diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-05-26 21:46:33 -0400 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-05-26 21:46:33 -0400 |
| commit | 4f321fb2967f009b8b3330c62bfec2fcc5475418 (patch) | |
| tree | 3634d4d5b8e4adb29faa8f9bb3593d0fe20b1a5a | |
| parent | 19b2668dfef84687e052c42638ad7e696d5fa6a6 (diff) | |
| parent | 4eba4e7e66fc7febb1e7255a649f6b6ad240d653 (diff) | |
merging some changes from jrollins.
| -rw-r--r-- | doc/MonkeySpec | 190 | ||||
| -rw-r--r-- | doc/README | 83 | ||||
| -rw-r--r-- | gpg2ssh/Makefile (renamed from Makefile) | 0 | ||||
| -rw-r--r-- | gpg2ssh/gnutls-helpers.c (renamed from gnutls-helpers.c) | 0 | ||||
| -rw-r--r-- | gpg2ssh/gnutls-helpers.h (renamed from gnutls-helpers.h) | 0 | ||||
| -rw-r--r-- | gpg2ssh/gpg2ssh.c (renamed from gpg2ssh.c) | 0 | ||||
| -rw-r--r-- | gpg2ssh/main.c (renamed from main.c) | 0 | ||||
| -rw-r--r-- | gpg2ssh/ssh2gpg.c (renamed from ssh2gpg.c) | 0 | ||||
| -rwxr-xr-x | howler/howler | 128 | ||||
| -rw-r--r-- | monkeysphere.conf | 8 | ||||
| -rwxr-xr-x | rhesus/rhesus | 436 |
11 files changed, 564 insertions, 281 deletions
diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 7a19df0..3b565db 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -7,99 +7,133 @@ AGENDA [ ] work [x] jrollins will talk and gesture - in progress +MONKEYNAMES +=========== + +rhesus, marmoset, howler, langur, tamarin, barbary + COMPONENTS ========== -* client-side componants -** "Marmoset": update known_hosts file with public key of server(s): -*** be responsible for removing keys from the file as key revocation happens -*** be responsible for updating a key in the file where there is a key replacement -*** must result in a file that is parsable by the existing ssh client without errors -*** manual management must be allowed without stomping on it -*** provide a simple, intelligible, clear policy for key acceptance -*** questions: should this query keyserver & update known host files? (we already - have awesome tool that queries keyservers and updates a web of trust (gpg) -** "Howler": simple script that could be placed as a trigger function (in your .ssh/config) -*** runs on connection to a certain host -*** triggers update to known_hosts file then makes connection -*** proxy-command | pre-hook script | wrapper script -** "Langur": policy-editor for viewing/editing policies - -* server-side componants -** "Rhesus" updates a per-user authorized_keys file, instead of updating a - known_hosts file from a public key by matching a specified user-id (for given - user: update authkeys file with public keys derived from authorized_uids - file) -*** Needs to operate with the same principles that Marmoset client-side does -** "Tamarin" triggers Rhesus during an attempt to initiate a connection or a scheduler (or both) -** "Barbary" - policy editor / viewer - -* common componants -** Create a ssh keypair from a openpgp keypair - -from ssh_config(5): - LocalCommand - Specifies a command to execute on the local machine after suc‐ - cessfully connecting to the server. The command string extends - to the end of the line, and is executed with /bin/sh. This - directive is ignored unless PermitLocalCommand has been enabled. +(names in "" are code names until we think of better ones.) + +common components +----------------- +* "rhesus": update known_hosts/authorized_keys files: + - be responsible for removing keys from the file as key revocation + happens + - be responsible for updating a key in the file where there is a key + replacement + - must result in a file that is parsable by the existing ssh client + without errors + - manual management must be allowed without stomping on it + - provide a simple, intelligible, clear policy for key acceptance + +* "langur": policy-editor for viewing/editing policies + +* gpg2ssh: utility to convert gpg keys to ssh + known_hosts/authorized_keys lines + +* ssh2gpg: create openpgp keypair from