diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-01 00:00:54 -0500 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-01 00:00:54 -0500 |
| commit | bd249afe1f74e2dfc451f73a261d0dfb4a8b58ca (patch) | |
| tree | 6b579205e538dd7033ec78dbd373582f328c9311 | |
| parent | 3ed4b369c782b96cfa5b067375585e0e757059f5 (diff) | |
| parent | bbbc5bb8accf1db41d6a95e227f028376823cddf (diff) | |
Merge commit 'jrollins/master'
| -rwxr-xr-x | Makefile | 10 | ||||
| -rw-r--r-- | man/man1/pem2openpgp.1 | 27 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 17 | ||||
| -rw-r--r-- | src/share/common (renamed from src/common) | 6 | ||||
| -rw-r--r-- | src/share/m/gen_subkey (renamed from src/subcommands/m/gen_subkey) | 0 | ||||
| -rw-r--r-- | src/share/m/import_subkey (renamed from src/subcommands/m/import_subkey) | 0 | ||||
| -rw-r--r-- | src/share/m/ssh_proxycommand (renamed from src/subcommands/m/ssh_proxycommand) | 0 | ||||
| -rw-r--r-- | src/share/m/subkey_to_ssh_agent (renamed from src/subcommands/m/subkey_to_ssh_agent) | 0 | ||||
| -rw-r--r-- | src/share/ma/add_certifier (renamed from src/subcommands/ma/add_certifier) | 0 | ||||
| -rw-r--r-- | src/share/ma/diagnostics (renamed from src/subcommands/ma/diagnostics) | 0 | ||||
| -rw-r--r-- | src/share/ma/list_certifiers (renamed from src/subcommands/ma/list_certifiers) | 0 | ||||
| -rw-r--r-- | src/share/ma/remove_certifier (renamed from src/subcommands/ma/remove_certifier) | 0 | ||||
| -rw-r--r-- | src/share/ma/update_users (renamed from src/subcommands/ma/update_users) | 0 | ||||
| -rw-r--r-- | src/share/mh/add_hostname (renamed from src/subcommands/mh/add_hostname) | 0 | ||||
| -rw-r--r-- | src/share/mh/add_revoker (renamed from src/subcommands/mh/add_revoker) | 0 | ||||
| -rw-r--r-- | src/share/mh/diagnostics (renamed from src/subcommands/mh/diagnostics) | 0 | ||||
| -rw-r--r-- | src/share/mh/extend_key (renamed from src/subcommands/mh/extend_key) | 0 | ||||
| -rw-r--r-- | src/share/mh/gen_key (renamed from src/subcommands/mh/gen_key) | 6 | ||||
| -rw-r--r-- | src/share/mh/import_key (renamed from src/subcommands/mh/import_key) | 3 | ||||
| -rw-r--r-- | src/share/mh/publish_key (renamed from src/subcommands/mh/publish_key) | 0 | ||||
| -rw-r--r-- | src/share/mh/revoke_hostname (renamed from src/subcommands/mh/revoke_hostname) | 0 | ||||
| -rw-r--r-- | src/share/mh/revoke_key (renamed from src/subcommands/mh/revoke_key) | 0 | ||||
| -rwxr-xr-x | tests/basic | 18 | ||||
| -rw-r--r-- | tests/etc/monkeysphere/monkeysphere-authentication.conf (renamed from tests/etc/monkeysphere/monkeysphere-server.conf) | 0 |
24 files changed, 47 insertions, 40 deletions
@@ -29,7 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common + sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/share/common cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) @@ -53,10 +53,10 @@ install: all installman mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere install src/monkeysphere src/keytrans/openpgp2ssh src/keytrans/pem2openpgp $(DESTDIR)$(PREFIX)/bin install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin - install -m 0644 src/common $(DESTDIR)$(PREFIX)/share/monkeysphere - install -m 0644 src/subcommands/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m - install -m 0644 src/subcommands/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh - install -m 0644 src/subcommands/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma + install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m + install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh + install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX) diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 new file mode 100644 index 0000000..8ac230b --- /dev/null +++ b/man/man1/pem2openpgp.1 @@ -0,0 +1,27 @@ +.