# parse $GPG_DECRYPT STDERR for signature checking
#
# parameter(s): none
- # depends on function(s): DeclareGpgVars, GetGpgMessage
+ # depends on function(s): DeclareGpgVars, GetGpgMessage, GetSenderAddress
# returns: 0
#-------------------------------------------------------------
local gpg_decrypt_stderr
+ local sender_address
# get GPG_DECRYPT STDERR, discarding its STDOUT
gpg_decrypt_stderr="$(
then
GOOD_SIGNATURE=1
+ if [ ! -z "$SENDER_ADDRESS" ]; then
+ GetSenderAddress
+ fi
+
+ sender_address="`echo "$gpg_decrypt_stderr" | grep '^\[GNUPG:] GOODSIG' | awk '{ print $4 }'`"
+
+ if [ "$sender_address" == "$SENDER_ADDRESS" ]; then
+ SIGNATURE_MADE_BY_SENDER="1"
+ else
+ SIGNATURE_MADE_BY_SENDER="0"
+ fi
+
# else, check if the signature is invalid (BAD signature)
elif
echo "$gpg_decrypt_stderr" | \
# if the message was encrypted with the list's public key and if the
#+message signature is valid, send message to list subscribers
- if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 ]]; then
+ if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 && $SIGNATURE_MADE_BY_SENDER == 1 ]]; then
# check if the list has valid subscribers
- if GetSubscribersList; then
- GetMessageHeadersAndBody
- EditListMessageHeaders
- DecryptGpgMessage
- ReEncryptAndSendListMessage
+ if [ "$MODE" == "list-message" ]; then
+ if GetSubscribersList; then
- else
- return_code=1
+ GetMessageHeadersAndBody
+ EditListMessageHeaders
+ DecryptGpgMessage
+ ReEncryptAndSendListMessage
+
+ else
+ return_code=1
+ fi
+ elif [ "$MODE" == "admin-non-interactive" ]; then
+ EmailAdminTask
fi
# else, if the message was correctly encrypted but its signature is invalid,
not signed. Contact the list administrator if you have any
questions."
ComposeAndSendBounceMessage
+
+ elif [[ SIGNATURE_MADE_BY_SENDER != 1 ]]; then
+
+ # this is the body of the message to be sent, so no indentation here
+ MESSAGE_BODY="\
+ It was not possible to process this message. Message was
+ not sent by the person who signed it."
+ ComposeAndSendBounceMessage
+
fi
# else, message wasn't encrypted with the list's public key
local -i return_code=0
local subscribers
- ADMIN_MODE="interactive"
-
case $# in
1)
case $1 in
"
elif [ "$1" == "stdin" ]; then
echo "Please enter the key material here, finninshing with Ctrl-D sequence..."
- $GPG --import
+ $GPG_NOBATCH --import
elif [ "$1" == "file" ]; then
if [ ! -z "$2" ]; then
if [ -f "$2" ]; then
# returns: 0
#-------------------------------------------------------------
- if [ "$ADMIN_MODE" == "interactive" ]; then
+ if [ "$MODE" == "admin-interactive" ]; then
echo >&2 "$*"
else
ADMIN_MESSAGE="$ADMIN_MESSAGE $*"
# parse and execute admin tasks via email
#
# parameter(s): none
- # depends on function(s): GetMessage, GetGpgMessage, GetSubscribersList,
- # GetSenderAddress
+ # depends on function(s): ProcessMessage should be called first
# returns: 0 on success :)
# 1 on failure :/
#-------------------------------------------------------------
- # TODO: - process message
- # - check whether message is properly encrypted
- # and signed by a list admin
- # - parse commands
+ # TODO: - parse commands
# - call admin functions
local -i return_code=0
local sender found
- ADMIN_MODE="non-interactive"
-
- #TODO: else cases
- # try to read message from STDIN
- if GetMessage; then
-
- # check if the message was encrypted
- if GetGpgMessage; then
-
- # if it was, parse gpg decrypt STDERR to decide what to do next
- ParseGpgDecryptStderr
-
- # if the message was encrypted with the list's public key and
- #+if the message signature is valid
- if [[ $ENCRYPTED_TO_LIST == 1 && $GOOD_SIGNATURE == 1 ]]; then
- GetSenderAddress
- found=0
- for sender in $LIST_ADMIN; do
- if [ "$sender" == "$SENDER_ADDRESS" ]; then
- found=1
- break
- fi
- done
- # TODO: check if the signature was made with the sender address pubkey
- if [ "$found" == "1" ]; then
- # message was sent by an admin
- true
- else
- # message was sent by a normal subscriber
- false
- fi
- fi
+ found=0
+ for sender in $LIST_ADMIN; do
+ if [ "$sender" == "$SENDER_ADDRESS" ]; then
+ found=1
+ break
fi
+ done
+ if [ "$found" == "1" ]; then
+ # message was sent by an admin
+ true # parse and process admin tasks
+ else
+ # message was sent by a normal subscriber
+ # this is the body of the message to be sent, so no indentation here
+ MESSAGE_BODY="\
+ It was not possible to process this message. Message was
+ not sent by a list administrator."
+ ComposeAndSendBounceMessage
fi
return $return_code
FIRMA_USER
FIRMA_GROUP
KEYSERVER
- ADMIN_MODE
- ADMIN_MESSAGE"
+ MODE
+ ADMIN_MESSAGE
+ SIGNATURE_MADE_BY_SENDER"
FUNCTIONS="
Usage
case $1 in
-a|--admin-task)
+ MODE="admin-interactive"
# while a quit command isn't entered (returns 2), read STDIN
while (( $EXIT_CODE != 3 )) && read -rep "Command> " STDIN; do
# if line is not empty or commented, process command
;;
-p|--process-message)
+ MODE="list-message"
ProcessMessage
EXIT_CODE=$?
;;
-e|--email-admin-task)
+ MODE="admin-non-interactive"
EmailAdminTask
EXIT_CODE=$?
;;
projects / firma.git / commitdiff