ssh keypair + +server-side components +---------------------- +* "howler": server gpg maintainer + - generates gpg keys for the server + - publishes server gpg keys + - used to specify userids to trust for user authentication + +* "tamarin": script to trigger rhesus during attempt to initiate + connection from client + +client-side components +---------------------- +* "marmoset": script to trigger rhesus during attempt to initiate + connection to server + - runs on connection to a certain host + - triggers update to known_hosts file then makes connection + - proxy-command | pre-hook script | wrapper script + - (ssh_config "LocalCommand" is only run *after* connection) + +USE CASE +======== + +Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob +Backstory: http://www.conceptlabs.co.uk/alicebob.html + +Bob wants to sign on to the computer "mangabey" via monkeysphere +framework. He doesn't yet have access to the machine, but he knows +Alice, who is the admin of magabey. Alice and Bob, being the +contientious netizens that they are, have already published their +personal gpg keys to the web of trust, and being good friends, have +both signed each other's keys and marked each others keys with "full" +trust. + +Alice uses howler to publish a gpg key for magabey with the special +"ssh://magabey" URI userid. Alice signs magabey's gpg key and +publishes her signature. Alice then creates a user "bob" on magabey, +and puts Bob's userid in the auth_user_ids file for user bob on +magabey. tamarin triggers on magabey, which triggers rhesus, which +takes all userids in bob's auth_user_ids file, look on a keyserver to +find the public keys for each user, converts the gpg public keys into +ssh public keys if the key validity is acceptable, and finally insert +those keys into an authorized_keys file for bob. + +Bob now adds the "ssh://magabey" userid to the auth_host_ids file in +his account on his localhost. Bob now goes to connect to bob@magabey. +Bob's ssh client, which is monkeysphere enabled, triggers marmoset, +which triggers rhesus on Bob's computer, which takes all server +userids in his auth_host_ids file, looks on a keyserver to find the +public key for each server (based on the server's URI), converts the +gpg public keys into ssh public keys if the key validity is +acceptable, and finally insert those keys into Bob's known_hosts file. + +On Bob's side, since mangabey's key had "full" validity (since it was +signed by Alice whom he fully trusts), Bob's ssh client deems magabey +"known" and no further host key checking is required. + +On magabey's side, since Bob's key has "full" validity (since it had +also been signed by Alice whom magabey fully trusts (since Alice told +him to)), Bob is authenticated to log into bob@magabey. NOTES ===== + * Daniel and Elliot lie. <check> -* We will use a distributed VCS, each developer will create their own git repository and publish it publically for others to pull from, mail out +* We will use a distributed VCS, each developer will create their own + git repository and publish it publicly for others to pull from, mail + out * public project page doesn't perhaps make sense yet -* approximate goal - using the web of trust to authenticate ppl for SSH +* approximate goal - using the web of trust to authenticate ppl for + SSH * outline of various components of monkeysphere -* M: what does it mean to be in the monkeysphere? not necessarily a great coder. -* J: interested in seeing project happen, not in actually doing it. anybody can contribute as much as they want. -* J: if we put the structure in place to work on monkeysphere then we don't have to do anything +* M: what does it mean to be in the monkeysphere? not necessarily a + great coder. +* J: interested in seeing project happen, not in actually doing it. + anybody can contribute as much as they want. +* J: if we put the structure in place to work on monkeysphere then we + don't have to do