summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-02-19 00:59:03 -0500
committerJameson Graef Rollins <jrollins@finestructure.net>2009-02-19 00:59:03 -0500
commita7d9d68be60e5d46c016806a47227cd2f2e5a6c7 (patch)
tree93259f1aceeebd54b3c70aef76b44604aad7ab19
parentd09b0814096b1660c3a300e939091a58622a57a6 (diff)
parent68299f9faebcf3c54382aca3d662b35172f6a968 (diff)
Merge commit 'dkg/master'
-rw-r--r--man/man1/monkeysphere.13
-rw-r--r--man/man8/monkeysphere-authentication.825
-rw-r--r--man/man8/monkeysphere-host.84
-rw-r--r--packaging/debian/NEWS22
-rw-r--r--src/share/ma/add_certifier3
-rw-r--r--src/share/ma/setup2
-rw-r--r--src/share/ma/update_users2
-rwxr-xr-xsrc/transition_0.22_0.23179
-rwxr-xr-xtests/basic2
9 files changed, 187 insertions, 55 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 0e80047..3ed43e1 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -152,6 +152,9 @@ Whether or not to hash to the known_hosts file entries (`true').
.TP
MONKEYSPHERE_AUTHORIZED_KEYS
Path to ssh authorized_keys file (~/.ssh/authorized_keys).
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
.SH FILES
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 4d453d3..38df65d 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -131,22 +131,29 @@ The following environment variables will override those specified in
the config file (defaults in parentheses):
.TP
MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeysphere).
+User to control authentication keychain. (monkeysphere)
.TP
MONKEYSPHERE_LOG_LEVEL
-Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
-increasing order of verbosity.
+Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+increasing order of verbosity. (INFO)
.TP
MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (pool.sks-keyservers.net).
+OpenPGP keyserver to use. (pool.sks-keyservers.net)
.TP
MONKEYSPHERE_AUTHORIZED_USER_IDS
-Path to user authorized_user_ids file
-(%h/.monkeysphere/authorized_user_ids).
+Path to user's authorized_user_ids file. %h gets replaced with the
+user's homedir, %u with the username.
+(%h/.monkeysphere/authorized_user_ids)
.TP
MONKEYSPHERE_RAW_AUTHORIZED_KEYS
-Path to user-controlled authorized_keys file. `-' means not to add
-user-controlled file (%h/.ssh/authorized_keys).
+Path to regular ssh-style authorized_keys file to append to
+monkeysphere-generated authorized_keys. `none' means not to add any
+raw authorized_keys file. %h gets replaced with the user's homedir,
+%u with the username. (%h/.ssh/authorized_keys)
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
.SH FILES
@@ -154,7 +161,7 @@ user-controlled file (%h/.ssh/authorized_keys).
/etc/monkeysphere/monkeysphere-authentication.conf
System monkeysphere-authentication config file.
.TP
-/var/lib/monkeysphere/authentication/authorized_keys/USER
+/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.SH AUTHOR
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 330b610..6c97315 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -113,6 +113,10 @@ increasing order of verbosity.
.TP
MONKEYSPHERE_KEYSERVER
OpenPGP keyserver to use (pool.sks-keyservers.net).
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
.SH FILES
diff --git a/packaging/debian/NEWS b/packaging/debian/NEWS
new file mode 100644
index 0000000..3fceea2
--- /dev/null
+++ b/packaging/debian/NEWS
@@ -0,0 +1,22 @@
+monkeysphere (0.23-1) unstable; urgency=low
+
+ * There has been a major interface and data refactoring. Please see the
+ man pages for details. Major changes are listed here:
+ * For end users: monkeysphere-ssh-proxycommand is no more.
+ its functionality has been folded into monkeysphere as a subcommand.
+ So if you are currently using:
+ ssh -oProxyCommand='monkeysphere-ssh-proxycommand %h %p'
+ plese use instead:
+ ssh -oProxyCommand='monkeysphere ssh-proxycommand %h %p'
+ * For sysadmins: monkeysphere-server has been split into
+ monkeysphere-host (for publishing the ssh host key of your machine)
+ and monkeysphere-authentication (for setting up your machine to
+ authenticate users via the OpenPGP Web of Trust)
+ * For too-curious sysadmins: the layout of /var/lib/monkeysphere has
+ changed dramatically. If you did any tricky tweaking of the files in
+ there, you probably want to check that your changes have been
+ preserved after the upgrade. The old files can be found in
+ /var/lib/monkeysphere/backup-from-0.23-transition.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 18 Feb 2009 21:29:22 -0500
+
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 2f29759..b917a74 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -84,7 +84,8 @@ if [ -f "$keyID" ] ; then
# + failure 'could not read key from '\''/root/dkg.gpg'\'''
# + echo 'could not read key from '\''/root/dkg.gpg'\'''
- keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
+ keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) || \
+ failure "There were no gpg keys in the file $keyID."
