 0 if file has correct permissions |
---|
1636 | # 1 if not, and also print a warning message |
---|
1637 | #------------------------------------------------------------- |
---|
1638 | |
---|
1639 | local file="$1" |
---|
1640 | local perms="$(ls -ld "$file")" |
---|
1641 | |
---|
1642 | perms="${perms:4:6}" |
---|
1643 | if [[ "$perms" != "------" ]]; then |
---|
1644 | LogMessage "WARNING: Configuration files must not be group or world writable/readable! Wrong permission for file $file" |
---|
1645 | return 1 |
---|
1646 | fi |
---|
1647 | |
---|
1648 | if [[ $(ls -ld $file | cut -d " " -f 3) != "$FIRMA_USER" ]]; then |
---|
1649 | LogMessage "WARNING: Configuration files must be owned by $FIRMA_USER! Wrong ownership for file $file" |
---|
1650 | return 1 |
---|
1651 | fi |
---|
1652 | |
---|
1653 | return 0 |
---|
1654 | } |
---|
1655 | |
---|
1656 | |
---|
1657 | function CheckListPermissions { |
---|
1658 | #------------------------------------------------------------- |
---|
1659 | # check if list files has correct permissions (600) and also |
---|
1660 | #+if the files are owned by $FIRMA_USER |
---|
1661 | # |
---|
1662 | # parameter(s): list config file |
---|
1663 | # depends on function(s): CheckPermission |
---|
1664 | # returns: 0 if file has correct permissions |
---|
1665 | # 1 if not, and also print a warning message |
---|
1666 | #------------------------------------------------------------- |
---|
1667 | |
---|
1668 | local file |
---|
1669 | local folder |
---|
1670 | local config |
---|
1671 | |
---|
1672 | # check and fix permissions on all files from $LIST_PATH to $FIRMA_USER:$FIRMA_GROUP |
---|
1673 | if [[ -n "$1" ]]; then |
---|
1674 | folder="$(dirname $1)" |
---|
1675 | config="$(basename $1)" |
---|
1676 | for file in $config pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg; do |
---|
1677 | if ! CheckPermission $folder/$file; then |
---|
1678 | LogMessage "Fixing permission and ownership for $folder/$file" |
---|
1679 | chmod 600 $folder/$file 2> /dev/null |
---|
1680 | chown $FIRMA_USER:$FIRMA_GROUP $folder/$file 2> /dev/null |
---|
1681 | fi |
---|
1682 | done |
---|
1683 | fi |
---|
1684 | } |
---|
1685 | |
---|
1686 | |
---|
1687 | function CheckValidEmail { |
---|
1688 | #------------------------------------------------------------- |
---|
1689 | # check if argument is a valid email address |
---|
1690 | # |
---|
1691 | # parameter(s): string |
---|
1692 | # depends on function(s): none |
---|
1693 | # returns: 0 if string represents a valid email address |
---|
1694 | # 1 if not |
---|
1695 | #------------------------------------------------------------- |
---|
1696 | |
---|
1697 | local local_part='[[:alnum:]][[:alnum:]._+-]*[[:alnum:]]' |
---|
1698 | local domain='[[:alnum:]][[:alnum:].-]*[[:alnum:]]' |
---|
1699 | local tld='[[:alpha:]]\{2,6\}' |
---|
1700 | |
---|
1701 | if ! echo "$1" | grep -q "^${local_part}@${domain}\.${tld}$"; then |
---|
1702 | return 1 |
---|
1703 | else |
---|
1704 | return 0 |
---|
1705 | fi |
---|
1706 | } |
---|
1707 | |
---|
1708 | |
---|
1709 | function UnsubscribeUser { |
---|
1710 | #------------------------------------------------------------- |
---|
1711 | # unsubscribe a user and remove its pubkey from |
---|
1712 | #+the list keyring |
---|
1713 | # |
---|
1714 | # parameter(s): chosen email address |
---|
1715 | # depends on function(s): DeclareGpgVars |
---|
1716 | # returns: 0 on success, |
---|
1717 | # 1 if task can't be executed (public key not found, etc.) |
---|
1718 | #------------------------------------------------------------- |
---|
1719 | |
---|
1720 | local key |
---|
1721 | local -i return_code=0 |
---|
1722 | local keyid="$($GPG_LIST_KEYS --with-fingerprint $1 2> /dev/null | grep ^fpr | cut -d : -f 10)" |
---|
1723 | |
---|
1724 | # check if its a valid email |
---|
1725 | if ! CheckValidEmail $1; then |
---|
1726 | AdminLog "unsub: \"$1\" is not an email address." |
---|
1727 | return_code=1 |
---|
1728 | # check if user is trying to unsubscribe the list key |
---|
1729 | elif [[ "$1" == "$LIST_ADDRESS" ]]; then |
---|
1730 | AdminLog "unsub: can't delete the list pubkey." |
---|
1731 | return_code=1 |
---|
1732 | # check if supplied address is associated with a public key |
---|
1733 | elif [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$1>" 2> /dev/null | grep -v '^tru:')" ]]; then |
---|
1734 | AdminLog "unsub: \"$1\" is not associated with any public key on this keyring." |
---|
1735 | return_code=1 |
---|
1736 | else |
---|
1737 | for key in $keyid; do |
---|
1738 | $GPG --batch --delete-key --yes $key |
---|
1739 | if [[ "$?" == "0" ]]; then |
---|
1740 | AdminLog "deleted key id $key for $1" |
---|
1741 | # now just update the trust db |
---|
1742 | $GPG_LIST_KEYS &> /dev/null |
---|
1743 | else |
---|
1744 | AdminLog "unsub: error deleting key id $key for $1" |
---|
1745 | return_code=1 |
---|
1746 | fi |
---|
1747 | done |
---|
1748 | fi |
---|
1749 | |
---|
1750 | FixListOwnership |
---|
1751 | return $return_code |
---|
1752 | } |
---|
1753 | |
---|
1754 | |
---|
1755 | function LogMessage { |
---|
1756 | #------------------------------------------------------------- |
---|
1757 | # write a log message to STDOUT or to syslog |
---|
1758 | # |
---|
1759 | # parameter(s): string |
---|
1760 | # depends on function(s): none |
---|
1761 | # returns: 0 |
---|
1762 | #------------------------------------------------------------- |
---|
1763 | |
---|
1764 | local error_message="$*" |
---|
1765 | local line |
---|
1766 | |
---|
1767 | if [[ "$LOG_TO_SYSLOG" == "1" ]]; then |
---|
1768 | echo "$error_message" | $LOGGER_BINARY -p "$SYSLOG_PRIORITY" -t "$BASENAME" |
---|
1769 | else |
---|
1770 | |
---|
1771 | echo "$error_message" | while read line; do |
