diff options
author | Matt Goins <mjgoins@openflows.com> | 2009-02-18 15:19:17 -0500 |
---|---|---|
committer | Matt Goins <mjgoins@openflows.com> | 2009-02-18 15:19:17 -0500 |
commit | 3b48f2e80fac8d0fc62537ed07b3d1f1946648cd (patch) | |
tree | 2feb4c03aac92cacb7a37eda9def378bde4ee5a3 | |
parent | 82c81bafc0e49dcd6aa507b14cf78af35a609368 (diff) | |
parent | eff43adce6a763d622fcc254e7cdc210d4573103 (diff) |
Merge commit 'jrollins/master'
-rw-r--r-- | man/man8/monkeysphere-authentication.8 | 30 | ||||
-rw-r--r-- | man/man8/monkeysphere-host.8 | 31 | ||||
-rwxr-xr-x | packaging/debian/monkeysphere.postinst | 4 | ||||
-rwxr-xr-x | src/monkeysphere-authentication | 36 | ||||
-rwxr-xr-x | src/monkeysphere-host | 8 | ||||
-rw-r--r-- | src/share/ma/add_certifier | 5 | ||||
-rw-r--r-- | src/share/ma/list_certifiers | 42 | ||||
-rw-r--r-- | src/share/ma/remove_certifier | 2 | ||||
-rw-r--r-- | src/share/ma/setup | 12 | ||||
-rw-r--r-- | src/share/mh/import_key | 4 | ||||
-rw-r--r-- | src/share/mh/set_expire | 2 |
11 files changed, 109 insertions, 67 deletions
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 9b8baa9..4d453d3 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -21,13 +21,7 @@ authentication. .SH SUBCOMMANDS -\fBmonkeysphere-authentication\fP takes various subcommands. -.TP -.B setup -Setup the server for Monkeysphere user authentication. This command -is idempotent, which means it can be run multiple times to make sure -the setup is correct, without adversely affecting existing setups. -`s' may be used in place of `setup'. +\fBmonkeysphere-authentication\fP takes various subcommands: .TP .B update-users [ACCOUNT]... Rebuild the monkeysphere-controlled authorized_keys files. For each @@ -62,6 +56,21 @@ Instruct system to ignore user identity certifications made by KEYID. List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-id-certifiers'. .TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. +.TP +.B version +show version number + +Other commands: +.TP +.B setup +Setup the server for Monkeysphere user authentication. This command +is idempotent and run automatically by the other commands, and should +therefore not usually need to be run manually. `s' may be used in +place of `setup'. +.TP .B diagnostics Review the state of the server with respect to authentication. `d' may be used in place of `diagnostics'. @@ -72,13 +81,6 @@ authentication "sphere" keyring. This takes a single argument (multiple gpg arguments need to be quoted). Use this command with caution, as modifying the authentication sphere keyring can affect ssh user authentication. -.TP -.B help -Output a brief usage summary. `h' or `?' may be used in place of -`help'. -.TP -.B version -show version number .SH SETUP USER AUTHENTICATION diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 062f0aa..330b610 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,6 +23,14 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP +.B import-key [NAME[:PORT]] +Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is +used to specify the hostname (and port) used in the user ID of the new +OpenPGP key. If NAME is not specified, then the system +fully-qualified domain name will be used (ie. `hostname -f'). If PORT +is not specified, the no port is added to the user ID, which means +port 22 is assumed. `i' may be used in place of `import-key'. +.TP .B show-key Output information about host's OpenPGP and SSH keys. `s' may be used in place of `show-key'. @@ -61,13 +69,15 @@ Revoke the host's OpenPGP key. `r' may be used in place of Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. .TP -.B import-key [NAME[:PORT]] -Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is -used to specify the hostname (and port) used in the user ID of the new -OpenPGP key. If NAME is not specified, then the system -fully-qualified domain name will be used (ie. `hostname -f'). If PORT -is not specified, the no port is added to the user ID, which means -port 22 is assumed. `i' may be used in place of `import-key'. +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. +.TP +.B version +show version number + + +Other commands: .TP .B diagnostics Review the state of the monkeysphere server host key and report on @@ -75,13 +85,6 @@ suggested changes. Among other checks, this includes making sure there is a valid host key, that the key is published, that the sshd configuration points to the right place, etc. `d' may