Cleanup how variables are specified and loaded:

- define more common variables in share/common - cleanup how defaults are specified - fix how CHECK_KEYSERVER was determined in monkeysphere Fix calls to update_known_hosts and update_authorized_keys in monkeysphere so that some of the checks are done within the functions themselves, as opposed in the monkeysphere wrapper, so that other functions can call them easier. Fix ssh-proxycommand that had some left over cruft from the transition.
author: Jameson Graef Rollins <jrollins@finestructure.net> 2009-02-18 22:37:12 -0500
committer: Jameson Graef Rollins <jrollins@finestructure.net> 2009-02-19 00:54:23 -0500
commit: d09b0814096b1660c3a300e939091a58622a57a6 (patch)
tree: 02987d577979445c186b956600a4170db0d597e0
parent: 62374dd1c16a2719202955ad3fe878be5cc14dba (diff)
5 files changed, 112 insertions, 102 deletions
diff --git a/src/monkeysphere b/src/monkeysphere
index da5f406..a626a8e 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -63,41 +63,38 @@ EOF
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file
-unset KEYSERVER
-unset CHECK_KEYSERVER
-unset KNOWN_HOSTS
-unset HASH_KNOWN_HOSTS
-unset AUTHORIZED_KEYS
+# set unset default variables
+GNUPGHOME=${GNUPGHOME:="${HOME}/.gnupg"}
+KNOWN_HOSTS="${HOME}/.ssh/known_hosts"
+HASH_KNOWN_HOSTS="true"
+AUTHORIZED_KEYS="${HOME}/.ssh/authorized_keys"
 
 # load global config
-[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] && . "${SYSCONFIGDIR}/monkeysphere.conf"
+[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] \
+    && . "${SYSCONFIGDIR}/monkeysphere.conf"
 
 # set monkeysphere home directory
 MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"}
 mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
 
 # load local config
-[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] && . "$MONKEYSPHERE_CONFIG"
-
-# set empty config variables with ones from the environment, or from
-# config file, or with defaults
-LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
-GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}}
-KEYSERVER=${MONKEYSPHERE_KEYSERVER:="$KEYSERVER"}
-# if keyserver not specified in env or monkeysphere.conf,
-# look in gpg.conf
+[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] \
+    && . "$MONKEYSPHERE_CONFIG"
+
+# set empty config variables with ones from the environment
+GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=$GNUPGHOME}
+LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
+KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
+# if keyserver not specified in env or conf, then look in gpg.conf
 if [ -z "$KEYSERVER" ] ; then
     if [ -f "${GNUPGHOME}/gpg.conf" ] ; then
 	KEYSERVER=$(grep -e "^[[:space:]]*keyserver " "${GNUPGHOME}/gpg.conf" | tail -1 | awk '{ print $2 }')
     fi
 fi
-# if it's still not specified, use the default
-KEYSERVER=${KEYSERVER:="subkeys.pgp.net"}
-CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
-KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=${KNOWN_HOSTS:="${HOME}/.ssh/known_hosts"}}
-HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=${HASH_KNOWN_HOSTS:="true"}}
-AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=${AUTHORIZED_KEYS:="${HOME}/.ssh/authorized_keys"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
+KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=$KNOWN_HOSTS}
+HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=$HASH_KNOWN_HOSTS}
+AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS}
 
 # other variables not in config file
 AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"}
@@ -117,49 +114,26 @@ shift
 
 case $COMMAND in
     'update-known_hosts'|'update-known-hosts'|'k')
-	MODE='known_hosts'
+	# whether or not to check keyservers
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 
-	# touch the known_hosts file so that the file permission check
-	# below won't fail upon not finding the file
-	(umask 0022 && touch "$KNOWN_HOSTS")
-
-	# check permissions on the known_hosts file path
-	check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
-
-        # if hosts are specified on the command line, process just
-        # those hosts
+	# if hosts are specified on the command line, process just
+	# those hosts
 	if [ "$1" ] ; then
 	    update_known_hosts "$@"
 	    RETURN="$?"
 