---|
1772 | echo >&2 "$BASENAME: $line" |
---|
1773 | done |
---|
1774 | |
---|
1775 | fi |
---|
1776 | |
---|
1777 | return 0 |
---|
1778 | } |
---|
1779 | |
---|
1780 | |
---|
1781 | function SubscribeUsers { |
---|
1782 | #------------------------------------------------------------- |
---|
1783 | # subscribe users to the list importing their pubkeys |
---|
1784 | # |
---|
1785 | # parameter(s): $1: help, stdin, keyserver or file |
---|
1786 | # $2: where to fetch the pubkeys |
---|
1787 | # $3: keyid (keyserver only) |
---|
1788 | # depends on function(s): none |
---|
1789 | # returns: 0 on success |
---|
1790 | # 1 on failure |
---|
1791 | #------------------------------------------------------------- |
---|
1792 | |
---|
1793 | local -i return_code=0 |
---|
1794 | local keyserver |
---|
1795 | local method |
---|
1796 | |
---|
1797 | if [[ "$1" == "help" ]]; then |
---|
1798 | AdminLog " |
---|
1799 | help show this help |
---|
1800 | stdin waits for key material from stdin (interactive mode only) |
---|
1801 | file <file-name> import pubkeys from file (interactive mode only) |
---|
1802 | keyserver [server-address] <key-ids> import <key-ids> from <server-address> |
---|
1803 | (default keyserver: $KEYSERVER) |
---|
1804 | " |
---|
1805 | elif [[ "$1" == "stdin" ]]; then |
---|
1806 | if [[ "$MODE" == "admin-interactive" ]]; then |
---|
1807 | echo "Please enter the key material here, finishing with Ctrl-D sequence..." |
---|
1808 | $GPG_NOBATCH --import |
---|
1809 | return_code=$? |
---|
1810 | if [[ "$return_code" == "0" ]]; then |
---|
1811 | AdminLog "subscription: success" |
---|
1812 | fi |
---|
1813 | else |
---|
1814 | AdminLog "subscribe: stdin option only valid in the interactive (command-line) mode" |
---|
1815 | return_code=1 |
---|
1816 | fi |
---|
1817 | elif [[ "$1" == "file" ]]; then |
---|
1818 | if [[ -n "$2" ]]; then |
---|
1819 | if [[ -f "$2" ]]; then |
---|
1820 | $GPG --import < $2 |
---|
1821 | return_code=$? |
---|
1822 | if [[ "$return_code" == "0" ]]; then |
---|
1823 | AdminLog "subscription: success" |
---|
1824 | fi |
---|
1825 | else |
---|
1826 | echo >&2 "subscribe: cant add subscribers from $1: no such file or directory" |
---|
1827 | return_code=1 |
---|
1828 | fi |
---|
1829 | else |
---|
1830 | echo >&2 "subscribe: missing parameters: subscribe file requires a file name" |
---|
1831 | return_code=1 |
---|
1832 | fi |
---|
1833 | elif [[ "$1" == "keyserver" ]]; then |
---|
1834 | if [[ -n "$2" ]]; then |
---|
1835 | if [[ -z "$3" ]]; then |
---|
1836 | keyserver="$KEYSERVER" |
---|
1837 | else |
---|
1838 | if ! CheckValidEmail $2; then |
---|
1839 | keyserver="$2" |
---|
1840 | shift |
---|
1841 | else |
---|
1842 | keyserver="$KEYSERVER" |
---|
1843 | fi |
---|
1844 | fi |
---|
1845 | if CheckValidEmail $2; then |
---|
1846 | method="--search-keys" |
---|
1847 | else |
---|
1848 | method="--recv-keys" |
---|
1849 | fi |
---|
1850 | if [[ "$return_code" == "0" ]]; then |
---|
1851 | shift |
---|
1852 | $GPG_NOBATCH --keyserver $keyserver $method $* |
---|
1853 | return_code=$? |
---|
1854 | if [[ "$return_code" == "0" ]]; then |
---|
1855 | AdminLog "subscription: success" |
---|
1856 | fi |
---|
1857 | fi |
---|
1858 | else |
---|
1859 | AdminLog "subscribe: missing parameters: type subscribe help" |
---|
1860 | return_code=1 |
---|
1861 | fi |
---|
1862 | else |
---|
1863 | AdminLog "subscribe: wrong option: type subscribe help" |
---|
1864 | return_code=1 |
---|
1865 | fi |
---|
1866 | |
---|
1867 | FixListOwnership |
---|
1868 | return $return_code |
---|
1869 | } |
---|
1870 | |
---|
1871 | |
---|
1872 | function SendListPubkey { |
---|
1873 | #------------------------------------------------------------- |
---|
1874 | # send list pubkey to a given subscriber list |
---|
1875 | # |
---|
1876 | # parameter(s): subscribers' emails |
---|
1877 | # depends on function(s): GetMessage, GetSenderAddress, AssembleMessage |
---|
1878 | # returns: 0 on success |
---|
1879 | # 1 on failure |
---|
1880 | #------------------------------------------------------------- |
---|
1881 | |
---|
1882 | local key |
---|
1883 | local keys |
---|
1884 | local keyid |
---|
1885 | local keyboundary |
---|
1886 | |
---|
1887 | if [[ "$1" == "help" ]]; then |
---|
1888 | AdminLog "usage: sendkey [all|email|help]" |
---|
1889 | AdminLog "supported arguments: all (for all subscribers) or a space-separated subscriber emails." |
---|
1890 | return 0 |
---|
1891 | elif [[ "$1" == "all" ]]; then |
---|
1892 | GetSubscribersList |
---|
1893 | keys="$SUBSCRIBERS_LIST" |
---|
1894 | else |
---|
1895 | keys="$*" |
---|
1896 | fi |
---|
1897 | |
---|
1898 | for key in $keys; do |
---|
1899 | keyid="$($GPG_LIST_KEYS --with-fingerprint $1 2> /dev/null | grep ^fpr | cut -d : -f 10)" |
---|
1900 | |
---|
1901 | if [[ -z "$key" ]]; then |
---|
1902 | AdminLog "sendkey: missing argument: subscriber email address." |
---|
1903 | return 1 |
---|
1904 | elif ! CheckValidEmail $key; then |
---|
1905 | AdminLog "sendkey: \"$key\" is not an email address." |
---|
1906 | return 1 |
---|
1907 | elif [[ -z "$($GPG_LIST_KEYS --fixed-list-mode "<$key>" 2> /dev/null | grep -v '^tru:')" ]]; then |
---|
1908 | # check if supplied address is associated with a public key |
---|
1909 | AdminLog "sendkey: \"$key\" is not associated with any public key on this keyring." |
---|
1910 | return 1 |
---|
1911 | fi |
---|
1912 | |
---|
1913 | RECIPIENTS="$key" |
---|
1914 | SUBJECT="mailing list public key" |
---|
1915 | keyboundary="$(RandomString 15)" |
---|
1916 | |
---|
1917 | # this is the body of the message to be sent, so no indentation here |
---|
1918 | MESSAGE_BODY="$($GPG --armor --export $LIST_ADDRESS)" |
---|
1919 | MESSAGE_BODY="\ |
---|
