summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-16 14:43:40 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-16 14:43:40 -0400
commitc32302172e3533b2170329206ff011d6e3a26a49 (patch)
tree124b232f658670adc581c9358821411f1b51616f
parentb6983d7cb86f450ebd7fafcb254011fd7099c246 (diff)
Fix bug in configuration handling for HASH_KNOWN_HOSTS and
USER_CONTROLLED_AUTHORIZED_KEYS
-rw-r--r--etc/monkeysphere-server.conf1
-rw-r--r--etc/monkeysphere.conf11
-rw-r--r--src/common4
-rwxr-xr-xsrc/monkeysphere7
-rwxr-xr-xsrc/monkeysphere-server6
5 files changed, 13 insertions, 16 deletions
diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index 82da497..3915bf4 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -20,4 +20,5 @@
# Whether to add user controlled authorized_keys file to
# monkeysphere-generated authorized_keys file. Should be path to file
# where '%h' will be replaced by the home directory of the user.
+# To not add any user-controlled file, put "-"
#USER_CONTROLLED_AUTHORIZED_KEYS=%h/.ssh/authorized_keys
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index d478b93..003ecf6 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -22,14 +22,13 @@
#REQUIRED_USER_KEY_CAPABILITY="a"
# Path to user-controlled authorized_keys file to add to
-# Monkeysphere-generated authorized_keys file. If empty, then no
-# user-controlled file will be added.
+# Monkeysphere-generated authorized_keys file.
+# To not add any user-controlled file, put "-"
#USER_CONTROLLED_AUTHORIZED_KEYS=~/.ssh/authorized_keys
# User known_hosts file
#USER_KNOWN_HOSTS=~/.ssh/known_hosts
-# Whether or not to hash the generated known_hosts lines
-# (empty mean "no").
-#HASH_KNOWN_HOSTS=
-
+# Whether or not to hash the generated known_hosts lines.
+# Should be "true" or "false"
+#HASH_KNOWN_HOSTS=true
diff --git a/src/common b/src/common
index 471e75a..c0a9030 100644
--- a/src/common
+++ b/src/common
@@ -275,7 +275,7 @@ process_user_id() {
gpg2known_hosts "$keyID" "$userID" >> \
"$cacheDir"/"$userIDHash"."$pubKeyID"
# hash the cache file if specified
- if [ "$HASH_KNOWN_HOSTS" ] ; then
+ if [ "$HASH_KNOWN_HOSTS" = "true" ] ; then
ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
fi
@@ -408,7 +408,7 @@ update_authorized_keys() {
else
log "no gpg keys to add."
fi
- if [ "$userAuthorizedKeys" -a -s "$userAuthorizedKeys" ] ; then
+ if [ "$userAuthorizedKeys" != "-" -a -s "$userAuthorizedKeys" ] ; then
log -n "adding user authorized_keys file... "
cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
echo "done."
diff --git a/src/monkeysphere b/src/monkeysphere
index 79bc352..a6ca62d 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -115,7 +115,7 @@ GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
+USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
@@ -191,11 +191,8 @@ case $COMMAND in
failure "$AUTHORIZED_USER_IDS is empty."
fi
- # set user-controlled authorized_keys file path
- userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"}
-
# update authorized_keys
- update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir"
+ update_authorized_keys "$msAuthorizedKeys" "$USER_CONTROLLED_AUTHORIZED_KEYS" "$userKeysCacheDir"
;;
'gen-subkey'|'g')
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 3cc7454..cdb76ee 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -111,10 +111,10 @@ MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
[ -e "$MS_CONF" ] && . "$MS_CONF"
# set empty config variable with defaults
-GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg}
-KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
+GNUPGHOME=${GNUPGHOME:-"${MS_HOME}/gnupg"}
+KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
+USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
export GNUPGHOME