3 # @(#)pmapp 1.18 (PGP Moose) 97/07/10
4 # Authorisation script for PGP Moose
5 # Written by Greg Rose, RoSecure Software, Copyright C 1995.
7 # Updated by rec.radio.amateur.moderated moderation team and Tim Skirvin -
11 # On most shells the following statements redirect a log of what
12 # is happening, AND ALL ERROR MESSAGES, to /tmp/pmdebug. Some shells
13 # (notably /bin/sh on Ultrix systems) do not do the redirection.
17 # Configuration Stuff:
19 # Default user / newsgroup. If not set, an argument is mandatory.
20 #DEFAULT_NEWSGROUP=rec.radio.amateur.moderated
21 #DEFAULT_NEWSGROUP=misc.test.moderated
22 #DEFAULT_NEWSGROUP=misc.test
23 #DEFAULT_NEWSGROUP=panix.test
25 # If an Approved: line is to be added, this is what it will say.
26 # Can be set in the environment.
27 if [ "x$APP" = "x" ]; then
28 APP="Authorising user <auth@moderator.site.com>"
31 # If a From: line is to be added, this is what it will say.
32 # Can be set in the environment.
33 if [ "x$FROM" = "x" ]; then
34 if [ "x$LOGNAME" = "x" ]; then
37 FROM="`grep \^$LOGNAME: /etc/passwd |
38 awk -F: '{print \$5}'` <$LOGNAME@`hostname`>"
41 # The PGP user and (optional) password. The password will be read
42 # from the controlling terminal if not specified. If the newsgroup/user
43 # argument is an email address, it is used instead of the configured
44 # PMUSER. The following line provides a default password if it is unset.
45 # This password will NOT be used if an email address is presented as an
47 # Can be set in the environment.
48 if [ "x$PMUSER" = "x" ]; then
53 # In the case of a user posting, the name desired on the X-Auth
54 # line might not be the one used by PGP to look up the key.
55 # In this case, set this variable or import it. By default, though,
56 # leave it empty and $PMUSER will be used.
57 # Can be set in the environment.
58 if [ "x$PGPUSER" = "x" ]; then
62 # Whether or not to fold long lines.
63 # Can be set in the environment.
64 if [ "x$FOLDLINES" = "x" ]; then
65 FOLDLINES=false # allowed values are 'true' or 'false'
68 # Name of the posting host. Must be fully qualified host.domain.
69 # Unless your hostname is not fuly qualified, or you want to use
70 # an alias, you may as well just keep it as it is.
73 # A place to put temp files. These can add up to about twice the
74 # size of the article being posted.
77 # If a Message-ID is being generated, this will appear in it.
78 DATESTAMP=`date +%Y\%m\%d\%H\%M` # NO WHITESPACE OR METACHARACTERS
80 # Where the active file is on this system, for checking crosspostings
81 # to multiple moderated groups. The check will be disabled if this is
82 # left empty (and Approved: lines will be added if needed).
83 ACTIVE=/usr/local/news/active
85 # If the article is crossposted to other moderated groups, a warning
86 # tells you to reorder the newsgroups and submit the article. A copy
87 # of the article is deposited in this file for you to edit.
88 SAVED_ARTICLE=$TMP/article
90 # End of configuration stuff.
94 trap "stty echo </dev/tty >/dev/tty 2>/dev/null; rm -f $TF.?; exit 1" 1 2 3 15
96 # Check usage, set arguments
97 USAGE='echo >&2 "Usage: $0 [newsgroup|user] [article]"; exit 1'
100 if [ ! -r "$1" ]; then
103 FILENAME="on standard input"
105 elif [ ! "$DEFAULT_NEWSGROUP" ]; then
106 echo >&2 "$0: No default user or newsgroup set."
111 NEWSGROUP="$DEFAULT_NEWSGROUP"
112 PMPASSWORD="$DEFAULT_PASSWORD"
117 echo >&2 "$0: Can't read $2"
125 if [ ! "$DEFAULT_NEWSGROUP" ]; then
126 echo >&2 "$0: No default user or newsgroup set."
131 FILENAME="on standard input"
132 NEWSGROUP="$DEFAULT_NEWSGROUP"
133 PMPASSWORD="$DEFAULT_PASSWORD"
144 # PMPASSWORD is left either as imported or null in this case.
148 PMPASSWORD="${PMPASSWORD-$DEFAULT_PASSWORD}"
152 # Set the user ID to be given to PGP to look up the key.
153 if [ "x$PGPUSER" = "x" ]; then
157 # Split the file into headers and body.
158 # Note long lines in the body may be folded.
159 sed -n -e '/^ *$/q' -e 'p' $FILE >$TF.h
160 { echo ""; sed -e '1,/^ *$/d' $FILE; } >$TF.b
163 if grep -s "$d$d$d$d$d$d$d$d" $TF.b >/dev/null; then
164 echo >&2 "$0: warning: lines exceed 80 characters, being folded."
