diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-29 01:40:14 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-29 01:40:14 -0400 |
| commit | e3c7c570091a602788ae140c99bf2da2e80b3c4a (patch) | |
| tree | 3e5a5fa82b4dc97ea1b21366a7f545162d9fa8b3 | |
| parent | da1b5d2ac24dc165b180f60cc6df69822496986a (diff) | |
| parent | 927efbbbbb1477658a350d4aa2ba49d6d2d2842b (diff) | |
Merge branch 'ms-user-fnc'
| -rwxr-xr-x | debian/monkeysphere.postinst | 29 | ||||
| -rw-r--r-- | src/common | 244 | ||||
| -rwxr-xr-x | src/monkeysphere | 15 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 416 |
4 files changed, 379 insertions, 325 deletions
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst index 50eaefa..87fbe12 100755 --- a/debian/monkeysphere.postinst +++ b/debian/monkeysphere.postinst @@ -5,13 +5,30 @@ # Author: Jameson Rollins <jrollins@fifthhorseman.net> # (c) 2008 +VARLIB="/var/lib/monkeysphere" + if ! getent passwd monkeysphere >/dev/null ; then echo "adding monkeysphere user..." - adduser --quiet --system --no-create-home --home '/var/lib/monkeysphere' \ - --shell '/bin/sh' --gecos 'monkeysphere authentication user,,,' monkeysphere + adduser --quiet --system --no-create-home --group \ + --home '/var/lib/monkeysphere' \ + --shell '/bin/sh' \ + --gecos 'monkeysphere authentication user,,,' \ + monkeysphere fi -# install host gnupg home directories -install --mode 700 -d /var/lib/monkeysphere/gnupg-host -# install authentication gnupg home directories -install --mode 700 --owner monkeysphere -d /var/lib/monkeysphere/gnupg-authentication +# install host gnupg home directory +install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host +# install host gpg.conf +cat <<EOF > "$VARLIB"/gnupg-host/gpg.conf +list-options show-uid-validity +EOF + +# install authentication gnupg home directory +install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication +# install authentication gpg.conf +cat <<EOF > "$VARLIB"/gnupg-authentication/gpg.conf +list-options show-uid-validity +primary-keyring ${VARLIB}/gnupg-authentication/pubring.gpg +keyring ${VARLIB}/gnupg-host/pubring.gpg +EOF +chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf @@ -42,12 +42,12 @@ loge() { # cut out all comments(#) and blank lines from standard input meat() { - grep -v -e "^[[:space:]]*#" -e '^$' + grep -v -e "^[[:space:]]*#" -e '^$' "$1" } # cut a specified line from standard input cutline() { - head --line="$1" | tail -1 + head --line="$1" "$2" | tail -1 } # check that characters are in a string (in an AND fashion). @@ -83,8 +83,13 @@ remove_line() { file="$1" string="$2" + # if the line is there are removed, return 0 if [ "$file" -a "$string" ] ; then grep -v "$string" "$file" | sponge "$file" + return 0 + # otherwise return 1 + else + return 1 fi } @@ -118,17 +123,6 @@ gpg2ssh() { gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null } -# output the ssh key for a given secret key ID -gpgsecret2ssh() { - local keyID - - #keyID="$1" #TMP - # only use last 16 characters until openpgp2ssh can take all 40 #TMP - keyID=$(echo "$1" | cut -c 25-) #TMP - - gpg --export-secret-key "$keyID" | openpgp2ssh "$keyID" 2> /dev/null -} - # output known_hosts line from ssh key ssh2known_hosts() { local host @@ -194,6 +188,11 @@ gpg2authorized_keys() { # (not just first N (5 in this case)) gpg_fetch_userid() { local userID + local returnCode + + if [ "$CHECK_KEYSERVER" != 'true' ] ; then + return 0 + fi userID="$1" @@ -202,18 +201,16 @@ gpg_fetch_userid() { gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ --search ="$userID" > /dev/null 2>&1 + returnCode="$?" loge "done." -} -# get the full fingerprint of a key ID -get_key_fingerprint() { - local keyID - - keyID="$1" + # if the user is the monkeysphere user, then update the + # monkeysphere user's trustdb + if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then + gpg_authentication "--check-trustdb" > /dev/null 2>&1 + fi - gpg --list-key --with-colons --fixed-list-mode \ - --with-fingerprint --with-fingerprint "$keyID" | \ - grep '^fpr:' | grep "$keyID" | cut -d: -f10 + return "$returnCode" } ######################################################################## @@ -259,17 +256,14 @@ process_user_id() { fi requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") - # if CHECK_KEYSERVER variable set to true, check the keyserver - # for the user ID - if [ "$CHECK_KEYSERVER" = "true" ] ; then - gpg_fetch_userid "$userID" - fi - # output