summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-01-18 23:10:42 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-01-18 23:10:42 -0500
commit8b806ee99239d48fd3c2920c19f5cac7d54d2e8d (patch)
tree7370dba4e93a0bfae44b8e4fb023cb23429ca2f5
parent8324815dbc0d10791906ea355847803c1bf043fb (diff)
flesh out check for reasonable-looking service names
-rwxr-xr-xsrc/monkeysphere-host74
-rw-r--r--src/share/common22
-rwxr-xr-xtests/basic30
3 files changed, 109 insertions, 17 deletions
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index fab3ef7..5007cac 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -102,10 +102,80 @@ update_pgp_pub_file() {
> "$HOST_KEY_FILE"
}
-# check that the service name is well formed
+# check that the service name is well formed. we assume that the
+# service name refers to a host; DNS labels for host names are limited
+# to a very small range of characters (see RFC 1912, section 2.1).
+
+# FIXME: i'm failing to check here for label components that are
+# all-number (e.g. ssh://666.666), which are technically not allowed
+# (though some exist on the 'net, apparently)
+
check_service_name() {
local name="$1"
- log error "FIX ME: check service name"
+ local errs=""
+ local scheme
+ local port
+ local assigned_ports
+
+ [ -n "$name" ] || \
+ failure "You must supply a service name to check"
+
+ printf '%s' "$name" | perl -n -e '($str = $_) =~ s/\s//g ; exit !(lc($str) eq $_);' || \
+ failure "Not a valid service name: '$name'
+
+Service names should be canonicalized to all lower-case,
+with no whitespace"
+
+ [[ "$name" =~ ^[a-z0-9./:-]+$ ]] || \
+ failure "Not a valid service name: '$name'
+
+Service names should contain only lower-case ASCII letters
+numbers, dots (.), hyphens (-), slashes (/), and a colon (:).
+If you are using non-ASCII characters (e.g. IDN), you should
+use the canonicalized ASCII (NAMEPREP -> Punycode) representation
+(see RFC 3490)."
+
+ [[ "$name" =~ \. ]] || \
+ failure "Not a valid service name: '$name'
+
+Service names should use fully-qualified domain names (FQDN), but the
+domain name you chose appears to only have the local part. For
+example: don't use 'ssh://foo' ; use 'ssh://foo.example.com' instead."
+
+ [[ "$name" =~ ^[a-z]([a-z0-9-]*[a-z0-9])?://[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.|((\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+))(:[1-9][0-9]{0,4})?$ ]] || \
+ failure "Not a valid service name: '$name'
+
+Service names look like <scheme>://full.example.com[:<portnumber>],
+where <scheme> is something like ssh or https, and <portnumber> is
+a decimal number (supplied only if the service is on a non-standard
+port)."
+
+ scheme=$(cut -f1 -d: <<<"$name")
+ port=$(cut -f3 -d: <<<"$name")
+
+ # check that the scheme name is found in the system services
+ # database
+ available_=$(get_port_for_service "$scheme") || \
+ log error "Error looking up service scheme named '%s'" "$scheme"
+
+ # FIXME: if the service isn't found, or does not have a port, what
+ # should we do? at the moment, we're just warning.
+
+ if [ -n "$port" ]; then
+ # check that the port number is a legitimate port number (> 0, < 65536)
+ [ "$port" -gt 0 ] && [ "$port" -lt 65536 ] || \
+ failure "The given port number should be greater than 0 and
+less than 65536. '$port' is not OK"
+
+ # if the port number is given, and the scheme is in the services
+ # database, check that the port number does *not* match the
+ # default port.
+ if (printf '%s' "$assigned_ports" | grep -q -F -x "$port" ) ; then
+ failure $(printf "The scheme %s uses port number %d by default.
+You should leave off the port number if it is the default" "$scheme" "$port")
+ fi
+ fi
+
}
# fail if host key not present
diff --git a/src/share/common b/src/share/common
index 97f001a..0a7fe87 100644
--- a/src/share/common
+++ b/src/share/common
@@ -436,6 +436,28 @@ list_users() {
fi
}
+# take one argument, a service name. in response, print a series of
+# lines, each with a unique numeric port number that might be
+# associated with that service name. (e.g. in: "https", out: "443")
+# if nothing is found, print nothing, and return 0.