165 sed -e '/.\{80\}/s/.\{79\}/&\
171 if [ ! -s $TF.h ]; then
172 echo "$0: problem with article $FILENAME; header section empty." >&2
176 # If no From: line, add one.
177 grep -i -s '^From:' $TF.h >/dev/null ||
178 echo "From: $FROM" >>$TF.h
180 # If no Message-ID: line, add one.
181 grep -i -s '^Message-ID:' $TF.h >/dev/null ||
182 echo "Message-ID: <pgpmoose.$DATESTAMP.$$@$HOSTNAME>" >>$TF.h
184 # Check for or Provide a Newsgroups: line if none there,
185 grep -i -s '^Newsgroups:' $TF.h >/dev/null || \
190 echo "Newsgroups: $NEWSGROUP" >>$TF.h
193 # Get the list of newsgroups and check that we are in it!
194 pmnewsgroups $TF.h >$TF.n
195 $USERFLAG || grep -i -s "^$NEWSGROUP\$" $TF.n >/dev/null || {
196 echo >&2 "$0: Newsgroup $NEWSGROUP not present in article $FILENAME"
200 # Read a password if none is configured.
201 #if [ ! "$PMPASSWORD" ]; then
202 # stty -echo </dev/tty >/dev/tty 2>/dev/null
203 # echo "Enter PGP passphrase for $PGPUSER:" >/dev/tty
204 # PMPASSWORD=`head -1 </dev/tty`
205 # stty echo </dev/tty >/dev/tty 2>/dev/null
207 # --passphrase "$PMPASSWORD"
209 # Compute a signature for the important information.
213 cat $TF.h $TF.b | pmcanon | tee $TF.m
214 } | gpg --detach-sign --textmode --armor --batch --user "$PMUSER_APPROVAL" >$TF.s 2>$TF.e || {
215 echo >&2 "$0: PGP signing failed. PGP output:"
220 # Add an appropriate X-Auth: header
222 echo "X-Auth: PGPMoose V2.0 PGP $NEWSGROUP"
223 sed -e '1,/^$/d' -e '/END PGP SIGNATURE/d' -e 's/^/ /' $TF.s
226 # Since we are in test mode, disable Google archiving
227 #grep -i -s '^X-No-Archive:' $TF.h >/dev/null ||
228 # echo "X-No-Archive: yes" >>$TF.h
230 # Now one of the hardest parts. If there is no Approved: line,
231 # check for moderated groups that don't have an X-Auth: line
232 # and do something sensible.
233 $USERFLAG || grep -i -s '^Approved:' $TF.h >/dev/null || {
234 if [ "$ACTIVE" ]; then
235 # Cut it down to a list of un-X-Auth:ed groups
236 egrep -i '^X-(Auth.*|Approved):' $TF.h \
237 | sed -n -e 's/^.* //p' \
241 # Check if any of these are moderated
242 if [ -s $TF.u ]; then
244 for i in `cat $TF.u`; do
245 qi=`echo "$i" | sed -e 's/\./\\./g' -e 's/\+/\\+/g' `
246 if grep -i -s "^$qi[ ].*[ ]m$" $ACTIVE >/dev/null; then
247 echo >&2 "$0: Newsgroup $i is moderated."
251 if [ "x$badgroup" != x ]; then
253 $0: Other moderated groups appear in newsgroup list.
254 The Authenticated article is saved in $SAVED_ARTICLE.
255 The newsgroups line has been reordered
256 to have it sent to the next moderator in the chain.
257 In future, you can manually add an Approved: line
258 before running this approval script if
259 you are absolutely sure that this is all right.
262 X-WARNING-TO-MODERATORS: This article has been processed and
263 accepted using a cryptographic program by the moderator
264 of $NEWSGROUP. Its content must not be changed or it
265 will be automatically cancelled. If you don't like the
266 article or its crossposting, return it to the submitter.
267 (You can delete this message if you are the last
268 moderator to see it.)
269 X-Approved: $APP $NEWSGROUP
272 # Make a new set of headers. Most of them are all right.
273 # Regrettable that this takes so much work, but it
274 # doesn't happen often, right?
275 # First pass through all but the Newsgroups:.
276 sed -n -e '/^[Nn][Ee][Ww][Ss][Gg][Rr][Oo][Uu][Pp][Ss]:/q' \
278 sed -e '1,/^[Nn][Ee][Ww][Ss][Gg][Rr][Oo][Uu][Pp][Ss]:/d' \
280 | sed -n -e '/^[^ ]/,$p'
281 # Add a new Newsgroups: header
282 othergroups=`fgrep -v $badgroup $TF.n`
283 othergroupslist=`echo $othergroups | sed 's/ /,/g'`
284 echo "Newsgroups: $badgroup,$othergroupslist"
292 # If not rejected above, we can insert an Approved: header and go for it
293 echo "Approved: $APP" >>$TF.h
296 # recreate the article on standard output.