if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
fi
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6969d71..248406f 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -19,7 +19,7 @@ setup() {
chmod 700 "${GNUPGHOME_CORE}"
mkdir -p "${GNUPGHOME_SPHERE}"
chmod 700 "${GNUPGHOME_SPHERE}"
- mkdir -p "${MADATADIR}"/authorized_keys
+ mkdir -p "${SYSDATADIR}"/authorized_keys
# deliberately replace the config files via truncation
# FIXME: should we be dumping to tmp files and then moving atomically?
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index e9e3cc6..092d108 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -35,7 +35,7 @@ MODE="authorized_keys"
GNUPGHOME="$GNUPGHOME_SPHERE"
# the authorized_keys directory
-authorizedKeysDir="${MADATADIR}/authorized_keys"
+authorizedKeysDir="${SYSDATADIR}/authorized_keys"
# check to see if the gpg trust database has been initialized
if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then
diff --git a/src/transition_0.22_0.23 b/src/transition_0.22_0.23
index 3328e8c..12ef1d2 100755
--- a/src/transition_0.22_0.23
+++ b/src/transition_0.22_0.23
@@ -1,69 +1,164 @@
#!/bin/bash
+# this script should run without any errors.
+set -e
+
# This is a post-install script for monkeysphere, to transition an old
-# (<=0.22) setup to the new (>0.22) setup
+# (<0.23) setup to the new (>=0.23) setup
SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
MADATADIR="${SYSDATADIR}/authentication"
MHDATADIR="${SYSDATADIR}/host"
-############################################################
-### transfer host setup
+STASHDIR="${SYSDATADIR}/backup-from-0.23-transition"
-if [ -d "$SYSDATADIR"/gnupg-host ] ; then
- if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] ; then
+log() {
+ printf "$@" >&2
+}
- # This would be simple, but it would generate a new pgp key,
- #and we don't want that, right?
- #monkeysphere-host expert import_key "$SYSDATADIR"/ssh_host_rsa_key
+# FIXME: implement this function better. here, we only care about
+# dots, *and* about reversing the regexification of them.
+gpg_unescape_and_unregex() {
+ sed 's/\\x5c\././g'
+}
- # create host home
- mkdir -p "${MHDATADIR}"
- mkdir -p "${MHTMPDIR}"
- mkdir -p "${GNUPGHOME_HOST}"
- chmod 700 "${GNUPGHOME_HOST}"
- # transfer the host secret key from the old home to the new
- GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \
- GNUPGHOME="$MHDATADIR" gpg --import
+is_domain_name() {
+ printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$'
+}
- # make sure the ssh_host_rsa_key.pub and ssh_host_rsa_key.pub.gpg
- # files exist
+# run the authentication setup
+monkeysphere-authentication setup
- # anything else?
+# before 0.23, the old gnupg-host data directory used to contain the
+# trust core and the system's ssh host key.
- fi
-
- #rm -rf "$SYSDATADIR"/gnupg-host
-
-fi
+if [ -d "$SYSDATADIR"/gnupg-host ] ; then
-############################################################
-### transfer authentication setup
+### transfer identity certifiers, if they don't already exist in the
+### current setup:
+
+ if [ monkeysphere-authentication list-identity-certifiers | \
+ grep -q '^[A-F0-9]{40}:$' ] ; then
+ log 'There are already certifiers in the new system!\nNot transferring any certifiers.\n'
+ else
+ # get the old host keygrip (don't know why there would be more
+ # than one, but we'll transfer all tsigs made by any key that
+ # had been given ultimate ownertrust):
+ for authgrip in $(GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-ownertrust | \
+ grep ':6:$'
+ sed -r 's/^[A-F0-9]{24}([A-F0-9]{16}):6:$/\1/') ; do
+
+ # we're assuming that old id certifiers were only added by old
+ # versions of m-s c+, which added certifiers by ltsigning
+ # entire keys.
+
+ # so we'll walk the list of tsigs from the old host key, and
+ # add those keys as certifiers to the new system.
+
+ # FIXME: if an admin has run "m-s add-id-certifier $foo"
+ # multiple times for the same $foo, we'll only transfer
+ # one of those certifications (even if later
+ # certifications had different parameters).
+
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --fingerprint --with-colons --fixed-list-mode --check-sigs | \
+ cut -f 1,2,5,8,9,10 -d: | \
+ egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
+ while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
+ case $type in
+ 'fpr') # this is a new key
+ keyfpr=$fpr
+ ;;
+ 'sig') # deal with all trust signatures, including
+ # regexes if present.
