diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-16 14:52:20 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-16 15:17:41 -0400 |
| commit | 62ff87e0328bc1406979656029a5e313839cac35 (patch) | |
| tree | 00520511a7d868a5cf93a3036db282050c34134f | |
| parent | c32302172e3533b2170329206ff011d6e3a26a49 (diff) | |
Add log output for keyserver checking.
Fix bug in proxy command to export CHECK_KEYSERVER variable.
| -rw-r--r-- | src/common | 31 | ||||
| -rwxr-xr-x | src/monkeysphere | 1 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 9 |
3 files changed, 23 insertions, 18 deletions
@@ -47,17 +47,17 @@ gpg_fetch_userid() { userID="$1" - # if CHECK_KEYSERVER variable set, check the keyserver - # for the user ID - if [ "CHECK_KEYSERVER" ] ; then - echo 1,2,3,4,5 | \ - gpg --quiet --batch --command-fd 0 --with-colons \ - --keyserver "$KEYSERVER" \ - --search ="$userID" >/dev/null 2>&1 - - # otherwise just return true + log "checking keyserver $KEYSERVER..." + echo 1,2,3,4,5 | \ + gpg --quiet --batch --command-fd 0 --with-colons \ + --keyserver "$KEYSERVER" \ + --search ="$userID" >/dev/null 2>&1 + if [ "$?" = 0 ] ; then + log " user ID found on keyserver." + return 0 else - return + log " user ID not found on keyserver." + return 1 fi } @@ -167,8 +167,11 @@ process_user_id() { fi requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") - # fetch keys from keyserver, return 1 if none found - gpg_fetch_userid "$userID" || return 1 + # if CHECK_KEYSERVER variable set, check the keyserver + # for the user ID + if [ "$CHECK_KEYSERVER" = "true" ] ; then + gpg_fetch_userid "$userID" + fi # output gpg info for (exact) userid and store gpgOut=$(gpg --fixed-list-mode --list-key --with-colons \ @@ -176,7 +179,7 @@ process_user_id() { # return 1 if there only "tru" lines are output from gpg if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then - log " key not found." + log " key not found in keychain." return 1 fi @@ -268,7 +271,7 @@ process_user_id() { # key cache file if [ "$keyOK" -a "$uidOK" -a "${keyIDs[*]}" ] ; then for keyID in ${keyIDs[@]} ; do - log " acceptable key/uid found." + log " acceptable key/userID found." if [ "$MODE" = 'known_hosts' ] ; then # export the key diff --git a/src/monkeysphere b/src/monkeysphere index a6ca62d..230de06 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -113,6 +113,7 @@ MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"} AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} +CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"} REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"} diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index ec162ab..3887e48 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -40,11 +40,12 @@ fi # check for the host key in the known_hosts file hostKey=$(ssh-keygen -F "$HOST") -# if the host key is not found in the known_hosts file, -# check the keyserver -if [ -z "$hostKey" ] ; then - CHECK_KEYSERVER="true" +# if the host key is found in the known_hosts file, +# don't check the keyserver +if [ "$hostKey" ] ; then + CHECK_KEYSERVER="false" fi +export CHECK_KEYSERVER # update the known_hosts file for the host monkeysphere update-known-hosts "$HOST" |