summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-19 18:09:41 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-19 18:09:41 -0400
commit7019354a75ca19ffd2e10f2e2b3dc89b480156bd (patch)
tree0acbae5dad6595840642330691796cd40cf6f8a9
parentf511119f57f076147acb2b5dccae597b34df6c8d (diff)
Better handling of unknown users in server update-users. Updated TODO file.
-rw-r--r--debian/changelog3
-rw-r--r--doc/TODO21
-rw-r--r--doc/george/user-id-configuration7
-rw-r--r--src/common13
-rwxr-xr-xsrc/monkeysphere-server10
5 files changed, 23 insertions, 31 deletions
diff --git a/debian/changelog b/debian/changelog
index 726f262..bd12e1a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,8 +9,9 @@ monkeysphere (0.2-1) UNRELEASED; urgency=low
/etc/monkeysphere/authorized_user_ids.
* Remove {update,remove}-userids functions, since we decided they
weren't useful enough to be worth maintaining.
+ * Better handling of unknown users in server update-users
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Thu, 19 Jun 2008 16:56:32 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Thu, 19 Jun 2008 18:08:57 -0400
monkeysphere (0.1-1) experimental; urgency=low
diff --git a/doc/TODO b/doc/TODO
index 5cd9be9..a82f031 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -26,37 +26,22 @@ Streamline host key generation, publication, verification. See
doc/george/host-key-publication for what dkg went through on
2008-06-19
-Streamline authorized_user_ids setup (including question of where
- authorized_user_ids files should go). See
- doc/george/user-id-configuration for what dkg went through on
- 2008-06-19
-
Ensure that authorized_user_ids are under as tight control as ssh
expects from authorized_keys: we don't want monkeysphere to be a
weak link in the filesystem.
-What happens when there are no entries in the authorized_user_ids file
- for a user? /var/cache/monkeysphere/authorized_keys/$USER.tmp
- seems like it gets created and then left there.
-
What happens when a user account has no corresponding
/etc/monkeysphere/authorized_user_ids/$USER file? What gets placed
in /var/cache/monkeysphere/authorized_keys/$USER? It looks
currently untouched, which could mean bad things for such a user.
+ - if authorized_user_ids is empty, then the user's authorized_keys
+ file will be also, unless the user-controlled authorized_keys file
+ is added. I believe this is expected, correct behavior.
Consider the default permissions for
/var/cache/monkeysphere/authorized_keys/* (and indeed the whole
directory path leading up to that)
-What should happen when an admin does
- "monkeysphere-server update-users not_an_existent_user"?
- currently, it adds
- /etc/monkeysphere/authorized_user_ids/not_an_existent_user, which
- seems rather wrong.
-
-is /var/cache/monkeysphere/authorized_keys/$USER.tmp guaranteed to
- avoid collisions? Why not use a real mktemp file?
-
As an administrator, how do i reverse the effect of a
"monkeysphere-server trust-keys" that i later decide i should not
have run?
diff --git a/doc/george/user-id-configuration b/doc/george/user-id-configuration
index d42bfbd..9a7f4d2 100644
--- a/doc/george/user-id-configuration
+++ b/doc/george/user-id-configuration
@@ -33,13 +33,6 @@ and then modified /etc/ssh/sshd_config with:
Some outstanding questions:
- * why are the authorized_user_ids stored in /etc/ and not in people's
- home directories?
-
- * why are authorized_user_ids managed with a special sub-command of
- monkeysphere-server, instead of just being hand-managed files, the
- way that authorized_keys are in stock openssh?
-
* Should we ship a scheduled monkeysphere-server update-users cron
job automatically?
diff --git a/src/common b/src/common
index 00ee7b0..e98f1bc 100644
--- a/src/common
+++ b/src/common
@@ -18,10 +18,17 @@ ETC="/etc/monkeysphere"
export ETC
CACHE="/var/cache/monkeysphere"
export CACHE
+ERR=0
+export ERR
########################################################################
### UTILITY FUNCTIONS
+error() {
+ log "$1"
+ ERR=${2:-'1'}
+}
+
failure() {
echo "$1" >&2
exit ${2:-'1'}
@@ -29,12 +36,12 @@ failure() {
# write output to stderr
log() {
- echo -n "ms: " 1>&2
- echo "$@" 1>&2
+ echo -n "ms: " >&2
+ echo "$@" >&2
}
loge() {
- echo "$@" 1>&2
+ echo "$@" >&2
}
# cut out all comments(#) and blank lines from standard input
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 154c146..a9a9aed 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -162,6 +162,12 @@ case $COMMAND in
for uname in $unames ; do
MODE="authorized_keys"
+ # check all specified users exist
+ if ! getent passwd | cut -d: -f1 | grep -q "^${uname}$" ; then
+ error "----- unknown user '$uname' -----"
+ continue
+ fi
+
# set authorized_user_ids variable,
# translate ssh-style path variables
authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
@@ -201,8 +207,6 @@ case $COMMAND in
log "authorized_keys file updated."
done
-
- log "----- done. -----"
;;
'gen-key'|'g')
@@ -237,3 +241,5 @@ case $COMMAND in
Type '$PGRM help' for usage."
;;
esac
+
+exit "$ERR"