summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-09-13 15:34:44 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-09-13 15:34:44 -0400
commit0beaa999dbd326a2c80a733913a36e64b917add6 (patch)
tree3dfa4af0a39fb7729c84787fdaa5658e3004fcd1
parent2b85b853a3173ba5157e094dac0be5c21c062d51 (diff)
counting problems in monkeysphere-server diagnostics
-rw-r--r--debian/changelog5
-rwxr-xr-xsrc/monkeysphere-server23
2 files changed, 26 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 13872bf..32d5a19 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,10 +5,13 @@ monkeysphere (0.16~pre-1) UNRELEASED; urgency=low
portability.
* fixed busted lockfile arrangement, where empty file was being locked
* portability fixes in the way we use date, mktemp, hostname, su
- * stop using stat, since the syntax appears to be totally unportable
+ * stop using /usr/bin/stat, since the syntax appears to be totally
+ unportable
* require GNU getopt, and test for getopt failures (look for getopt in
/usr/local/bin first, since that's where FreeBSD's GNU-compatible
getopt lives.
+ * monkeysphere-server diagnostics now counts problems and suggests a
+ re-run after they have been resolved.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Sep 2008 23:16:31 -0400
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6798fab..a0dc33f 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -559,6 +559,7 @@ diagnostics() {
local fingerprint
local badhostkeys
local sshd_config
+ local problemsfound=0
# FIXME: what's the correct, cross-platform answer?
sshd_config=/etc/ssh/sshd_config
@@ -571,19 +572,23 @@ diagnostics() {
if ! id monkeysphere >/dev/null ; then
echo "! No monkeysphere user found! Please create a monkeysphere system user."
+ problemsfound=$(($problemsfound+1))
fi
if ! [ -d "$VARLIB" ] ; then
echo "! no $VARLIB directory found. Please create it."
+ problemsfound=$(($problemsfound+1))
fi
echo "Checking host GPG key..."
if (( "$keysfound" < 1 )); then
echo "! No host key found."
echo " - Recommendation: run 'monkeysphere-server gen-key'"
+ problemsfound=$(($problemsfound+1))
elif (( "$keysfound" > 1 )); then
echo "! More than one host key found?"
# FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
else
create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
@@ -593,9 +598,11 @@ diagnostics() {
if (( "$expire" < "$curdate" )); then
echo "! Host key is expired."
echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
fi
fi
@@ -603,6 +610,7 @@ diagnostics() {
if [ "$create" ] && (( "$create" > "$curdate" )); then
echo "! Host key was created in the future(?!). Is your clock correct?"
echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
fi
# check for UserID expiration:
@@ -614,14 +622,17 @@ diagnostics() {
if [ "$create" ] && (( "$create" > "$curdate" )); then
echo "! User ID '$uid' was created in the future(?!). Is your clock correct?"
echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
fi
if [ "$expire" ] ; then
if (( "$expire" < "$curdate" )); then
echo "! User ID '$uid' is expired."
- # FIXME: recommend a way to resolve this
+ # FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
# FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
fi
fi
done
@@ -641,20 +652,24 @@ diagnostics() {
echo "Checking host SSH key..."
if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then
echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty."
+ problemsfound=$(($problemsfound+1))
else
if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600."
+ problemsfound=$(($problemsfound+1))
fi
# propose changes needed for sshd_config (if any)
if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+ problemsfound=$(($problemsfound+1))
fi
if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
echo "! $sshd_config refers to some non-monkeysphere host keys:"
echo "$badhostkeys"
echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
fi
fi
fi
@@ -679,6 +694,12 @@ diagnostics() {
echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
echo "$badauthorizedkeys"
echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ if [ "$problemsfound" -gt 0 ]; then
+ echo "When the above $problemsfound problem"$([ "$problemsfound" -eq 1 ] || echo "s")" are resolved, please re-run:"
+ echo " monkeysphere-server diagnostics"
fi
}