anything * D: we are not creating -* understand gpg's keyring better, understanding tools better, building scripts +* understand gpg's keyring better, understanding tools better, + building scripts * Some debian packages allow automated configuration of config files. - * GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH -* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without modifying either openpgp and openssh -* DESIGN GOALS - authentication, use the existing generic OpenSSH client, the admin can make it default, although end-user should be decide to use monkeysphere or not -* DESIGN GOAL - use of monkeysphere should not radically change connecting-to-server experience +* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without + modifying either openpgp and openssh +* DESIGN GOALS - authentication, use the existing generic OpenSSH + client, the admin can make it default, although end-user should be + decide to use monkeysphere or not +* DESIGN GOAL - use of monkeysphere should not radically change + connecting-to-server experience * GOAL - pick a monkey-related name for each component -Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob -Backstory: http://www.conceptlabs.co.uk/alicebob.html +Host identity piece of monkeysphere could be used without buying into +the authorization component. -* Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere - framework. He doesn't have access to the machine, but he knows Alice, who is - the admin of magabey. Alice creates a user bob and puts bob's userid in the - auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all - the things in the auth_userids file, takes those users, look son a keyserver - finds the public keys for the users, converts the gpg public keys into ssh - public keys and inserts those into a user_authorized_keys file. Bob goes to - connect, bob's ssh client which is monkeysphere enbaled, howler is triggered - which triggers marmoset which looks out into the web of trust and find an - OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks - to see if this key for mangabey has been signed by any keys that you trust - (based on your policy). Has this key been signed by somebody that you trust? - If yes, connect, if no: abort or fail-through or whatever. Alice has signed - this uid, so Marmoset says "OK, this server has been verified" it then - converts the gpg public key into a ssh public key and then adds this gpg key - to the known_host file. ssh says, "you" are about to connect to magabey and - you know this is magabey because alice says so and you trust alice". The gpg - private key of bob has to be converted (somehow, via agent or something) into - a ssh private_key. SSH connection happens. - -Host identity piece of monkeysphere could be used without buying into the -authorization component. - -Monkeysphere is authentication layer that allows the sysadmin to perform -authorization on user identities instead of on keys, it additionally allows the -sysadmin also to authenticate the server to the end-user. +Monkeysphere is authentication layer that allows the sysadmin to +perform authorization on user identities instead of on keys, it +additionally allows the sysadmin also to authenticate the server to +the end-user. git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere - -Fix gpgkey2ssh so that the entire key fingerprint will work, accept full fingerprint, or accept a pipe and do the conversion -Write manpage for gpgkey2ssh -gpg private key (start with passwordless) to PEM encoded private key: perl libraries, libopencdk / gnutls, gpgme -setup remote git repo -think through / plan merging of known_hosts (& auth_keys?) -think about policies and their representation