-        # otherwise, if no hosts are specified, process every host
-        # in the user's known_hosts file
+	# otherwise, if no hosts are specified, process every host
+	# in the user's known_hosts file
 	else
-	    # exit if the known_hosts file does not exist
-	    if [ ! -e "$KNOWN_HOSTS" ] ; then
-		log error "known_hosts file '$KNOWN_HOSTS' does not exist."
-		exit
-	    fi
-
 	    process_known_hosts
 	    RETURN="$?"
 	fi
 	;;
 
     'update-authorized_keys'|'update-authorized-keys'|'a')
-	MODE='authorized_keys'
-
-	# check permissions on the authorized_user_ids file path
-	check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" || failure
-
-	# check permissions on the authorized_keys file path
-	check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
-
-        # exit if the authorized_user_ids file is empty
-	if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then
-	    log error "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist."
-	    exit
-	fi
+	# whether or not to check keyservers
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 
 	# process authorized_user_ids file
 	process_authorized_user_ids "$AUTHORIZED_USER_IDS"
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 1def4cd..0e60cc4 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -85,7 +85,7 @@ gpg_sphere() {
     GNUPGHOME="$GNUPGHOME_SPHERE"
     export GNUPGHOME
 
-    su_monkeysphere_user "gpg --no-greeting --quiet --no-tty $@"
+    su_monkeysphere_user "gpg --no-greeting --no-tty $@"
 }
 
 # output to stdout the core fingerprint from the gpg core secret
@@ -108,29 +108,24 @@ gpg_core_sphere_sig_transfer() {
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file of in
-# MONKEYSPHERE_ variables
-unset LOG_LEVEL
-unset KEYSERVER
-unset AUTHORIZED_USER_IDS
-unset RAW_AUTHORIZED_KEYS
-unset MONKEYSPHERE_USER
-unset PROMPT
+# set unset default variables
+AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids"
+RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
 
 # load configuration file
-[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG"
-
-# set empty config variable with ones from the environment, or with
-# defaults
-LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
-KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
-AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
-RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
-MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
-PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
+[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] \
+    && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG"
+
+# set empty config variable with ones from the environment
+LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
+KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
+CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
+MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
+AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS}
+RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS}
 
 # other variables
-CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
 GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
 GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index a86a8c9..152b469 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -204,38 +204,31 @@ show_key() {
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file or in
-# MONKEYSPHERE_ variables
-unset LOG_LEVEL
-unset KEYSERVER
-unset MONKEYSPHERE_USER
-unset PROMPT
-
 # load configuration file
-[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG"
+[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] \
+    && . "$MONKEYSPHERE_HOST_CONFIG"
 
 # set empty config variable with ones from the environment, or with
 # defaults
-LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
-KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
-MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
-PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
+LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
+KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
+CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
+MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
 
 # other variables
-CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
 
 # export variables needed in su invocation
 export DATE
-export MODE
 export LOG_LEVEL
 export KEYSERVER
+export CHECK_KEYSERVER
 export MONKEYSPHERE_USER
 export PROMPT
-export CHECK_KEYSERVER
 export GNUPGHOME_HOST
 export GNUPGHOME
-export HOST_FINGERPRINT=
+export HOST_FINGERPRINT
 
 # get subcommand
 COMMAND="$1"
@@ -302,6 +295,10 @@ case $COMMAND in
 	diagnostics
 	;;
 
+    'update-gpg-pub-file')
+	update_gpg_pub_file
+	;;
+
     'version'|'v')
 	echo "$VERSION"
 	;;
diff --git a/src/share/common b/src/share/common
index 6b7d51b..96fea77 100644
--- a/src/share/common
+++ b/src/share/common
@@ -23,6 +23,21 @@ export SYSCONFIGDIR
 # monkeysphere version
 VERSION=__VERSION__
 
+# default log level
+LOG_LEVEL="INFO"
+
+# default keyserver
+KEYSERVER="pool.sks-keyservers.net"
+
+# whether or not to check keyservers by defaul
+CHECK_KEYSERVER="true"
+
+# default monkeysphere user
+MONKEYSPHERE_USER="monkeysphere"
+
+# default about whether or not to prompt
+PROMPT="true"
+
 ########################################################################
 ### UTILITY FUNCTIONS
 
@@ -800,6 +815,9 @@ process_host_known_hosts() {
     local sshKey
     local tmpfile
 
+    # set the key processing mode
+    export MODE='known_hosts'
+
     host="$1"
     userID="ssh://${host}"
 
@@ -879,6 +897,13 @@ update_known_hosts() {
     nHostsOK=0
     nHostsBAD=0
 
+    # touch the known_hosts file so that the file permission check
+    # below won't fail upon not finding the file
+    (umask 0022 && touch "$KNOWN_HOSTS")
+
+    # check permissions on the known_hosts file path
+    check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
+
     # create a lockfile on known_hosts:
     lock create "$KNOWN_HOSTS"
     # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
@@ -933,6 +958,11 @@ update_known_hosts() {
 process_known_hosts() {
     local hosts
 