be used in place of `diagnostics'. -.TP -.B help -Output a brief usage summary. `h' or `?' may be used in place of -`help'. -.TP -.B version -show version number .SH SETUP HOST AUTHENTICATION diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index c697ae2..8e79771 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -17,8 +17,8 @@ if ! getent passwd monkeysphere >/dev/null ; then monkeysphere fi -# import the host ssh key into the monkeysphere, with no expiration -# FIXME: figure out how to do this best +# setup monkeysphere authentication +monkeysphere-authentication setup # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index c349e6f..8a4146f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -14,6 +14,9 @@ ######################################################################## set -e +# set the pipefail option so pipelines fail on first command failure +set -o pipefail + PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} @@ -52,7 +55,6 @@ usage: $PGRM <subcommand> [options] [args] Monkeysphere authentication admin tool. subcommands: - setup (s) setup monkeysphere user authentication update-users (u) [USER]... update user authorized_keys files add-id-certifier (c+) KEYID import and tsign a certification key --domain (-n) DOMAIN limit ID certifications to DOMAIN @@ -95,19 +97,12 @@ core_fingerprint() { | grep ^fpr: | cut -d: -f10 } -# fail if authentication has not been setup -check_no_setup() { - # FIXME: what is the right test to do here? - [ -d "$MADATADIR" ] \ - || failure "This host appears to have not yet been set up for Monkeysphere authentication. -Please run 'monkeysphere-authentication setup' first." -} - # export signatures from core to sphere gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." gpg_core --export-options export-local-sigs --export | \ - gpg_sphere "--import-options import-local-sigs --import" + gpg_sphere "--import-options import-local-sigs --import" \ + 2>&1 | log debug } ######################################################################## @@ -164,40 +159,47 @@ shift case $COMMAND in 'setup'|'setup'|'s') source "${MASHAREDIR}/setup" - setup "$@" + setup ;; 'update-users'|'update-user'|'u') - check_no_setup + source "${MASHAREDIR}/setup" + setup source "${MASHAREDIR}/update_users" update_users "$@" ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') - check_no_setup + source "${MASHAREDIR}/setup" + setup source "${MASHAREDIR}/add_certifier" add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') - check_no_setup + source "${MASHAREDIR}/setup" + setup source "${MASHAREDIR}/remove_certifier" remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') - check_no_setup + source "${MASHAREDIR}/setup" + setup source "${MASHAREDIR}/list_certifiers" - list_certifiers "$@" + list_certifiers ;; 'diagnostics'|'d') + source "${MASHAREDIR}/setup" + setup source "${MASHAREDIR}/diagnostics" diagnostics ;; 'gpg-cmd') - check_no_setup + source "${MASHAREDIR}/setup" + setup gpg_sphere "$@" ;; diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 11121cc..c7e011b 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -80,7 +80,8 @@ gpg_host() { GNUPGHOME="$GNUPGHOME_HOST" gpg "$@" } -# command to list the info about the host key, in colon format +# command to list the info about the host key, in colon format, to +# stdout gpg_host_list() { gpg_host --list-keys --with-colons --fixed-list-mode \ --with-fingerprint --with-fingerprint \ @@ -92,8 +93,9 @@ gpg_host_list() { # FIXME: should we supress all the edit script spew? or pipe it # through log debug? gpg_host_edit() { - gpg_host --quiet --command-fd 0 --edit-key \ - "0x${HOST_FINGERPRINT}!" "$@" + gpg_host --no-greeting --quiet \ + --command-fd 0 --no-tty --edit-key \ + "0x${HOST_FINGERPRINT}!" "$@" 2>&1 | log debug } # export the host public key to the monkeysphere gpg pub key file diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 54ea673..d34f0de 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -151,14 +151,15 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \ + 2>&1 | log debug ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer # update the sphere trustdb log debug "updating sphere trustdb..." - gpg_sphere "--check-trustdb" + gpg_sphere "--check-trustdb" 2>&1 | log debug log info "Identity certifier added." else diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index 5a0388e..a02487d 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -18,6 +18,9 @@ list_certifiers() { local keys local key local authfpr +local keyfpr +local uid +local printedfpr # find trusted keys in sphere keychain log debug "finding trusted keys..." @@ -37,19 +40,48 @@ authgrip=$(core_fingerprint | cut -b 25-40) gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ cut -f 1,2,5,8,9,10 -d: | \ - egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ + egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ while IFS=: read -r type validity grip trustparams trustdomain fpr ; do case $type in 'fpr') # this is a new key keyfpr=$fpr + uid= + printedfpr=no ;; - 'sig') # print all trust signatures, including regexes if present - trustdepth=${trustparams%% *} - trustlevel=${trustparams##* } + 'uid') # here comes a user id (if we don't have a key, or the + # uid has no calculated validity, we will not bother + # with it): + if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then + uid="$fpr" + else + uid= + fi + ;; + 'uat') # this is a user attribute. DETAILS.gz states that the + # 10th field is the number of user attribute + # subpackets, followed by the total number of bytes of + # the subpackets: + if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then + uid=$(printf "%d JPEG(?) image(s), total %d bytes" \ + "${fpr%% *}" "${fpr##* }") + else + uid= + fi + ;; + 'sig') # print all trust signatures, including regexes if + # present, assuming that + if [ "$keyfpr" ] && [ "$uid" ] ; then + trustdepth=${trustparams%% *} + trustlevel=${trustparams##* } + if [ "$printedfpr" = no ] ; then + printf "%s:\n" "$keyfpr" + printedfpr=yes + fi # FIXME: this is clumsy and not human-friendly. we should # print out more human-readable information, if possible. - printf "%s:%d:%d:%s\n" "$keyfpr" "$trustdepth" "$trustlevel" "$trustdomain" + printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain" + fi ;; esac done diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 8271ae0..10aa67b 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -36,7 +36,6 @@ else fi # delete the requested key from the sphere keyring -# FIXME: should this be a revokation instead of a removal? if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # delete key from core keyring as well gpg_core --delete-key --batch --yes "0x${keyID}!" @@ -44,7 +43,6 @@ if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # update the trustdb for the authentication keyring gpg_sphere "--check-trustdb" - log info "" log info "Identity certifier removed." else failure "Problem removing identity certifier." diff --git a/src/share/ma/setup b/src/share/ma/setup index f59187b..a17e4f2 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -59,7 +59,7 @@ EOF log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." PEM2OPENPGP_USAGE_FLAGS=certify \ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \ - | gpg_core --import \ + | gpg_core --import 2>&1 | log debug \ || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point @@ -75,17 +75,17 @@ EOF # export the core key to the sphere keyring log debug "exporting core pub key to sphere keyring..." - gpg_core --export | gpg_sphere --import + gpg_core --quiet --export | gpg_sphere "--quiet --import" # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." - printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust - gpg_sphere --export-ownertrust | log debug + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust" + gpg_sphere "--export-ownertrust" 2>&1 | log debug # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/mh/import_key b/src/share/mh/import_key index d14fc13..557bb7f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -46,7 +46,7 @@ chmod 700 "${GNUPGHOME_HOST}" log verbose "importing ssh key..." # translate ssh key to a private key PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import + | gpg_host --import 2>&1 | log debug # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key @@ -57,6 +57,8 @@ load_fingerprint_secret # export to gpg public key to file update_gpg_pub_file +log info "host key imported:" + # show info about new key show_key diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 14d2501..ae7c13a 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -30,7 +30,7 @@ else log debug "extending without prompting." fi -log info "setting host key expiration to ${extendTo}:" +log info "setting host key expiration to ${extendTo}." log debug "executing host expire script..." gpg_host_edit expire <<EOF |