1920 | Content-Type: multipart/mixed; boundary=\"$keyboundary\" |
---|
1921 | Content-Disposition: inline |
---|
1922 | |
---|
1923 | --$keyboundary |
---|
1924 | Content-Type: application/pgp-keys |
---|
1925 | Content-Disposition: attachment; filename=${LIST_NAME}_pubkey.asc |
---|
1926 | Content-Description: PGP Key for $LIST_ADDRESS |
---|
1927 | |
---|
1928 | $MESSAGE_BODY |
---|
1929 | |
---|
1930 | --${keyboundary}--" |
---|
1931 | |
---|
1932 | # compose the message |
---|
1933 | MimeWrapMessage |
---|
1934 | |
---|
1935 | # send message |
---|
1936 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $RECIPIENTS |
---|
1937 | done |
---|
1938 | |
---|
1939 | AdminLog "List pubkey sent to $keys." |
---|
1940 | FixListOwnership |
---|
1941 | |
---|
1942 | } |
---|
1943 | |
---|
1944 | |
---|
1945 | function GetSubscribersInfo { |
---|
1946 | #------------------------------------------------------------- |
---|
1947 | # get info on a subscriber pubkey |
---|
1948 | # |
---|
1949 | # parameter(s): subscribers' emails |
---|
1950 | # depends on function(s): none |
---|
1951 | # returns: 0 on success |
---|
1952 | # 1 on failure |
---|
1953 | #------------------------------------------------------------- |
---|
1954 | |
---|
1955 | local key |
---|
1956 | local keys |
---|
1957 | local keyid |
---|
1958 | local output |
---|
1959 | |
---|
1960 | if [[ "$1" == "help" ]]; then |
---|
1961 | AdminLog "usage: info [all|emails|help]" |
---|
1962 | AdminLog "supported arguments: all (for all subscribers) or a space-separated subscribers' emails." |
---|
1963 | return 0 |
---|
1964 | elif [[ "$1" == "all" ]]; then |
---|
1965 | GetSubscribersList |
---|
1966 | keys="$SUBSCRIBERS_LIST" |
---|
1967 | else |
---|
1968 | keys="$*" |
---|
1969 | fi |
---|
1970 | |
---|
1971 | for key in $keys; do |
---|
1972 | keyid="$($GPG_LIST_KEYS --with-fingerprint $1 2> /dev/null | grep ^fpr | cut -d : -f 10)" |
---|
1973 | if [[ -n "$keyid" ]]; then |
---|
1974 | output="$($GPG --fingeprint $key)" |
---|
1975 | AdminLog "$output" |
---|
1976 | fi |
---|
1977 | done |
---|
1978 | |
---|
1979 | FixListOwnership |
---|
1980 | return $? |
---|
1981 | } |
---|
1982 | |
---|
1983 | |
---|
1984 | function FixListOwnership { |
---|
1985 | #------------------------------------------------------------- |
---|
1986 | # fix list ownership |
---|
1987 | # |
---|
1988 | # parameter(s): none |
---|
1989 | # depends on function(s): none |
---|
1990 | # returns: 0 on success |
---|
1991 | # 1 on failure |
---|
1992 | #------------------------------------------------------------- |
---|
1993 | |
---|
1994 | if [[ -d "$LIST_PATH" ]]; then |
---|
1995 | chown -R $FIRMA_USER:$FIRMA_GROUP $LIST_PATH 2> /dev/null |
---|
1996 | fi |
---|
1997 | return $? |
---|
1998 | } |
---|
1999 | |
---|
2000 | |
---|
2001 | function RandomString { |
---|
2002 | #------------------------------------------------------------- |
---|
2003 | # print a random string |
---|
2004 | #+got it from http://funcoeszz.net/ |
---|
2005 | # |
---|
2006 | # parameter(s): string size (max 62) |
---|
2007 | # depends on function(s): none |
---|
2008 | # returns: 0 |
---|
2009 | # 1 if string size is greater than 62 |
---|
2010 | #------------------------------------------------------------- |
---|
2011 | |
---|
2012 | local n alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.,;:?!" |
---|
2013 | |
---|
2014 | n="$(( 10#$(echo "$1" | tr -dc '[:digit:]') ))" |
---|
2015 | if [[ "$n" == "0" ]]; then |
---|
2016 | n="6" |
---|
2017 | fi |
---|
2018 | |
---|
2019 | if [[ "$n" -gt "62" ]]; then |
---|
2020 | return 1 |
---|
2021 | fi |
---|
2022 | |
---|
2023 | while [[ "$n" != "0" ]]; do n="$((n-1))" ; pos="$((RANDOM%${#alpha}+1))" |
---|
2024 | echo -n "$alpha" | sed "s/\(.\)\{$pos\}.*/\1/" |
---|
2025 | alpha="$(echo $alpha | sed "s/.//$pos")" |
---|
2026 | done | tr -d '\012' ; echo |
---|
2027 | |
---|
2028 | return 0 |
---|
2029 | } |
---|
2030 | |
---|
2031 | |
---|
2032 | function AdminLog { |
---|
2033 | #------------------------------------------------------------- |
---|
2034 | # check whether admin is made via command line |
---|
2035 | #+or email and then log a message according to the |
---|
2036 | #+display mode |
---|
2037 | # |
---|
2038 | # parameter(s): string |
---|
2039 | # depends on function(s): none |
---|
2040 | # returns: 0 |
---|
2041 | #------------------------------------------------------------- |
---|
2042 | |
---|
2043 | if [[ "$MODE" == "admin-interactive" ]]; then |
---|
2044 | echo >&2 "$*" |
---|
2045 | else |
---|
2046 | echo "$*" |
---|
2047 | fi |
---|
2048 | } |
---|
2049 | |
---|
2050 | |
---|
2051 | function EmailListAdministration { |
---|
2052 | #------------------------------------------------------------- |
---|
2053 | # parse and execute admin tasks via email |
---|
2054 | # |
---|
2055 | # parameter(s): none |
---|
2056 | # depends on function(s): ProcessMessage should be called first |
---|
2057 | # returns: 0 on success :) |
---|
2058 | # 1 on failure :/ |
---|
2059 | #------------------------------------------------------------- |
---|
2060 | |
---|
2061 | local sender found |
---|
2062 | local command |
---|
2063 | |
---|
2064 | found="0" |
---|
2065 | for sender in $LIST_ADMIN; do |
---|
2066 | if [[ "$sender" == "$SENDER_ADDRESS" ]]; then |
---|
2067 | found="1" |
---|
2068 | break |
---|
2069 | fi |
---|
2070 | done |
---|
2071 | if [[ "$found" == "1" ]]; then |
---|
2072 | # message was sent by an admin |
---|
2073 | #+then, parse and process admin tasks |
---|
2074 | MESSAGE_BODY="$(echo -e "$DECRYPTED_MESSAGE" | while read command; do |
---|
2075 | if [[ -n "$command" ]] && echo $command | grep -q -v -e "^Content"; then |
---|
2076 | AdminLog "Command> $command" |
---|
2077 | ListAdministration $command |