+ if [ "$keyfpr" ] ; then
+ trustdepth=${trustparams%% *}
+ trustlevel=${trustparams##* }
+ if [ "$trustlevel" -ge 120 ] ; then
+ truststring=full
+ elif [ "$trustlevel" -ge 60 ] ; then
+ truststring=marginal
+ else
+ # trust levels below marginal are ignored.
+ continue
+ fi
+
+ finaldomain=
+ if [ "$trustdomain" ] ; then
+ # FIXME: deal with translating
+ # $trustdomain back to a domain.
+ if [ printf "%s" "$trustdomain" | egrep -q '^<\[\^>\]\+\[@\.\][^>]+>\$$' ] ; then
+ dpart=$(printf "%s" "$trustdomain" | sed -r 's/^<\[\^>\]\+\[@\.\]([^>]+)>\$$/\1/' | gpg_unescape_and_unregex)
+ if [ is_domain_name "$dpart" ]; then
+ finaldomain="--domain $dpart"
+ else
+ log "Does not seem to be a domain name (%s), not adding certifier\n" "$dpart"
+ continue
+ fi
+ else
+ log "Does not seem to be a standard gpg domain-based tsig (%s), not adding certifier\n" "$trustdomain"
+ continue
+ fi
+ fi
+
+ CERTKEY=$(mktemp ${TMPDIR:-/tmp}/mstransition.XXXXXXXX)
+ log "Adding identity certifier with fingerprint %s\n" "$keyfpr"
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export "0x$keyfpr" --export-clean >"$CERTKEY"
+ MONKEYSPHERE_PROMPT=false monkeysphere-authentication add-identity-certifier $finaldomain --trust "$truststring" --depth "$trustdepth" "$CERTKEY"
+ rm -f "$CERTKEY"
+ # clear the fingerprint so that we don't
+ # make additional tsigs on it if more uids
+ # are present:
+ $keyfpr=
+ fi
+ ;;
+ esac
+ done
+ done
+ fi
-# should we test for something else/better than the existence of this
-# directory to know that we should go through the setup?
-if [ -d "$SYSDATADIR"/gnupg-authentication ] ; then
+### transfer host key information (if present) into the new spot
+
+ if [ -d "${MHDATADIR}" ] ; then
+ log "Not transferring host key info because host directory already exists.\n"
+ else
+ if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] || \
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --with-colons --list-secret-keys | grep -q '^sec:' ; then
+
+ # create host home
+ mkdir -p "${MHDATADIR}"
+ chmod 0700 "${MHDATADIR}"
+
+ log "importing host key from old monkeysphere installation\n"
+ GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \
+ GNUPGHOME="$MHDATADIR" gpg --import
+
+ monkeysphere-host update-gpg-pub-file
+ else
+ log "No host key found in old monkeysphere install; not importing any host key.\n"
+ fi
+ fi
- # run the authentication setup
- monkeysphere-authentication setup
- # transfer certifiers
- # FIXME: how?
- # i think we'll need to run something like
- # gpg_core_sphere_sig_transfer after transfering certifiers ltsigs
+### get rid of this old stuff, since we've transferred it all:
- # do we need to do some sort of transfer of ownertrust?
+ mkdir -p "$STASHDIR"
+ chmod 0700 "$STASHDIR"
+ mv "${SYSDATADIR}/gnupg-host" "$STASHDIR"
+fi
- # move the authorized_keys directory
- mv "$SYSDATADIR"/authorized_keys "$MADATADIR"/
- # do we need to transfer anything else? running update-users will
- # regenerate everything else in the sphere keyring, right?
+# There is nothing in the old authentication directory that we should
+# need to keep around, but it is not unreasonable to transfer keys to
+# the new authentication keyring.
+if [ -d "${SYSDATADIR}/gnupg-authentication" ] ; then
- #rm -rf "$SYSDATADIR"/gnupg-authentication
+ GNUPGHOME="${SYSDATADIR}/gnupg-authentication" gpg --export | \
+ monkeysphere-authentication gpg-cmd --import
+ mkdir -p "$STASHDIR"
+ chmod 0700 "$STASHDIR"
+ mv "${SYSDATADIR}/gnupg-authentication" "$STASHDIR"
fi
-
diff --git a/tests/basic b/tests/basic
index 18e3019..9ae9c1c 100755
--- a/tests/basic
+++ b/tests/basic
@@ -158,7 +158,7 @@ cp "$TESTDIR"/etc/ssh/sshd_config "$SSHD_CONFIG"
# write the sshd_config
cat <<EOF >> "$SSHD_CONFIG"
HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
-AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authentication/authorized_keys/%u
+AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
EOF