\ No newline at end of file @@ -1,5 +1,82 @@ - Monkeysphere - ------------ +Monkeysphere README +=================== +Default files locations (by variable): -This is the README! +MS_HOME=~/.config/monkeysphere +MS_CONF=$MS_HOME/monkeysphere.conf +AUTH_HOST_FILE=$MS_HOME/auth_host_ids +AUTH_USER_FILE=$MS_HOME/auth_user_ids +GNUPGHOME=~/.gnupg +STAGING_AREA=$MS_HOME + +$STAGING_AREA/host_keys/KEYHASH +$STAGING_AREA/known_hosts +$STAGING_AREA/user_keys/KEYHASH +$STAGING_AREA/authorized_keys + +user usage +---------- +For a user to update their ms known_hosts file: + +$ rhesus --known_hosts + +For a user to update their ms authorized_keys file: + +$ rhesus --authorized_keys + +server service publication +-------------------------- +To publish a server host key use the "howler" component: + +# howler gen-key +# howler publish-key + +This will generate the key for server with the service URI +(ssh://server.hostname). The server admin should now sign the server +key so that people in the admin's web of trust can authenticate the +server without manual host key checking: + +$ gpg --search ='ssh://server.hostname' +$ gpg --sign-key 'ssh://server.hostname' + +server authorized_keys maintenance +---------------------------------- +A system can maintain ms authorized_keys files for it's users. Some +different variables need to be defined to help manage this. The way +this is done is by first defining a new MS_HOME: + +MS_HOME=/etc/monkeysphere + +This directory would then have a monkeysphere.conf which defines the +following variables: + +AUTH_USER_FILE="$MS_HOME"/auth_user_ids/"$USER" +STAGING_AREA=/var/lib/monkeysphere/stage/$USER +GNUPGHOME=$MS_HOME/gnupg + +For each user account on the server, the userids of people authorized +to log into that account would be placed in the AUTH_USER_FILE for +that user. However, in order for users to become authenticated, the +server must determine that the user keys have "full" validity. This +means that the server must fully trust at least one person whose +signature on the connecting users key would validate the user. This +would generally be the server admin. If the server admin's userid is + +"Alice <alice@foo.com>" + +then the server would run: + +# howler trust-uids "Alice <alice@foo.com>" + +To update the ms authorized_keys file for user "bob", the system would +then run the following: + +# USER=bob MS_HOME=/etc/monkeysphere rhesus --authorized_keys + +To update the ms authorized_keys file for all users on the the system: + +MS_HOME=/etc/monkeysphere +for USER in $(ls -1 /etc/monkeysphere/auth_user_ids) ; do + rhesus --authorized_keys +done diff --git a/Makefile b/gpg2ssh/Makefile index aa18aaa..aa18aaa 100644 --- a/Makefile +++ b/gpg2ssh/Makefile diff --git a/gnutls-helpers.c b/gpg2ssh/gnutls-helpers.c index 6eae29e..6eae29e 100644 --- a/gnutls-helpers.c +++ b/gpg2ssh/gnutls-helpers.c diff --git a/gnutls-helpers.h b/gpg2ssh/gnutls-helpers.h index 9ea22a3..9ea22a3 100644 --- a/gnutls-helpers.h +++ b/gpg2ssh/gnutls-helpers.h diff --git a/gpg2ssh.c b/gpg2ssh/gpg2ssh.c index a1e94df..a1e94df 100644 --- a/gpg2ssh.c +++ b/gpg2ssh/gpg2ssh.c diff --git a/ssh2gpg.c b/gpg2ssh/ssh2gpg.c index b14a540..b14a540 100644 --- a/ssh2gpg.c +++ b/gpg2ssh/ssh2gpg.c diff --git a/howler/howler b/howler/howler new file mode 100755 index 0000000..d0bb13d --- /dev/null +++ b/howler/howler @@ -0,0 +1,128 @@ +#!/bin/sh + +# howler: monkeysphere server gpg generator/publisher/maintainer +# +# Written by +# Jameson Rollins <jrollins@fifthhorseman.net> +# +# Copyright 2008, released under the GPL, version 3 or later + +PGRM=$(basename $0) + +######################################################################## +# FUNCTIONS +######################################################################## + +usage() { +cat <<EOF +usage: $PGRM gen-key + $PGRM publish-key + $PGRM trust-uids USERID [USERID...] + $PGRM help +EOF +} + +failure() { + echo "$1" >&2 + exit ${2:-'1'} +} + +# generate server gpg key +gen_key() { + KEY_TYPE=${KEY_TYPE:-RSA} + KEY_LENGTH=${KEY_LENGTH:-2048} + KEY_USAGE=${KEY_USAGE:-encrypt,auth} + SERVICE=${SERVICE:-ssh} + HOSTNAME_FQDN=${HOSTNAME_FQDN:-$(hostname -f)} + + USERID=${USERID:-"$SERVICE"://"$HOSTNAME_FQDN"} + + echo "key parameters:" + cat <<EOF +Key-Type: $KEY_TYPE +Key-Length: $KEY_LENGTH +Key-Usage: $KEY_USAGE +Name-Real: $USERID +EOF + + read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." + fi + + if gpg --list-key ="$USERID" > /dev/null 2>&1 ; then + failure "key for '$USERID' already exists" + fi + + echo "generating server key..." + gpg --batch --gen-key <<EOF +Key-Type: $KEY_TYPE +Key-Length: $KEY_LENGTH +Key-Usage: $KEY_USAGE +Name-Real: $USERID +%commit +EOF +} + +publish_key() { + read -p "publish key to $KEYSERVER? [Y|n]: " OK; OK=${OK:=Y} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." + fi + + keyID=$(gpg --list-key --with-colons ="$USERID" 2> /dev/null | grep '^pub:' | cut -d: -f5) + + # dummy command so as not to publish fakes keys during testing + # eventually: + #gpg --send-keys --keyserver "$KEYSERVER" "$keyID" + echo "gpg --send-keys --keyserver $KEYSERVER $keyID" +} + +# FIXME: need to figure out how to automate this, in a batch mode +# or something. +trust_uids() { + for userID ; do + gpg --keyserver "$KEYSERVER" --search ="$userID" + gpg --edit-key "$userID" + done +} + +######################################################################## +# MAIN +######################################################################## + +# set ms home directory +MS_HOME=${MS_HOME:-/etc/monkeysphere} + +# load configuration file +MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf} +[ -e "$MS_CONF" ] && . "$MS_CONF" + +GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg} +export GNUPGHOME +KEYSERVER=${KEYSERVER:-subkeys.pgp.net} +export KEYSERVER + +COMMAND="$1" +[ "$COMMAND" ] || failure "Type '$PGRM help' for usage." +shift 1 + +case $COMMAND in + 'gen-key') + gen_key + ;; + 'publish-key') + publish_key + ;; + 'trust-uids') + trust_uids "$@" + ;; + 'help') + usage + exit + ;; + *) + failure "Unknown command: '$COMMAND' +Type '$PGRM help' for usage." + ;; +esac diff --git a/monkeysphere.conf b/monkeysphere.conf index a54b6bd..cd5e3b2 100644 --- a/monkeysphere.conf +++ b/monkeysphere.conf @@ -13,11 +13,3 @@ GNUPGHOME=/etc/monkeysphere/gnupg # gpg keyserver to search for keys KEYSERVER=subkeys.pgp.net - -# acceptable key capabilities for user keys -# can be any combination of: -# e = encrypt -# s = sign -# c = certify -# a = authentication -REQUIRED_KEY_CAPABILITY='sca' diff --git a/rhesus/rhesus b/rhesus/rhesus index fc2f2f5..7a43fca 100755 --- a/rhesus/rhesus +++ b/rhesus/rhesus @@ -2,31 +2,24 @@ # rhesus: monkeysphere authorized_keys/known_hosts generating script # -# When run as a normal user, no special configuration is needed. -# -# When run as an administrator to update users' authorized_keys files, -# the following environment variables should be defined first: -# -# MS_CONF=/etc/monkeysphere/monkeysphere.conf -# USER=foo -# -# ie: -# -# for USER in $(ls -1 /home) ; do -# MS_CONF=/etc/monkeysphere/monkeysphere.conf rhesus --authorized_keys -# done -# # Written by # Jameson Rollins <jrollins@fifthhorseman.net> # # Copyright 2008, released under the GPL, version 3 or later -CMD=$(basename $0) +PGRM=$(basename $0) + +######################################################################## +# FUNCTIONS +######################################################################## usage() { cat <<EOF -usage: $CMD -k|--known_hosts - $CMD -a|--authorized_keys +usage: $PGRM k|known_hosts [userid...] + $PGRM a|authorized_keys [userid...] +Monkeysphere update of known_hosts or authorized_keys file. +If userids are specified, only specified userids will be processed +(userids must be included in the appropriate auth_*_ids file). EOF } @@ -40,125 +33,177 @@ log() { echo "$@" } +# cut out all comments(#) and blank lines from standard input meat() { - grep -v -e "^[[:space:]]*#" -e '^$' "$1" + grep -v -e "^[[:space:]]*#" -e '^$' } +# cut a specified line from standard input cutline() { head --line="$1" | tail -1 } -# stand in for dkg's gpg2ssh program -gpg2ssh() { +# retrieve all keys with given user id from keyserver +# FIXME: need to figure out how to retrieve all matching keys +# (not just first 5) +gpg_fetch_keys() { + local id + id="$1" + echo 1,2,3,4,5 | \ + gpg --quiet --batch --command-fd 0 --with-colons \ + --keyserver "$KEYSERVER" \ + --search ="$id" >/dev/null 2>&1 +} + +# convert escaped characters from gpg output back into original +# character +# FIXME: undo all escape character translation in with-colons gpg output +unescape() { + echo "$1" | sed 's/\\x3a/:/' +} + +# stand in until we get dkg's gpg2ssh program +gpg2ssh_tmp() { + local mode + local keyID + mode="$1" - keyid="$2" - if [ "$mode" = '--authorized_keys' -o "$mode" = '-a' ] ; then - gpgkey2ssh "$keyid" | sed -e "s/COMMENT/$userid/" - elif [ "$mode" = '--known_hosts' -o "$mode" = '-k' ] ; then - echo -n "$userid "; gpgkey2ssh "$keyid" | sed -e 's/ COMMENT//' + keyID="$2" + userID="$3" + + if [ "$mode" = 'authorized_keys' -o "$mode" = 'a' ] ; then + gpgkey2ssh "$keyID" | sed -e "s/COMMENT/$userID/" + elif [ "$mode" = 'known_hosts' -o "$mode" = 'k' ] ; then + echo -n "$userID "; gpgkey2ssh "$keyID" | sed -e 's/ COMMENT//' + fi +} + +# userid and key policy checking +# the following checks policy on the returned keys +# - checks that full key has appropriate valididy (u|f) +# - checks key has appropriate capability (E|A) +# - checks that particular desired user id has appropriate validity +# see /usr/share/doc/gnupg/DETAILS.gz +# FIXME: add some more status output +# expects global variable: "mode" +process_user_id() { + local userID + local cacheDir + local keyOK + local keyCapability + local keyFingerprint + local userIDHash + + userID="$1" + cacheDir="$2" + + # fetch all keys from keyserver + # if none found, break + if ! gpg_fetch_keys "$userID" ; then + echo " no keys found." + return fi + + # some crazy piping here that takes the output of gpg and + # pipes it into a "while read" loop that reads each line + # of standard input one-by-one. + gpg --fixed-list-mode --list-key --with-colons \ + --with-fingerprint ="$userID" 2> /dev/null | \ + cut -d : -f 1,2,5,10,12 | \ + while IFS=: read -r type validity keyid uidfpr capability ; do + # process based on record type + case $type in + 'pub') + # new key, wipe the slate + keyOK= + keyCapability= + keyFingerprint= + # check primary key validity + if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then + continue + fi + # check capability is not Disabled... + if echo "$capability" | grep -q 'D' ; then + continue + fi + # check capability is Encryption and Authentication + # FIXME: make more flexible capability specification + # (ie. in conf file) + if echo "$capability" | grep -q -v 'E' ; then + if echo "$capability" | grep -q -v 'A' ; then + continue + fi + fi + keyCapability="$capability" + keyOK=true + keyID="$keyid" + ;; + 'fpr') + # if key ok, get fingerprint + if [ "$keyOK" ] ; then + keyFingerprint="$uidfpr" + fi + ;; + 'uid') + # check key ok and we have key fingerprint + if [ -z "$keyOK" -o -z "$keyFingerprint" ] ; then + continue + fi + # check key validity + if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then + continue + fi + # check the uid matches + if [ "$(unescape "$uidfpr")" != "$userID" ] ; then + continue + fi + # convert the key + # FIXME: needs to apply extra options if specified + echo -n " valid key found; generating ssh key(s)... " + userIDHash=$(echo "$userID" | sha1sum | awk '{ print $1 }') + # export the key with gpg2ssh + #gpg --export "$keyFingerprint" | gpg2ssh "$mode" > "$cacheDir"/"$userIDHash"."$keyFingerprint" + # stand in until we get dkg's gpg2ssh program + gpg2ssh_tmp "$mode" "$keyID" "$userID" > "$cacheDir"/"$userIDHash"."