---|
2078 | fi |
---|
2079 | done)" |
---|
2080 | # send a message back to the administrator |
---|
2081 | RECIPIENTS="$SENDER_ADDRESS" |
---|
2082 | SUBJECT="admin request results" |
---|
2083 | CreateMessageBodyPart |
---|
2084 | MimeWrapMessage |
---|
2085 | echo "$MESSAGE" | $MAIL_AGENT $MAIL_AGENT_ARGS $SENDER_ADDRESS |
---|
2086 | else |
---|
2087 | # message was sent by a normal subscriber |
---|
2088 | # this is the body of the message to be sent, so no indentation here |
---|
2089 | MESSAGE_BODY="\ |
---|
2090 | It was not possible to process this message. Message was |
---|
2091 | not sent by a list administrator." |
---|
2092 | ComposeAndSendBounceMessage |
---|
2093 | fi |
---|
2094 | |
---|
2095 | return $? |
---|
2096 | } |
---|
2097 | |
---|
2098 | |
---|
2099 | function AllowMessageProcessing { |
---|
2100 | #------------------------------------------------------------- |
---|
2101 | # check if the message has sufficient rights to be processed |
---|
2102 | # |
---|
2103 | # parameter(s): none |
---|
2104 | # depends on function(s): ParseGpgDecryptStderr |
---|
2105 | # returns: 0 if message has rights to be processed |
---|
2106 | # 1 if not |
---|
2107 | #------------------------------------------------------------- |
---|
2108 | |
---|
2109 | local -i return_code=0 |
---|
2110 | |
---|
2111 | if [[ "$MODE" == "admin-non-interactive" ]]; then |
---|
2112 | REQUIRE_SIGNATURE="1" |
---|
2113 | fi |
---|
2114 | |
---|
2115 | if [[ "$ENCRYPTED_TO_LIST" == "1" ]]; then |
---|
2116 | if [[ "$REQUIRE_SIGNATURE" == "1" ]]; then |
---|
2117 | if [[ "$GOOD_SIGNATURE" == "1" && "$SIGNATURE_MADE_BY_SENDER" == "1" ]]; then |
---|
2118 | return_code=0 |
---|
2119 | else |
---|
2120 | return_code=1 |
---|
2121 | fi |
---|
2122 | else |
---|
2123 | return_code=0 |
---|
2124 | fi |
---|
2125 | else |
---|
2126 | return_code=1 |
---|
2127 | fi |
---|
2128 | |
---|
2129 | return $return_code |
---|
2130 | } |
---|
2131 | |
---|
2132 | |
---|
2133 | function MimeWrapMessage { |
---|
2134 | #------------------------------------------------------------- |
---|
2135 | # MIME wrap message to be sent, adding needed headers and body parts |
---|
2136 | # |
---|
2137 | # parameter(s): none |
---|
2138 | # depends on variable(s): RECIPIENTS, SUBJECT, GPG_MESSAGE |
---|
2139 | # |
---|
2140 | # returns: 0 |
---|
2141 | #------------------------------------------------------------- |
---|
2142 | |
---|
2143 | local boundary |
---|
2144 | |
---|
2145 | boundary="$(RandomString 15)" |
---|
2146 | |
---|
2147 | # these are the headers of the message to be sent, so no indentation here |
---|
2148 | MESSAGE_HEADERS="\ |
---|
2149 | From: $LIST_REQUEST_ADDRESS |
---|
2150 | To: ${RECIPIENTS} |
---|
2151 | Reply-To: $LIST_REQUEST_ADDRESS |
---|
2152 | Subject: ${SUBJECT_PREFIX}${SUBJECT} |
---|
2153 | MIME-Version: 1.0 |
---|
2154 | Content-Type: multipart/encrypted; |
---|
2155 | protocol=\"application/pgp-encrypted\"; |
---|
2156 | boundary=\"${boundary}\" |
---|
2157 | Content-Disposition: inline" |
---|
2158 | |
---|
2159 | GPG_MESSAGE="$(echo -e "${PASSPHRASE}\n${MESSAGE_BODY}" | $GPG_ENCRYPT --recipient $RECIPIENTS)" |
---|
2160 | |
---|
2161 | # this is the body of the message to be sent, so no indentation here |
---|
2162 | MESSAGE_BODY="\ |
---|
2163 | This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) |
---|
2164 | --$boundary |
---|
2165 | Content-Type: application/pgp-encrypted |
---|
2166 | Content-Description: PGP/MIME version identification |
---|
2167 | |
---|
2168 | Version: 1 |
---|
2169 | |
---|
2170 | --$boundary |
---|
2171 | Content-Type: application/octet-stream; name=\"encrypted.asc\" |
---|
2172 | Content-Disposition: inline; filename=\"encrypted.asc\" |
---|
2173 | |
---|
2174 | ${GPG_MESSAGE} |
---|
2175 | |
---|
2176 | --${boundary}--" |
---|
2177 | |
---|
2178 | # assemble entire message |
---|
2179 | MESSAGE="\ |
---|
2180 | ${MESSAGE_HEADERS} |
---|
2181 | |
---|
2182 | ${MESSAGE_BODY}" |
---|
2183 | } |
---|
2184 | |
---|
2185 | |
---|
2186 | function CreateMessageBodyPart { |
---|
2187 | #------------------------------------------------------------- |
---|
2188 | # create a message body part |
---|
2189 | # |
---|
2190 | # parameter(s): none |
---|
2191 | # depends on variable(s): MESSAGE_BODY |
---|
2192 | # |
---|
2193 | # returns: 0 |
---|
2194 | #------------------------------------------------------------- |
---|
2195 | |
---|
2196 | # this is the body of the message to be sent, so no indentation here |
---|
2197 | MESSAGE_BODY="\ |
---|
2198 | Content-Type: text/plain; charset=iso-8859-1 |
---|
2199 | Content-Disposition: inline |
---|
2200 | |
---|
2201 | $MESSAGE_BODY" |
---|
2202 | } |
---|
2203 | |
---|
2204 | |
---|
2205 | function EvalConfigParameter { |
---|
2206 | #------------------------------------------------------------- |
---|
2207 | # eval parameters from a config file |
---|
2208 | # |
---|
2209 | # parameter(s): <config-file> <parameter> |
---|
2210 | # depends on function(s): none |
---|
2211 | # returns: 0 on success |
---|
2212 | # 1 if config file not found or missing parameter |
---|
2213 | #------------------------------------------------------------- |
---|
2214 | |
---|
2215 | if [[ "$#" != "2" ]]; then |
---|
2216 | echo "WARNING: missing parameters on EvalConfigParameters." |
---|
2217 | return 1 |
---|
2218 | elif [[ ! -f "$1" ]]; then |
---|
2219 | echo "WARNING: file not found: $1" |
---|
2220 | return 1 |
---|
2221 | fi |
---|
2222 | |
---|
2223 | echo "$(grep "^$2=" $1 | sed -e "s/^$2='//" -e "s/'$//" | tail -n 1)" |
---|
2224 | |
---|
2225 | } |
---|
2226 | |
---|
2227 | |
---|
2228 | function SourceFirmaConfig { |
---|
2229 | #------------------------------------------------------------- |
