Merge commit 'dkg/master'

8 files changed, 71 insertions, 33 deletions

diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 5badaa9..1c9217f 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -182,8 +182,10 @@ User monkeysphere config file.
 System-wide monkeysphere config file.
 .TP
 ~/.monkeysphere/authorized_user_ids
-OpenPGP user IDs associated with keys that will be checked for
-addition to the authorized_keys file.
+A list of OpenPGP user IDs, one per line.  OpenPGP keys with an
+exactly-matching User ID (calculated valid by the designated identity
+certifiers), will have any valid authorization-capable keys or subkeys
+added to the given user's authorized_keys file.
 
 .SH AUTHOR
 
diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1
index 45fd1ee..5622bd7 100644
--- a/man/man1/pem2openpgp.1
+++ b/man/man1/pem2openpgp.1
@@ -29,11 +29,19 @@ The following environment variables influence the behavior of
 .ti 3
 \fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in
 seconds since the UNIX epoch) indicated as the creation time (a.k.a
-"not valid before") of the generated certificate.  By default,
+"not valid before") of the generated certificate (self-signature) and
+the key itself.  By default,
 .Nm
 uses the current time.
 .Pp
 .ti 3
+\fBPEM2OPENPGP_KEY_TIMESTAMP\fP controls the timestamp (measured in
+seconds since the UNIX epoch) indicated as the creation time of just
+the key itself (not the self-signature).  By default,
+.Nm
+uses the value from PEM2OPENPGP_TIMESTAMP.
+.Pp
+.ti 3
 \fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of
 valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
 these mean).  The available choices are: certify, sign, encrypt_comms,
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 811e47a..d3d3b95 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -169,6 +169,12 @@ System monkeysphere-authentication config file.
 .TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
+.TP
+~/.monkeysphere/authorized_user_ids
+A list of OpenPGP user IDs, one per line.  OpenPGP keys with an
+exactly-matching User ID (calculated valid by the designated identity
+certifiers), will have any valid authorization-capable keys or subkeys
+added to the given user's authorized_keys file.
 
 .SH AUTHOR
 
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index e8e535a..f4efc0d 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -12,9 +12,10 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - some portability improvements
     - properly handle translation of keys with fingerprints with leading
       all-zero bytes.
+    - resolve symlinks when checking paths (thanks Silvio Rhatto) (closes MS #917)
   * update Standard-Version to 3.8.1
 
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 21 May 2009 13:04:10 -0400
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Mon, 29 Jun 2009 11:27:33 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/share/common b/src/share/common
index 11e7969..bd887d3 100644
--- a/src/share/common
+++ b/src/share/common
@@ -425,6 +425,12 @@ check_key_file_permissions() {
 
     log debug "checking path permission '$path'..."
 
+    # rewrite path if it points to a symlink
+    if [ -h "$path" ] ; then
+	path=$(readlink -f "$path")
+	log debug "checking path symlink '$path'..."
+    fi
+
     # return 255 if cannot stat file
     if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
         log error "could not stat path '$path'."
diff --git a/src/share/keytrans b/src/share/keytrans
index c47ccdc..326bfb1 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -368,12 +368,12 @@ sub read_mpi {
 # FIXME: genericize these to accept either RSA or DSA keys:
 sub make_rsa_pub_key_body {
   my $key = shift;
-  my $timestamp = shift;
+  my $key_timestamp = shift;
 
   my ($n, $e) = $key->get_key_parameters();
 
   return
-    pack('CN', 4, $timestamp).
+    pack('CN', 4, $key_timestamp).
       pack('C', $asym_algos->{rsa}).
 	mpi_pack($n).
 	  mpi_pack($e);
@@ -381,7 +381,7 @@ sub make_rsa_pub_key_body {
 
 sub make_rsa_sec_key_body {
   my $key = shift;
-  my $timestamp = shift;
+  my $key_timestamp = shift;
 
   # we're not using $a and $b, but we need them to get to $c.
   my ($n, $e, $d, $p, $q) = $key->get_key_parameters();
@@ -400,7 +400,7 @@ sub make_rsa_sec_key_body {
   # with modular_multi_inverse.
 