\" -*- nroff -*- +.Dd $Mdocdate: January 25, 2009 $ +.Dt PEM2OPENPGP 1 +.Os +.Sh NAME +pem2openpgp +.Nd translate PEM encoded keys to OpenPGP keys +.Sh SYNOPSIS +.Nm pem2openpgp $USERID < mykey.pem +.Pp +.Nm ??? gpg --export $KEYID | openpgp2ssh $KEYID +.Pp +.Nm ????gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Sh DESCRIPTION +.Nm +WRITE ME!!! +.Sh AUTHOR +.Nm +and this man page were written by Daniel Kahn Gillmor +<dkg@fifthhorseman.net>. +.Sh BUGS +.Sh SEE ALSO +.Xr openpgp2ssh 1, +.Xr monkeysphere 1 , +.Xr monkeysphere 7 , +.Xr ssh 1 , +.Xr monkeysphere-server 8 diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4c978c9..0b37ba9 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -107,18 +107,12 @@ check_host_keyring() { show_key() { local fingerprintPGP local fingerprintSSH - local ret=0 # FIXME: you shouldn't have to be root to see the host key fingerprint - if is_root ; then - check_host_keyring - fingerprintPGP=$(fingerprint_server_key) - gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null - echo "OpenPGP fingerprint: $fingerprintPGP" - else - log info "You must be root to see host OpenPGP fingerprint." - ret='1' - fi + check_host_keyring + fingerprintPGP=$(fingerprint_server_key) + gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null + echo "OpenPGP fingerprint: $fingerprintPGP" if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \ @@ -126,10 +120,7 @@ show_key() { echo "ssh fingerprint: $fingerprintSSH" else log info "SSH host key not found." - ret='1' fi - -return $ret } ######################################################################## diff --git a/src/common b/src/share/common index ef931ca..9adae05 100644 --- a/src/common +++ b/src/share/common @@ -533,12 +533,6 @@ gpg_fetch_userid() { --search ="$userID" > /dev/null 2>&1 returnCode="$?" - # if the user is the monkeysphere user, then update the - # monkeysphere user's trustdb - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - gpg_authentication "--check-trustdb" > /dev/null 2>&1 - fi - return "$returnCode" } diff --git a/src/subcommands/m/gen_subkey b/src/share/m/gen_subkey index cbefaa3..cbefaa3 100644 --- a/src/subcommands/m/gen_subkey +++ b/src/share/m/gen_subkey diff --git a/src/subcommands/m/import_subkey b/src/share/m/import_subkey index aa89958..aa89958 100644 --- a/src/subcommands/m/import_subkey +++ b/src/share/m/import_subkey diff --git a/src/subcommands/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 7239c7a..7239c7a 100644 --- a/src/subcommands/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand diff --git a/src/subcommands/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 012c95f..012c95f 100644 --- a/src/subcommands/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent diff --git a/src/subcommands/ma/add_certifier b/src/share/ma/add_certifier index 0c3c647..0c3c647 100644 --- a/src/subcommands/ma/add_certifier +++ b/src/share/ma/add_certifier diff --git a/src/subcommands/ma/diagnostics b/src/share/ma/diagnostics index 73e93a0..73e93a0 100644 --- a/src/subcommands/ma/diagnostics +++ b/src/share/ma/diagnostics diff --git a/src/subcommands/ma/list_certifiers b/src/share/ma/list_certifiers index e37485e..e37485e 100644 --- a/src/subcommands/ma/list_certifiers +++ b/src/share/ma/list_certifiers diff --git a/src/subcommands/ma/remove_certifier b/src/share/ma/remove_certifier index 560281d..560281d 100644 --- a/src/subcommands/ma/remove_certifier +++ b/src/share/ma/remove_certifier diff --git a/src/subcommands/ma/update_users b/src/share/ma/update_users index 73685f6..73685f6 100644 --- a/src/subcommands/ma/update_users +++ b/src/share/ma/update_users diff --git a/src/subcommands/mh/add_hostname b/src/share/mh/add_hostname index 10d5f58..10d5f58 100644 --- a/src/subcommands/mh/add_hostname +++ b/src/share/mh/add_hostname diff --git a/src/subcommands/mh/add_revoker b/src/share/mh/add_revoker index f9d0bb6..f9d0bb6 100644 --- a/src/subcommands/mh/add_revoker +++ b/src/share/mh/add_revoker diff --git a/src/subcommands/mh/diagnostics b/src/share/mh/diagnostics index 7e76da6..7e76da6 100644 --- a/src/subcommands/mh/diagnostics +++ b/src/share/mh/diagnostics diff --git a/src/subcommands/mh/extend_key b/src/share/mh/extend_key index ccbaf0e..ccbaf0e 100644 --- a/src/subcommands/mh/extend_key +++ b/src/share/mh/extend_key diff --git a/src/subcommands/mh/gen_key b/src/share/mh/gen_key index aad213a..162a64e 100644 --- a/src/subcommands/mh/gen_key +++ b/src/share/mh/gen_key @@ -85,10 +85,6 @@ echo "$keyParameters" | gpg_host --batch --gen-key # find the key fingerprint of the newly generated key fingerprint=$(fingerprint_server_key) -# export host ownertrust to authentication keyring -log verbose "setting ultimate owner trust for host key..." -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" - # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use @@ -98,7 +94,7 @@ echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key diff --git a/src/subcommands/mh/import_key b/src/share/mh/import_key index 386e02d..c0d5956 100644 --- a/src/subcommands/mh/import_key +++ b/src/share/mh/import_key @@ -77,10 +77,9 @@ fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring log verbose "setting ultimate owner trust for host key..." echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # export public key to file -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key diff --git a/src/subcommands/mh/publish_key b/src/share/mh/publish_key index b7ab01d..b7ab01d 100644 --- a/src/subcommands/mh/publish_key +++ b/src/share/mh/publish_key diff --git a/src/subcommands/mh/revoke_hostname b/src/share/mh/revoke_hostname index b519cf6..b519cf6 100644 --- a/src/subcommands/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname diff --git a/src/subcommands/mh/revoke_key b/src/share/mh/revoke_key index cccdc22..cccdc22 100644 --- a/src/subcommands/mh/revoke_key +++ b/src/share/mh/revoke_key diff --git a/tests/basic b/tests/basic index b8ab4fc..5006f8f 100755 --- a/tests/basic +++ b/tests/basic @@ -123,7 +123,7 @@ export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH" export MONKEYSPHERE_SYSDATADIR="$TEMPDIR" export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" -export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src +export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) export MONKEYSPHERE_CHECK_KEYSERVER=false export MONKEYSPHERE_LOG_LEVEL=DEBUG @@ -168,15 +168,15 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authentication/authorized_keys/%u EOF -# set up monkeysphere-server -echo "### configuring monkeysphere..." +# set up monkeysphere host +echo "### configuring monkeysphere host..." mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/host -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/authorized_keys -mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/tmp -cp etc/monkeysphere/monkeysphere-server.conf "$TEMPDIR"/monkeysphere-server.conf -cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf + +# set up monkeysphere authentication +echo "### configuring monkeysphere authentication..." +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} +cp etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ +cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" EOF cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf diff --git a/tests/etc/monkeysphere/monkeysphere-server.conf b/tests/etc/monkeysphere/monkeysphere-authentication.conf index 9cc396f..9cc396f 100644 --- a/tests/etc/monkeysphere/monkeysphere-server.conf +++ b/tests/etc/monkeysphere/monkeysphere-authentication.conf |