---|
2230 | # load firma.conf and set up global variables |
---|
2231 | # |
---|
2232 | # parameter(s): none for evaluation, help to show all config parameters |
---|
2233 | # depends on function(s): none |
---|
2234 | # returns: 0 |
---|
2235 | #------------------------------------------------------------- |
---|
2236 | |
---|
2237 | [[ "$1" == "help" ]] && echo -e "\nMandatory global firma config parameters\n" |
---|
2238 | |
---|
2239 | [[ "$1" == "help" ]] && echo -e "\tGPG_BINARY= path to the GnuPG binary." || \ |
---|
2240 | GPG_BINARY="$(EvalConfigParameter $FIRMA_CONFIG_FILE GPG_BINARY)" |
---|
2241 | |
---|
2242 | [[ "$1" == "help" ]] && echo -e "\tMAIL_AGENT= path to the mail transport agent to be used (e.g., sendmail)." || \ |
---|
2243 | MAIL_AGENT="$(EvalConfigParameter $FIRMA_CONFIG_FILE MAIL_AGENT)" |
---|
2244 | |
---|
2245 | [[ "$1" == "help" ]] && echo -e "\tMAIL_AGENT_ARGS= command-line arguments to be passed to the command above." || \ |
---|
2246 | MAIL_AGENT_ARGS="$(EvalConfigParameter $FIRMA_CONFIG_FILE MAIL_AGENT_ARGS)" |
---|
2247 | |
---|
2248 | [[ "$1" == "help" ]] && echo -e "\tLISTS_DIR= path to the mailing lists directory." || \ |
---|
2249 | LISTS_DIR="$(EvalConfigParameter $FIRMA_CONFIG_FILE LISTS_DIR)" |
---|
2250 | |
---|
2251 | [[ "$1" == "help" ]] && echo -e "\nOptional global firma config parameters\n" |
---|
2252 | |
---|
2253 | [[ "$1" == "help" ]] && echo -e "\tFIRMA_USER= user that runs firma (usually the same as your MTA user); |
---|
2254 | \t defaults to \"nobody\"; you can also specify this parameter |
---|
2255 | \t in each mailing list config file if you plan to have one |
---|
2256 | \t user per mailing list." || \ |
---|
2257 | FIRMA_USER="$(EvalConfigParameter $FIRMA_CONFIG_FILE FIRMA_USER)" |
---|
2258 | |
---|
2259 | [[ "$1" == "help" ]] && echo -e "\tFIRMA_GROUP= group that runs firma (usually the same as your MTA group); |
---|
2260 | \t defaults to \"nobody\"; you can also specify this parameter |
---|
2261 | \t in each mailing list config file if you plan to have one |
---|
2262 | \t group per mailing list." || \ |
---|
2263 | FIRMA_GROUP="$(EvalConfigParameter $FIRMA_CONFIG_FILE FIRMA_GROUP)" |
---|
2264 | |
---|
2265 | [[ "$1" == "help" ]] && echo -e "\tLOG_TO_SYSLOG= set to "1" to log errors and warnings to syslog, else firma |
---|
2266 | \t will print errors to STDERR." || \ |
---|
2267 | LOG_TO_SYSLOG="$(EvalConfigParameter $FIRMA_CONFIG_FILE LOG_TO_SYSLOG)" |
---|
2268 | |
---|
2269 | [[ "$1" == "help" ]] && echo -e "\tLOGGER_BINARY= if logging to syslog, set the path to logger's binary." || \ |
---|
2270 | LOGGER_BINARY="$(EvalConfigParameter $FIRMA_CONFIG_FILE LOGGER_BINARY)" |
---|
2271 | |
---|
2272 | [[ "$1" == "help" ]] && echo -e "\tSYSLOG_PRIORITY= if logging to syslog, set a priority for the error messages |
---|
2273 | \t (defaults to "user.err")." || \ |
---|
2274 | SYSLOG_PRIORITY="$(EvalConfigParameter $FIRMA_CONFIG_FILE SYSLOG_PRIORITY)" |
---|
2275 | |
---|
2276 | [[ "$1" == "help" ]] && echo -e "\tUSE_GPG_HIDDEN_RECIPIENT_OPTION= set to '1' to use GnuPG's --hidden-recipient |
---|
2277 | \t option, available from version 1.4.0 onwards |
---|
2278 | \t (try 'man gpg' for more information)." || \ |
---|
2279 | USE_GPG_HIDDEN_RECIPIENT_OPTION="$(EvalConfigParameter $FIRMA_CONFIG_FILE USE_GPG_HIDDEN_RECIPIENT_OPTION)" |
---|
2280 | |
---|
2281 | [[ "$1" == "help" ]] && echo -e "\tREMOVE_THESE_HEADERS_ON_ALL_LISTS= headers that should be stripped from list |
---|
2282 | \t messages on all lists running under firma |
---|
2283 | \t (space separated case-insensitive entries) |
---|
2284 | \t (may include regexps (e.g., X-.*)." || \ |
---|
2285 | REMOVE_THESE_HEADERS_ON_ALL_LISTS="$(EvalConfigParameter $FIRMA_CONFIG_FILE REMOVE_THESE_HEADERS_ON_ALL_LISTS)" |
---|
2286 | |
---|
2287 | [[ "$1" == "help" ]] && echo -e "\tKEYSERVER= default keyserver to import/export keys |
---|
2288 | \t (defaults to keys.indymedia.org)." || \ |
---|
2289 | KEYSERVER="$(EvalConfigParameter $FIRMA_CONFIG_FILE KEYSERVER)" |
---|
2290 | } |
---|
2291 | |
---|
2292 | |
---|
2293 | function SourceListConfig { |
---|
2294 | #------------------------------------------------------------- |
---|
2295 | # load list.conf and set up global variables |
---|
2296 | # |
---|
2297 | # parameter(s): none for evaluation, help to show all config parameters |
---|
2298 | # depends on function(s): none |
---|
2299 | # returns: 0 |
---|
2300 | #------------------------------------------------------------- |
---|
2301 | |
---|
2302 | local firma_user firma_group keyserver |
---|
2303 | |
---|
2304 | [[ "$1" == "help" ]] && echo -e "\nMandatory list config parameters\n" |
---|
2305 | |
---|
2306 | [[ "$1" == "help" ]] && echo -e "\tLIST_ADDRESS= list's email address." || \ |
---|
2307 | LIST_ADDRESS="$(EvalConfigParameter $LIST_CONFIG_FILE LIST_ADDRESS)" |
---|
2308 | |
---|
2309 | [[ "$1" == "help" ]] && echo -e "\tLIST_REQUEST_ADDRESS= list's email address for administrative |
---|
2310 | \t requests (defaults to listname-request@domain." || \ |
---|
2311 | LIST_REQUEST_ADDRESS="$(EvalConfigParameter $LIST_CONFIG_FILE LIST_REQUEST_ADDRESS)" |
---|
2312 | |
---|
2313 | [[ "$1" == "help" ]] && echo -e "\tLIST_ADMIN= list's administrators email addresses (space separated)." || \ |
---|
2314 | LIST_ADMIN="$(EvalConfigParameter $LIST_CONFIG_FILE LIST_ADMIN)" |
---|
2315 | |
---|
2316 | [[ "$1" == "help" ]] && echo -e "\tLIST_HOMEDIR= list's GnuPG homedir, where the list's keyrings are located." || \ |
---|
2317 | LIST_HOMEDIR="$(EvalConfigParameter $LIST_CONFIG_FILE LIST_HOMEDIR)" |
---|
2318 | |
---|
2319 | [[ "$1" == "help" ]] && echo -e "\tFIRMA_USER= user that runs firma (usually the same as your MTA user); |
---|