$keyFingerprint" + if [ "$?" = 0 ] ; then + echo "done." + else + echo "error." + fi + ;; + esac + done } -# expects global variables -# mode REQUIRED_KEY_CAPABILITY ids_file key_dir -process_keys() { - local nlines - local n - local userid - local userid_hash - local return - local pub_info - local key_trust - local key_capability - local gen_key - unset gen_key +# process the auth_*_ids file +# go through line-by-line, extracting and processing each user id +# expects global variable: "mode" +process_auth_file() { + local authIDsFile + local cacheDir + local nLines + local line + local userID - # find number of user ids in auth_user_ids file - nlines=$(meat "$ids_file" | wc -l) + authIDsFile="$1" + cacheDir="$2" - # make sure gpg home exists with proper permissions - mkdir -p -m 0700 "$GNUPGHOME" + # find number of user ids in auth_user_ids file + nLines=$(meat <"$authIDsFile" | wc -l) # clean out keys file and remake keys directory - rm -rf "$key_dir" - mkdir -p "$key_dir" - - # loop through all user ids, and generate ssh keys - for n in $(seq 1 $nlines) ; do - - # get id - userid=$(meat "$ids_file" | cutline "$n" ) - userid_hash=$(echo "$userid" | sha1sum | awk '{ print $1 }') - - # search for key on keyserver - log "validating: '$userid'" - return=$(echo 1 | gpg --quiet --batch --command-fd 0 --with-colons --keyserver "$KEYSERVER" --search ="$userid") - - # if the key was found... - if [ "$return" ] ; then - echo " key found." - - # checking key attributes - # see /usr/share/doc/gnupg/DETAILS.gz - - pub_info=$(gpg --fixed-list-mode --with-colons --list-keys --with-fingerprint ="$userid" | grep '^pub:') - if [ -z "$pub_info" ] ; then - echo " error getting pub info -> SKIPPING" - continue - fi - - # extract needed fields - key_trust=$(echo "$pub_info" | cut -d: -f2) - keyid=$(echo "$pub_info" | cut -d: -f5) - key_capability=$(echo "$pub_info" | cut -d: -f12) - - # check if key disabled - if echo "$key_capability" | grep -q '[D]' ; then - echo " key disabled -> SKIPPING" - continue - fi - - # check key capability - if echo "$key_capability" | grep -q '[$REQUIRED_KEY_CAPABILITY]' ; then - echo " key capability verified ('$key_capability')." - else - echo " unacceptable key capability ('$key_capability') -> SKIPPING" - continue - fi - - # if key is not fully trusted exit - # (this includes not revoked or expired) - # determine trust - echo -n " key " - case "$key_trust" in - 'i') - echo -n "invalid" ;; - 'r') - echo -n "revoked" ;; - 'e') - echo -n "expired" ;; - '-'|'q'|'n'|'m') - echo -n "has unacceptable trust" ;; - 'f'|'u') - echo -n "fully trusted" - gen_key=true - ;; - *) - echo -n "has unknown trust" ;; - esac - - if [ "$gen_key" ] ; then - # convert pgp key to ssh key, and write to cache file - echo -n " -> generating ssh key... " - gpg2ssh "$mode" "$keyid" > "$key_dir"/"$userid_hash" - echo "done." - else - echo ". -> SKIPPING" - fi - - else - echo " key not found." - fi + rm -rf "$cacheDir" + mkdir -p "$cacheDir" + + # loop through all user ids + for line in $(seq 1 $nLines) ; do + # get user id + # FIXME: needs to handle extra options if necessary + userID=$(meat <"$authIDsFile" | cutline "$line" ) + + # process the user id and extract keys + log "processing user id: '$userID'" + process_user_id "$userID" "$cacheDir" done } @@ -180,11 +225,13 @@ if ! id -u "$USER" > /dev/null 2>&1 ; then failure "invalid user '$USER'." fi +# set user home directory HOME=$(getent passwd "$USER" | cut -d: -f6) +# set ms home directory MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere} -# load conf file +# load configuration file MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf} [ -e "$MS_CONF" ] && . "$MS_CONF" @@ -194,78 +241,83 @@ AUTH_HOST_FILE=${AUTH_HOST_FILE:-"$MS_HOME"/auth_host_ids} AUTH_USER_FILE=${AUTH_USER_FILE:-"$MS_HOME"/auth_user_ids} GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg} KEYSERVER=${KEYSERVER:-subkeys.pgp.net} -REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-'a'} +USER_KNOW_HOSTS="$HOME"/.ssh/known_hosts +USER_AUTHORIZED_KEYS="$HOME"/.ssh/authorized_keys + +# export USER and GNUPGHOME variables, since they are