   return
-    pack('CN', 4, $timestamp).
+    pack('CN', 4, $key_timestamp).
       pack('C', $asym_algos->{rsa}).
 	mpi_pack($n).
 	  mpi_pack($e).
@@ -412,9 +412,9 @@ sub make_rsa_sec_key_body {
 # expects an RSA key (public or private) and a timestamp
 sub fingerprint {
   my $key = shift;
-  my $timestamp = shift;
+  my $key_timestamp = shift;
 
-  my $rsabody = make_rsa_pub_key_body($key, $timestamp);
+  my $rsabody = make_rsa_pub_key_body($key, $key_timestamp);
 
   return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
 }
@@ -436,9 +436,14 @@ sub pem2openpgp {
     die "key does not check";
   }
 
+  # strong assertion of identity is the default (for a self-sig):
+  my $certtype = $sig_types->{positive_certification};
+  if (defined $args->{certification_type}) {
+    $certtype = $args->{certification_type} + 0;
+  }
+
   my $version = pack('C', 4);
-  # strong assertion of identity:
-  my $sigtype = pack('C', $sig_types->{positive_certification});
+  my $sigtype = pack('C', $certtype);
   # RSA
   my $pubkey_algo = pack('C', $asym_algos->{rsa});
   # SHA1
@@ -449,17 +454,24 @@ sub pem2openpgp {
   # this script more than once against the same key (because the
   # timestamps will differ).  How can we prevent this?
 
-  # this environment variable (if set) overrides the current time, to
-  # be able to create a standard key?  If we read the key from a file
+  # this argument (if set) overrides the current time, to
+  # be able to create a standard key.  If we read the key from a file
   # instead of stdin, should we use the creation time on the file?
-  my $timestamp = 0;
-  if (defined $args->{timestamp}) {
-    $timestamp = ($args->{timestamp} + 0);
+  my $sig_timestamp = 0;
+  if (defined $args->{sig_timestamp}) {
+    $sig_timestamp = ($args->{sig_timestamp} + 0);
   } else {
-    $timestamp = time();
+    $sig_timestamp = time();
+  }
+  my $key_timestamp = $sig_timestamp;
+  if (defined $args->{key_timestamp}) {
+    $key_timestamp = ($args->{key_timestamp} + 0);
+  }
+  if ($key_timestamp > $sig_timestamp) {
+    die "key timestamp must not be later than signature timestamp";
   }
 
-  my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp);
+  my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $sig_timestamp);
 
 
   my $flags = 0;
@@ -542,8 +554,8 @@ sub pem2openpgp {
 	    $subpacket_octets.
 	      $subpackets_to_be_hashed;
 
-  my $pubkey = make_rsa_pub_key_body($rsa, $timestamp);
-  my $seckey = make_rsa_sec_key_body($rsa, $timestamp);
+  my $pubkey = make_rsa_pub_key_body($rsa, $key_timestamp);
+  my $seckey = make_rsa_sec_key_body($rsa, $key_timestamp);
 
   # this is for signing.  it needs to be an old-style header with a
   # 2-packet octet count.
@@ -551,7 +563,7 @@ sub pem2openpgp {
   my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2});
 
   # take the last 8 bytes of the fingerprint as the keyid:
-  my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8);
+  my $keyid = substr(fingerprint($rsa, $key_timestamp), 20 - 8, 8);
 
   # the v4 signature trailer is:
 
@@ -615,6 +627,7 @@ sub openpgp2ssh {
       die "This is not an OpenPGP packet\n";
     }
     if (0x40 & $packettag) {
+      # this is a new-format packet.
       $tag = (0x3f & $packettag);
       my $nextlen = 0;
       read($instr, $nextlen, 1);
@@ -633,6 +646,7 @@ sub openpgp2ssh {
 	# packet length is undefined.
       }
     } else {
+      # this is an old-format packet.
       my $lentype;
       $lentype = 0x03 & $packettag;
       $tag = ( 0x3c & $packettag ) >> 2;
@@ -669,10 +683,10 @@ sub openpgp2ssh {
 	read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
       } else {
 