2320 | \t defaults to \"nobody\"; you can also specify this parameter |
---|
2321 | \t in each mailing list config file if you plan to have one |
---|
2322 | \t user per mailing list." || \ |
---|
2323 | firma_user="$(EvalConfigParameter $LIST_CONFIG_FILE FIRMA_USER)" |
---|
2324 | [[ -n "$firma_user" ]] && FIRMA_USER="$firma_user" |
---|
2325 | |
---|
2326 | [[ "$1" == "help" ]] && echo -e "\tFIRMA_GROUP= group that runs firma (usually the same as your MTA group); |
---|
2327 | \t defaults to \"nobody\"; you can also specify this parameter |
---|
2328 | \t in each mailing list config file if you plan to have one |
---|
2329 | \t group per mailing list." || \ |
---|
2330 | firma_group="$(EvalConfigParameter $LIST_CONFIG_FILE FIRMA_GROUP)" |
---|
2331 | [[ -n "$firma_group" ]] && FIRMA_GROUP="$firma_group" |
---|
2332 | |
---|
2333 | [[ "$1" == "help" ]] && echo -e "\tPASSPHRASE= passphrase for the list's private keyring\n |
---|
2334 | \tNOTE: The passphrase _has_ to be enclosed in single quotes and _cannot_ |
---|
2335 | \tcontain any additional single quote as part of itself. It has to be at least |
---|
2336 | \t25 characters long, combining numbers, upper and lower case letters and at |
---|
2337 | \tleast 1 special characters. Also, no character can be sequentially repeated |
---|
2338 | \tmore than 4 times." || \ |
---|
2339 | PASSPHRASE="$(EvalConfigParameter $LIST_CONFIG_FILE PASSPHRASE)" |
---|
2340 | |
---|
2341 | [[ "$1" == "help" ]] && echo -e "\nOptional list config parameters\n" |
---|
2342 | |
---|
2343 | [[ "$1" == "help" ]] && echo -e "\tSUBJECT_PREFIX= prefix to be included in the subject of list messages." || \ |
---|
2344 | SUBJECT_PREFIX="$(EvalConfigParameter $LIST_CONFIG_FILE SUBJECT_PREFIX)" |
---|
2345 | |
---|
2346 | [[ "$1" == "help" ]] && echo -e "\tREMOVE_THESE_HEADERS= headers that should be stripped from list messages |
---|
2347 | \t (space separated case-insensitive entries) |
---|
2348 | \t (may include regexps (e.g., X-.*)." || \ |
---|
2349 | REMOVE_THESE_HEADERS="$(EvalConfigParameter $LIST_CONFIG_FILE REMOVE_THESE_HEADERS)" |
---|
2350 | |
---|
2351 | [[ "$1" == "help" ]] && echo -e "\tREPLIES_SHOULD_GO_TO_LIST= set to '1' to add a Reply-To header containing the list address." || \ |
---|
2352 | REPLIES_SHOULD_GO_TO_LIST="$(EvalConfigParameter $LIST_CONFIG_FILE REPLIES_SHOULD_GO_TO_LIST)" |
---|
2353 | |
---|
2354 | [[ "$1" == "help" ]] && echo -e "\tHIDE_SENDER= set to '1' to add replace the sender address with list address on list messages." || \ |
---|
2355 | HIDE_SENDER="$(EvalConfigParameter $LIST_CONFIG_FILE HIDE_SENDER)" |
---|
2356 | |
---|
2357 | [[ "$1" == "help" ]] && echo -e "\tSILENTLY_DISCARD_INVALID_MESSAGES= set to '1' to silently discard invalid |
---|
2358 | \t messages (message not signed/encrypted, |
---|
2359 | \t sender not subscribed to the list, etc.) |
---|
2360 | \t instead of sending bounces back to sender." || \ |
---|
2361 | SILENTLY_DISCARD_INVALID_MESSAGES="$(EvalConfigParameter $LIST_CONFIG_FILE SILENTLY_DISCARD_INVALID_MESSAGES)" |
---|
2362 | |
---|
2363 | [[ "$1" == "help" ]] && echo -e "\tKEYSERVER= default keyserver to import/export keys |
---|
2364 | \t (defaults to keys.indymedia.org)." || \ |
---|
2365 | keyserver="$(EvalConfigParameter $LIST_CONFIG_FILE KEYSERVER)" |
---|
2366 | [[ -n "$keyserver" ]] && KEYSERVER="$keyserver" |
---|
2367 | |
---|
2368 | [[ "$1" == "help" ]] && echo -e "\tREQUIRE_SIGNATURE= whether messages sent to the list should be (1) or dont |
---|
2369 | \t need to be (0) signed to be processed; defaults to '1'; |
---|
2370 | \t this doesnt affect the way email administration works, |
---|
2371 | \t when signature is mandatory." || \ |
---|
2372 | REQUIRE_SIGNATURE="$(EvalConfigParameter $LIST_CONFIG_FILE REQUIRE_SIGNATURE)" |
---|
2373 | |
---|
2374 | [[ "$1" == "help" ]] && echo -e "\tDELIVERY_RANDOMIZATION= if non-zero, set a random delay between 0 and N seconds |
---|
2375 | \t between each messsage delivery; if you run firma with |
---|
2376 | \t a TLS-enabled MTA and mostly of the list messages are |
---|
2377 | \t sent to others TLS-enabled MTAs, then this option will |
---|
2378 | \t make harder to a sniffer detect the traffic of you mailing |
---|
2379 | \t list, specially if your MTA already sends a lot of messages |
---|
2380 | \t or if you're going to have a lot of encrypted mailing lists, |
---|
2381 | \t all randomizing its delivery." || \ |
---|
2382 | DELIVERY_RANDOMIZATION="$(EvalConfigParameter $LIST_CONFIG_FILE DELIVERY_RANDOMIZATION)" |
---|
2383 | |
---|
2384 | [[ "$1" == "help" ]] && echo -e "\tREPLAY_PROTECTION= when set to '1', stores sha1sums |
---|
2385 | \t of the last REPLAY_COUNT received messages; then, |
---|
2386 | \t if some message with an already stored sha1sum, then |
---|
2387 | \t its bounced back to the sender and considered as an attempt |
---|
2388 | \t of replay attack." || \ |
---|
2389 | REPLAY_PROTECTION="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_PROTECTION)" |
---|
2390 | |
---|
2391 | [[ "$1" == "help" ]] && echo -e "\tREPLAY_COUNT= number of messages to store sha1sums; |
---|
2392 | \t defaults to 150 and only used when |
---|
2393 | \t REPLAY_PROTECTION is set to '1'." || \ |
---|
2394 | REPLAY_COUNT="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_COUNT)" |
---|
2395 | |
---|
2396 | [[ "$1" == "help" ]] && echo -e "\tREPLAY_FILE= file to store sha1sums of messages; |
---|
2397 | \t only used when REPLAY_PROTECTION is set to '1'; |
---|
2398 | \t defaults to \"/var/log/firma/replay.db\"." || \ |
---|
2399 | REPLAY_FILE="$(EvalConfigParameter $LIST_CONFIG_FILE REPLAY_FILE)" |
---|
2400 | } |
---|
2401 | |
---|
2402 | |
---|
2403 | function ConfigHelp { |
---|
2404 | #------------------------------------------------------------- |