+#
+# return 1 if there was an error in the search somehow
+get_port_for_service() {
+
+ [[ "$1" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$ ]] || \
+ failure $(printf "This is not a valid service name: '%s'" "$1")
+ if type getent &>/dev/null ; then
+ # for linux and FreeBSD systems (getent returns 2 if not found, 0 on success, 1 or 3 on various failures)
+ (getent services "$service" || if [ "$?" -eq 2 ] ; then true ; else false; fi) | awk '{ print $2 }' | cut -f1 -d/ | sort -u
+ elif [ -r /etc/services ] ; then
+ # fall back to /etc/services for systems that don't have getent (MacOS?)
+ # FIXME: doesn't handle aliases like "null" (or "http"?), which don't show up at the beginning of the line.
+ awk $(printf '/^%s[[:space:]]/{ print $2 }' "$1") /etc/services | cut -f1 -d/ | sort -u
+ else
+ return 1
+ fi
+}
+
# return the path to the home directory of a user
get_homedir() {
local uname=${1:-`whoami`}
diff --git a/tests/basic b/tests/basic
index 6755329..4ceabd4 100755
--- a/tests/basic
+++ b/tests/basic
@@ -73,7 +73,7 @@ ssh_test() {
# make a client connection to the socket
echo "##### starting ssh client..."
ssh-agent bash -c \
- "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost} true" \
+ "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost.example} true" \
|| RETURN="$?"
# kill the sshd process if it's still running
@@ -252,7 +252,7 @@ echo
echo "##################################################"
echo "### import host key..."
ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key
-monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost
+monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost.example
echo
echo "##################################################"
@@ -297,7 +297,7 @@ EOF
monkeysphere-authentication setup
get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf
-# add admin as identity certifier for testhost
+# add admin as identity certifier for testhost.example
echo
echo "##################################################"
echo "### adding admin as certifier..."
@@ -346,7 +346,7 @@ monkeysphere-authentication update-users $(whoami)
echo
echo "##################################################"
echo "### testing monkeysphere keys-for-userid ..."
-diff -q <( monkeysphere keys-for-userid ssh://testhost ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub )
+diff -q <( monkeysphere keys-for-userid ssh://testhost.example ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub )
# connect to test sshd, using monkeysphere ssh-proxycommand to verify
# the identity before connection. This should work in both directions!
@@ -503,36 +503,36 @@ ssh_test
echo
echo "##################################################"
-echo "### ssh connection test directly to 'testhost2' without new name..."
-target_hostname=testhost2 ssh_test 255
+echo "### ssh connection test directly to 'testhost2.example' without new name..."
+target_hostname=testhost2.example ssh_test 255
echo
echo "##################################################"
echo "### add servicename, certify by admin, import by user..."
-monkeysphere-host add-servicename ssh://testhost2
+monkeysphere-host add-servicename ssh://testhost2.example
<"$HOST_KEY_FILE" gpgadmin --import
printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID"
echo
echo "##################################################"
-echo "### ssh connection test with hostname 'testhost2' added..."
+echo "### ssh connection test with hostname 'testhost2.example' added..."
gpgadmin --export "$SSHHOSTKEYID" | gpg --import
gpg --check-trustdb
ssh_test
echo
echo "##################################################"
-echo "### ssh connection test directly to 'testhost2' ..."
+echo "### ssh connection test directly to 'testhost2.example' ..."
gpg --import <"$HOST_KEY_FILE"
gpg --check-trustdb
-target_hostname=testhost2 ssh_test
+target_hostname=testhost2.example ssh_test
echo
echo "##################################################"
-echo "### ssh connection test for failure with 'testhost2' revoked..."
-monkeysphere-host revoke-servicename ssh://testhost2
+echo "### ssh connection test for failure with 'testhost2.example' revoked..."
+monkeysphere-host revoke-servicename ssh://testhost2.example
gpg --import <"$HOST_KEY_FILE"
gpg --check-trustdb
-target_hostname=testhost2 ssh_test 255
+target_hostname=testhost2.example ssh_test 255
# FIXME: addtest: remove admin as id-certifier and check ssh failure
@@ -553,8 +553,8 @@ echo
echo "##################################################"
echo "### Testing TLS setup..."
-openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=net/DC=example/DC=testhost/CN=testhost.example.net/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem
-monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost
+openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=example/DC=testhost/CN=testhost.example/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem
+monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost.example
# FIXME: how can we test this via an https client?
# We don't currently provide one.