-	my $timestamp;
-	read($instr, $timestamp, 4) or die "could not read key timestamp.\n";
+	my $key_timestamp;
+	read($instr, $key_timestamp, 4) or die "could not read key timestamp.\n";
 	$readbytes += 4;
-	$timestamp = unpack('N', $timestamp);
+	$key_timestamp = unpack('N', $key_timestamp);
 
 	my $algo;
 	read($instr, $algo, 1) or die "could not read key algorithm.\n";
@@ -687,7 +701,7 @@ sub openpgp2ssh {
 	  my $exponent = read_mpi($instr, \$readbytes);
 
 	  my $pubkey = Crypt::OpenSSL::RSA->new_key_from_parameters($modulus, $exponent);
-	  my $foundfpr = fingerprint($pubkey, $timestamp);
+	  my $foundfpr = fingerprint($pubkey, $key_timestamp);
 
 	  my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
 	  # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
@@ -764,7 +778,6 @@ for (basename($0)) {
     # FIXME: fail if there is no given user ID; or should we default to
     # hostname_long() from Sys::Hostname::Long ?
 
-
     if (defined $ENV{PEM2OPENPGP_NEWKEY}) {
       $rsa = Crypt::OpenSSL::RSA->generate_key($ENV{PEM2OPENPGP_NEWKEY});
     } else {
@@ -778,7 +791,8 @@ for (basename($0)) {
 
     print pem2openpgp($rsa,
 		      $uid,
-		      { timestamp => $ENV{PEM2OPENPGP_TIMESTAMP},
+		      { sig_timestamp => $ENV{PEM2OPENPGP_TIMESTAMP},
+			key_timestamp => $ENV{PEM2OPENPGP_KEY_TIMESTAMP},
 			expiration => $ENV{PEM2OPENPGP_EXPIRATION},
 			usage_flags => $ENV{PEM2OPENPGP_USAGE_FLAGS},
 		      }
diff --git a/tests/basic b/tests/basic
index f38c9ac..5907154 100755
--- a/tests/basic
+++ b/tests/basic
@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 
 # Tests to ensure that the monkeysphere is working
+#
+# unset MONKEYSPHERE_TEST_NO_EXAMINE to examine
 
 # Authors: 
 #   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
@@ -26,13 +28,13 @@ source "$TESTDIR"/common
 
 ## make sure that the right tools are installed to run the test.  the
 ## test has *more* requirements than plain ol' monkeysphere:
+[ -f /usr/sbin/sshd ] || { echo "You must have sshd installed to run this test." ; exit 1; }
 which socat >/dev/null || { echo "You must have socat installed to run this test." ; exit 1; }
 
 perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.  
 On debian-derived systems, you can set this up with:
   apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
 
-
 perl -MDigest::SHA1 -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA1 installed to run this test.  
 On debian-derived systems, you can set this up with:
   apt-get install libdigest-sha1-perl" ; exit 1; }
@@ -77,12 +79,11 @@ ssh_test() {
     kill "$SSHD_PID"
     SSHD_PID=
 
-    echo "##### return $RETURN"
     if [ "$RETURN" = "$CODE" ] ; then
-	echo "##### ssh connection test returned as desired"
+	echo "##### ssh connection test PASSED. returned: $RETURN"
 	return 0
     else
-	echo "##### ssh connection test failed.  expected return code $CODE"
+	echo "##### ssh connection test FAILED. returned: $RETURN, expected: $CODE"
 	return 1
     fi
 }
diff --git a/tests/common b/tests/common
index a000c56..6d732c8 100644
--- a/tests/common
+++ b/tests/common
@@ -4,7 +4,7 @@ failed_cleanup() {
     # FIXME: can we be more verbose here?
     echo 'FAILED!'
     if [ -z "$MONKEYSPHERE_TEST_NO_EXAMINE" ] ; then
-	read -p "press enter to cleanup and remove tmp (or type bash for a subshell to examine): " XX
+	read -p "press enter to cleanup and remove tmp (or type 'bash' for a subshell to examine): " XX
 	if [ "$XX" = bash ] ; then
 	    echo "Entering subshell..."
 	    cd "$TEMPDIR"