---|
2405 | # display help on configuration file parameters |
---|
2406 | # |
---|
2407 | # parameter(s): none |
---|
2408 | # depends on function(s): SourceFirmaConfig, SourceListConfig |
---|
2409 | # returns: 0 |
---|
2410 | #------------------------------------------------------------- |
---|
2411 | |
---|
2412 | echo "All firma parameters are passed through two different configuration files:" |
---|
2413 | echo "firma.conf, containing general parameters needed to run the script, and a list" |
---|
2414 | echo "specific file, containing its address, administrator(s), etc. In both files" |
---|
2415 | echo "you should enter PARAMETER='value' (with value between single quotes, without" |
---|
2416 | echo "spaces before or after the equal sign and nothing after the second quote)." |
---|
2417 | |
---|
2418 | SourceFirmaConfig help |
---|
2419 | SourceListConfig help |
---|
2420 | } |
---|
2421 | |
---|
2422 | |
---|
2423 | function DeliveryRandomization { |
---|
2424 | #------------------------------------------------------------- |
---|
2425 | # sleep according $DELIVERY_RANDOMIZATION |
---|
2426 | # |
---|
2427 | # parameter(s): none |
---|
2428 | # depends on function(s): none |
---|
2429 | # returns: 0 |
---|
2430 | #------------------------------------------------------------- |
---|
2431 | |
---|
2432 | local n |
---|
2433 | |
---|
2434 | if [[ "$DELIVERY_RANDOMIZATION" != "0" ]]; then |
---|
2435 | n="$RANDOM" |
---|
2436 | let "n %= $DELIVERY_RANDOMIZATION" |
---|
2437 | sleep $n |
---|
2438 | fi |
---|
2439 | } |
---|
2440 | |
---|
2441 | |
---|
2442 | function ReplayProtectionFlush { |
---|
2443 | #------------------------------------------------------------- |
---|
2444 | # flushes the replay database file |
---|
2445 | # |
---|
2446 | # parameter(s): none |
---|
2447 | # depends on function(s): none |
---|
2448 | # returns: 0 |
---|
2449 | #------------------------------------------------------------- |
---|
2450 | |
---|
2451 | if [[ "$REPLAY_PROTECTION" == "1" ]]; then |
---|
2452 | if [[ -f "$REPLAY_FILE" ]]; then |
---|
2453 | if [[ "$(wc -l $REPLAY_FILE | cut -d " " -f 1)" -gt "$REPLAY_COUNT" ]]; then |
---|
2454 | sed -i -e '1d' $REPLAY_FILE |
---|
2455 | fi |
---|
2456 | else |
---|
2457 | touch $REPLAY_FILE 2> /dev/null |
---|
2458 | chown $FIRMA_USER:$FIRMA_GROUP $REPLAY_FILE 2> /dev/null |
---|
2459 | chmod 600 $REPLAY_FILE 2> /dev/null |
---|
2460 | fi |
---|
2461 | fi |
---|
2462 | |
---|
2463 | return 0 |
---|
2464 | } |
---|
2465 | |
---|
2466 | |
---|
2467 | function ReplayProtectionCheck { |
---|
2468 | #------------------------------------------------------------- |
---|
2469 | # check if message was already received and stores it |
---|
2470 | #+in the database |
---|
2471 | # |
---|
2472 | # parameter(s): GetGpgMessage, ReplayProtectionFlush |
---|
2473 | # depends on function(s): none |
---|
2474 | # returns: 0 if message's sha1sum is not in replay database |
---|
2475 | # 1 if message's sha1sum is in the database |
---|
2476 | #------------------------------------------------------------- |
---|
2477 | |
---|
2478 | local -i return_code=0 |
---|
2479 | local sha1 |
---|
2480 | |
---|
2481 | if [[ "$REPLAY_PROTECTION" == "1" && -n "$ORIG_GPG_MESSAGE" ]]; then |
---|
2482 | ReplayProtectionFlush |
---|
2483 | sha1="$(echo "$ORIG_GPG_MESSAGE" | sha1sum | cut -d " " -f 1)" |
---|
2484 | if grep -q "^$sha1$" $REPLAY_FILE; then |
---|
2485 | sed -i -e "/^$sha1$/d" $REPLAY_FILE |
---|
2486 | return_code=1 |
---|
2487 | fi |
---|
2488 | echo "$sha1" >> $REPLAY_FILE |
---|
2489 | fi |
---|
2490 | |
---|
2491 | return $return_code |
---|
2492 | } |
---|
2493 | |
---|
2494 | #------------------------------------------------------------- |
---|
2495 | # main() |
---|
2496 | #------------------------------------------------------------- |
---|
2497 | |
---|
2498 | # hardcode path to firma.conf, firma version and program name |
---|
2499 | declare -r \ |
---|
2500 | FIRMA_CONFIG_FILE="/var/lib/firma/firma.conf" \ |
---|
2501 | VERSION="0.4-git" \ |
---|
2502 | BASENAME="$(basename $0)" |
---|
2503 | |
---|
2504 | # set environmental variables and options |
---|
2505 | export LANG=en_US |
---|
2506 | umask 0077 |
---|
2507 | |
---|
2508 | # set initial exit code |
---|
2509 | EXIT_CODE=0 |
---|
2510 | |
---|
2511 | # define the number of command line arguments, the option |
---|
2512 | #+being run and its argument, if any |
---|
2513 | declare -r \ |
---|
2514 | NUM_OF_ARGS="$#" \ |
---|
2515 | OPTION="$1" \ |
---|
2516 | ARG="$2" |
---|
2517 | |
---|
2518 | # check command line arguments for errors |
---|
2519 | #+(missing arguments, invalid option, etc) |
---|
2520 | case "$NUM_OF_ARGS" in |
---|
2521 | 0) |
---|
2522 | |
---|
2523 | echo >&2 "$BASENAME: missing arguments" |
---|
2524 | Usage |
---|
2525 | EXIT_CODE=1 |
---|
2526 | ;; |
---|
2527 | |
---|
2528 | 1) |
---|
2529 | case "$OPTION" in |
---|
2530 | |
---|
2531 | # valid short option |
---|
2532 | -h|-v) |
---|
2533 | ;; |
---|
2534 | |
---|
2535 | # valid long option |
---|
2536 | --help|--version) |
---|
2537 | ;; |
---|
2538 | |
---|
2539 | # valid short option called without its required argument |
---|
2540 | -a|-c|-e|-p) |
---|
2541 | echo >&2 "$BASENAME: missing arguments" |
---|
2542 | Usage |
---|
2543 | EXIT_CODE=1 |
---|
2544 | ;; |
---|
2545 | |
---|
2546 | # valid long option called without its required argument |
---|
2547 | --admin-task|--create-newlist|--email-admin-task|--process-message) |
---|
2548 | echo >&2 "$BASENAME: missing arguments" |
---|
2549 | Usage |
---|
2550 | EXIT_CODE=1 |
---|
2551 | ;; |
---|
2552 | |
---|
2553 | # invalid option |
---|
2554 | *) |
---|
2555 | echo >&2 "$BASENAME: invalid option -- $OPTION" |