+    # exit if the known_hosts file does not exist
+    if [ ! -e "$KNOWN_HOSTS" ] ; then
+	failure "known_hosts file '$KNOWN_HOSTS' does not exist."
+    fi
+
     log debug "processing known_hosts file..."
 
     hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
@@ -956,6 +986,9 @@ process_uid_authorized_keys() {
     local ok
     local sshKey
 
+    # set the key processing mode
+    export MODE='authorized_keys'
+
     userID="$1"
 
     log verbose "processing: $userID"
@@ -1017,6 +1050,9 @@ update_authorized_keys() {
     nIDsOK=0
     nIDsBAD=0
 
+    # check permissions on the authorized_keys file path
+    check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
+
     # create a lockfile on authorized_keys
     lock create "$AUTHORIZED_KEYS"
     # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
@@ -1082,6 +1118,14 @@ process_authorized_user_ids() {
 
     authorizedUserIDs="$1"
 
+    # exit if the authorized_user_ids file is empty
+    if [ ! -e "$authorizedUserIDs" ] ; then
+	failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
+    fi
+
+    # check permissions on the authorized_user_ids file path
+    check_key_file_permissions "$USER" "$authorizedUserIDs" || failure
+
     log debug "processing authorized_user_ids file..."
 
     if ! meat "$authorizedUserIDs" > /dev/null ; then
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index cd0a1fb..29040d8 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -15,8 +15,6 @@
 # established.  Can be added to ~/.ssh/config as follows:
 #  ProxyCommand monkeysphere ssh-proxycommand %h %p
 
-ssh_proxycommand() {
-
 # "marginal case" ouput in the case that there is not a full
 # validation path to the host
 output_no_valid_key() {
@@ -136,10 +134,9 @@ EOF
 EOF
 }
 
-########################################################################
 
-# export the monkeysphere log level
-export MONKEYSPHERE_LOG_LEVEL
+# the ssh proxycommand function itself
+ssh_proxycommand() {
 
 if [ "$1" = '--no-connect' ] ; then
     NO_CONNECT='true'
@@ -170,12 +167,13 @@ URI="ssh://${HOSTP}"
 # intentionally different than that of running monkeyesphere normally,
 # and keyserver checking is intentionally done under certain
 # circumstances.  This can be overridden by setting the
-# MONKEYSPHERE_CHECK_KEYSERVER environment variable.
+# MONKEYSPHERE_CHECK_KEYSERVER environment variable, or by setting the
+# CHECK_KEYSERVER variable in the monkeysphere.conf file.
 
 # if the host is in the gpg keyring...
 if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
     # do not check the keyserver
-    CHECK_KEYSERVER="false"
+    CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}
 
 # if the host is NOT in the keyring...
 else
@@ -188,20 +186,22 @@ else
 	# FIXME: more nuanced checking should be done here to properly
 	# take into consideration hosts that join monkeysphere by
 	# converting an existing and known ssh key
-	CHECK_KEYSERVER="false"
+	CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}
 
     # if the host key is not found in the known_hosts file...
     else
 	# check the keyserver
-	CHECK_KEYSERVER="true"
+	CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
     fi
 fi
-# set and export the variable for use by monkeysphere
-MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"}
-export MONKEYSPHERE_CHECK_KEYSERVER
+
+# finally look in the MONKEYSPHERE_ environment variable for a
+# CHECK_KEYSERVER setting to override all else
+CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 
 # update the known_hosts file for the host
-monkeysphere update-known_hosts "$HOSTP"
+source "${MSHAREDIR}/update_known_hosts"
+update_known_hosts "$HOSTP"
 
 # output on depending on the return of the update-known_hosts
 # subcommand, which is (ultimately) the return code of the
author	Jameson Graef Rollins <jrollins@finestructure.net>	2009-02-18 22:37:12 -0500
committer	Jameson Graef Rollins <jrollins@finestructure.net>	2009-02-19 00:54:23 -0500
commit	d09b0814096b1660c3a300e939091a58622a57a6 (patch)
tree	02987d577979445c186b956600a4170db0d597e0
parent	62374dd1c16a2719202955ad3fe878be5cc14dba (diff)