used by gpg export USER export GNUPGHOME -host_keys_dir="$STAGING_AREA"/host_keys -user_keys_dir="$STAGING_AREA"/user_keys -known_hosts_stage_file="$STAGING_AREA"/known_hosts -authorized_keys_stage_file="$STAGING_AREA"/authorized_keys - -# act on mode -if [ "$mode" = '--known_hosts' -o "$mode" = '-k' ] ; then - - # set variables for process_keys command - ids_file="$AUTH_HOST_FILE" - log -n "[$USER] " - if [ ! -s "$ids_file" ] ; then - echo "auth_host_ids file is empty or does not exist." - exit - else - echo "updating known_hosts file..." - fi - key_dir="$host_keys_dir" - - # process the keys - process_keys - - # write known_hosts file - > "$known_hosts_stage_file" - if [ $(ls "$key_dir") ] ; then - log -n "writing known_hosts stage file..." - cat "$key_dir"/* > "$known_hosts_stage_file" - echo "done." - else - log "no gpg keys to add to known_hosts file." - fi - if [ -s "$HOME"/.ssh/known_hosts ] ; then - log -n "adding user known_hosts file... " - cat "$HOME"/.ssh/known_hosts >> "$known_hosts_stage_file" - echo "done." - fi - log "known_hosts file updated: $known_hosts_stage_file" - -elif [ "$mode" = '--authorized_keys' -o "$mode" = '-a' ] ; then - - # set variables for process_keys command - ids_file="$AUTH_USER_FILE" - log -n "[$USER] " - if [ ! -s "$ids_file" ] ; then - echo "auth_user_ids file is empty or does not exist." - exit - else - echo "updating authorized_keys file:" - fi - key_dir="$user_keys_dir" - - # process the keys - process_keys - - # write authorized_keys file - > "$authorized_keys_stage_file" - if [ $(ls "$key_dir") ] ; then - log -n "writing ms authorized_keys file... " - cat "$key_dir"/* > "$authorized_keys_stage_file" - echo "done." - else - log "no gpg keys to add to authorized_keys file." - fi - if [ -s "$HOME"/.ssh/authorized_keys ] ; then - log -n "adding user authorized_keys file... " - cat "$HOME"/.ssh/authorized_keys >> "$authorized_keys_stage_file" - echo "done." - fi - log "authorized_keys file updated: $authorized_keys_stage_file" +# stagging locations +hostKeysCacheDir="$STAGING_AREA"/host_keys +userKeysCacheDir="$STAGING_AREA"/user_keys +msKnownHosts="$STAGING_AREA"/known_hosts +msAuthorizedKeys="$STAGING_AREA"/authorized_keys + +# set mode variables +if [ "$mode" = 'known_hosts' -o "$mode" = 'k' ] ; then + fileType=known_hosts + authFileType=auth_host_ids + authIDsFile="$AUTH_HOST_FILE" + outFile="$msKnownHosts" + cacheDir="$hostKeysCacheDir" + userFile="$USER_KNOWN_HOSTS" +elif [ "$mode" = 'authorized_keys' -o "$mode" = 'a' ] ; then + fileType=authorized_keys + authFileType=auth_user_ids + authIDsFile="$AUTH_USER_FILE" + outFile="$msAuthorizedKeys" + cacheDir="$userKeysCacheDir" + userFile="$USER_AUTHORIZED_KEYS" +else + failure "unknown command '$mode'." +fi + +# check auth ids file +if [ ! -s "$authIDsFile" ] ; then + echo "'$authFileType' file is empty or does not exist." + exit +fi + +log "user '$USER': monkeysphere $fileType generation" + +# make sure gpg home exists with proper permissions +mkdir -p -m 0700 "$GNUPGHOME" + +# if users are specified on the command line, process just +# those users +if [ "$1" ] ; then + # process userids given on the command line + for userID ; do + if ! grep -q "$userID" "$authIDsFile" ; then + log "userid '$userID' not in $authFileType file." + continue + fi + log "processing user id: '$userID'" + process_user_id "$userID" "$cacheDir" + done +# otherwise if no users are specified, process the entire +# auth_*_ids file +else + # process the auth file + process_auth_file "$authIDsFile" "$cacheDir" +fi + +# write output key file +log "writing ms $fileType file... " +> "$outFile" +if [ "$(ls "$cacheDir")" ] ; then + log -n "adding gpg keys... " + cat "$cacheDir"/* > "$outFile" + echo "done." +else + log "no gpg keys to add." +fi +if [ -s "$userFile" ] ; then + log -n "adding user $fileType file... " + cat "$userFile" >> "$outFile" + echo "done." fi +log "ms $fileType file generated:" +log "$outFile" |