---|
2556 | Usage |
---|
2557 | EXIT_CODE=1 |
---|
2558 | ;; |
---|
2559 | |
---|
2560 | esac |
---|
2561 | ;; |
---|
2562 | 2) |
---|
2563 | case "$OPTION" in |
---|
2564 | |
---|
2565 | # valid short option |
---|
2566 | -a|-c|-e|-p|-h) |
---|
2567 | ;; |
---|
2568 | |
---|
2569 | # valid long option |
---|
2570 | --admin-task|--create-newlist|--email-admin-task|--process-message|--help) |
---|
2571 | ;; |
---|
2572 | |
---|
2573 | # valid short option called with too many arguments |
---|
2574 | -v) |
---|
2575 | echo >&2 "$BASENAME: too many arguments -- $@" |
---|
2576 | Usage |
---|
2577 | EXIT_CODE=1 |
---|
2578 | ;; |
---|
2579 | |
---|
2580 | # valid long option called with too many arguments |
---|
2581 | --version) |
---|
2582 | echo >&2 "$BASENAME: too many arguments -- $@" |
---|
2583 | Usage |
---|
2584 | EXIT_CODE=1 |
---|
2585 | ;; |
---|
2586 | |
---|
2587 | # invalid option |
---|
2588 | *) |
---|
2589 | echo >&2 "$BASENAME: invalid option -- $OPTION" |
---|
2590 | Usage |
---|
2591 | EXIT_CODE=1 |
---|
2592 | ;; |
---|
2593 | |
---|
2594 | esac |
---|
2595 | ;; |
---|
2596 | *) |
---|
2597 | case "$OPTION" in |
---|
2598 | |
---|
2599 | # valid short option called with too many arguments |
---|
2600 | -h|-v|-a|-c|-e|-p) |
---|
2601 | echo >&2 "$BASENAME: too many arguments -- $@" |
---|
2602 | Usage |
---|
2603 | EXIT_CODE=1 |
---|
2604 | ;; |
---|
2605 | |
---|
2606 | # valid long option called with too many arguments |
---|
2607 | --help|--version|--admin-task|--create-newlist|--email-admin-task|--process-message) |
---|
2608 | echo >&2 "$BASENAME: too many arguments -- $@" |
---|
2609 | Usage |
---|
2610 | EXIT_CODE=1 |
---|
2611 | ;; |
---|
2612 | |
---|
2613 | # invalid option |
---|
2614 | *) |
---|
2615 | echo >&2 "$BASENAME: invalid option -- $OPTION" |
---|
2616 | Usage |
---|
2617 | EXIT_CODE=1 |
---|
2618 | ;; |
---|
2619 | |
---|
2620 | esac |
---|
2621 | ;; |
---|
2622 | esac |
---|
2623 | |
---|
2624 | # parse valid command line arguments |
---|
2625 | if [[ "$EXIT_CODE" == "0" ]]; then |
---|
2626 | |
---|
2627 | case "$NUM_OF_ARGS" in |
---|
2628 | |
---|
2629 | 1) |
---|
2630 | case "$OPTION" in |
---|
2631 | |
---|
2632 | -h|--help) |
---|
2633 | Usage |
---|
2634 | EXIT_CODE=0 |
---|
2635 | ;; |
---|
2636 | |
---|
2637 | -v|--version) |
---|
2638 | Version |
---|
2639 | EXIT_CODE=0 |
---|
2640 | ;; |
---|
2641 | |
---|
2642 | esac |
---|
2643 | ;; |
---|
2644 | 2) |
---|
2645 | # help options |
---|
2646 | if [ "$OPTION" == "--help" ] || [ "$OPTION" == "-h" ]; then |
---|
2647 | |
---|
2648 | if [ "$ARG" == "config" ]; then |
---|
2649 | |
---|
2650 | ConfigHelp |
---|
2651 | EXIT_CODE=0 |
---|
2652 | |
---|
2653 | else |
---|
2654 | |
---|
2655 | echo >&2 "$BASENAME: invalid help section -- $ARG" |
---|
2656 | Usage |
---|
2657 | EXIT_CODE=1 |
---|
2658 | |
---|
2659 | fi |
---|
2660 | |
---|
2661 | # if firma.conf exists and can be read |
---|
2662 | elif [[ ! -r "$FIRMA_CONFIG_FILE" ]]; then |
---|
2663 | |
---|
2664 | LogMessage "FATAL: Cannot source \`$FIRMA_CONFIG_FILE': No such file or directory" |
---|
2665 | EXIT_CODE=1 |
---|
2666 | |
---|
2667 | # then source and evaluate its parameters |
---|
2668 | elif ! { SourceFirmaConfig && \ |
---|
2669 | CheckFirmaConfigFile && \ |
---|
2670 | CheckPermission "$FIRMA_CONFIG_FILE" |
---|
2671 | }; then |
---|
2672 | |
---|
2673 | EXIT_CODE=1 |
---|
2674 | |
---|
2675 | else |
---|
2676 | |
---|
2677 | LIST_NAME="$ARG" |
---|
2678 | LIST_PATH="$LISTS_DIR/$LIST_NAME" |
---|
2679 | LIST_CONFIG_FILE="$LIST_PATH/$LIST_NAME.conf" |
---|
2680 | |
---|
2681 | case "$OPTION" in |
---|
2682 | |
---|
2683 | -c|--create-newlist) |
---|
2684 | NewList |
---|
2685 | EXIT_CODE=$? |
---|
2686 | ;; |
---|
2687 | |
---|
2688 | # options that depend on the list configuration file |
---|
2689 | -a|--admin-task|-e|--email-admin-task|-p|--process-message) |
---|
2690 | |
---|
2691 | # if list config file exists and can be read |
---|
2692 | if [[ ! -r "$LIST_CONFIG_FILE" ]]; then |
---|
2693 | |
---|
2694 | LogMessage "FATAL: Cannot source \`$LIST_CONFIG_FILE': No such file or directory" |
---|
2695 | EXIT_CODE=1 |
---|
2696 | |
---|
2697 | # then source and evaluate its parameters |
---|
2698 | elif ! { SourceListConfig && \ |
---|
2699 | DeclareGpgVars && \ |
---|
2700 | CheckListPermissions "$LIST_CONFIG_FILE" && \ |
---|
2701 | CheckListConfigFile |
---|
2702 | }; then |
---|
2703 | |
---|
2704 | EXIT_CODE=1 |
---|
2705 | |
---|
2706 | else |
---|
2707 | |
---|
2708 | case "$OPTION" in |
---|
2709 | |
---|
2710 | -a|--admin-task) |
---|
2711 | |
---|
2712 | MODE="admin-interactive" |
---|
2713 | # while a "quit" command isn't entered (returns 3), read STDIN |
---|
2714 | while (( $EXIT_CODE != 3 )) && read -rep "Command> " STDIN; do |
---|
2715 | # if line is not empty or commented, process command |
---|
2716 | if [[ -n "$STDIN" && "$STDIN" != "#"* ]]; then |
---|
2717 | ListAdministration $STDIN |
---|
2718 | EXIT_CODE=$? |
---|
2719 | fi |
---|
2720 | done |
---|
2721 | |
---|
2722 | # since quit was entered, exit without error |
---|
2723 | EXIT_CODE=0 |
---|
2724 | |
---|
2725 | ;; |
---|
2726 | |
---|
2727 | -p|--process-message) |
---|
2728 | MODE="list-message" |
---|
2729 | ProcessMessage |
---|
2730 | EXIT_CODE=$? |
---|
2731 | ;; |
---|
2732 | -e|--email-admin-task) |
---|
2733 | MODE="admin-non-interactive" |
---|
2734 | ProcessMessage |
---|
2735 | EXIT_CODE=$? |
---|
2736 | ;; |
---|
2737 | |
---|
2738 | esac |
---|
2739 | |
---|
2740 | fi |
---|
2741 | ;; |
---|
2742 | |
---|
2743 | esac |
---|
2744 | |
---|
2745 | fi |
---|
2746 | ;; |
---|
2747 | |
---|
2748 | esac |
---|
2749 | fi |
---|
2750 | |
---|
2751 | # exit |
---|
2752 | exit $EXIT_CODE |
---|
2753 | |
---|