gpg info for (exact) userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) + # fetch the user ID if necessary/requested + gpg_fetch_userid "$userID" + # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then log " - key not found." @@ -388,11 +382,9 @@ process_host_known_hosts() { local userID local ok local keyid + local idOK + local idRemoved local tmpfile - local returnCode - - # default return code is 1, which assumes no key was found - returnCode=1 host="$1" @@ -405,8 +397,10 @@ process_host_known_hosts() { keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") - # remove the old host key line - remove_line "$KNOWN_HOSTS" "$sshKey" + + # remove the old host key line, and note if removed + remove_line "$KNOWN_HOSTS" "$sshKey" && idRemoved=true + # if key OK, add new host line if [ "$ok" -eq '0' ] ; then # hash if specified @@ -421,25 +415,39 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi - # set return code to be 0, since a key was found - returnCode=0 + + # note that at least one ok id was found + idOK=true fi - return "$returnCode" done - return "$returnCode" + # if at least one ok id was found, return 0 + if [ "$idOK" ] ; then + return 0 + + # if ids were only removed, return 2 + elif [ "$idRemoved" ] ; then + return 2 + + # else return 1, to indicate nothing happened + else + return 1 + fi } # update the known_hosts file for a set of hosts listed on command # line update_known_hosts() { + local nHosts local host - local returnCode + local nHostsOK + local nHostsBAD - # default return code is 0, which assumes a key was found for - # every host. code will be set to 1 if a key is not found for at - # least one host - returnCode=0 + # the number of hosts specified on command line + nHosts="$#" + + nHostsOK=0 + nHostsBAD=0 # set the trap to remove any lockfiles on exit trap "lockfile-remove $KNOWN_HOSTS" EXIT @@ -448,9 +456,18 @@ update_known_hosts() { lockfile-create "$KNOWN_HOSTS" for host ; do - # process the host, change return code if host key not found - process_host_known_hosts "$host" || returnCode=1 - + # process the host + process_host_known_hosts "$host" + # note the result + case "$?" in + 0) + nHostsOK=$((nHostsOK+1)) + ;; + 2) + nHostsBAD=$((nHostsBAD+1)) + ;; + esac + # touch the lockfile, for good measure. lockfile-touch --oneshot "$KNOWN_HOSTS" done @@ -458,29 +475,37 @@ update_known_hosts() { # remove the lockfile lockfile-remove "$KNOWN_HOSTS" - return "$returnCode" + # note if the known_hosts file was updated + if [ "$nHostsOK" -gt 0 -o "$nHostsBAD" -gt 0 ] ; then + log "known_hosts file updated." + fi + + # if all hosts were OK, return 0 + if [ "$nHostsOK" -eq "$nHosts" ] ; then + return 0 + + # if all hosts were BAD, return 2 + elif [ "$nHostsBAD" -eq "$nHosts" ] ; then + return 2 + + # else return 1 + else + return 1 + fi } -# process known_hosts file, going through line-by-line, extract each -# host, and process with the host processing function +# process hosts from a known_hosts file process_known_hosts() { - local returnCode + local hosts log "processing known_hosts file..." - # default return code is 0, which assumes a key was found for - # every host. code will be set to 1 if a key is not found for at - # least one host - returnCode=0 - - # take all the hosts from the known_hosts file (first field), grep - # out all the hashed hosts (lines starting with '|')... - for line in $(cat "$KNOWN_HOSTS" | meat | cut -d ' ' -f 1 | grep -v '^|.*$') ; do - # break up hosts into separate words - update_known_hosts $(echo "$line" | tr , ' ') || returnCode=1 - done + hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') - return "$returnCode" + # take all the hosts from the known_hosts file (first + # field), grep out all the hashed hosts (lines starting + # with '|')... + update_known_hosts $hosts } # process uids for the authorized_keys file @@ -488,10 +513,8 @@ process_uid_authorized_keys() { local userID local ok local keyid - local returnCode - - # default return code is 1, which assumes no key was found - returnCode=1 + local idOK + local idRemoved userID="$1" @@ -502,30 +525,46 @@ process_uid_authorized_keys() { keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") + # remove the old host key line - remove_line "$AUTHORIZED_KEYS" "$sshKey" + remove_line "$AUTHORIZED_KEYS" "$sshKey" && idRemoved=true + # if key OK, add new host line if [ "$ok" -eq '0' ] ; then ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" - # set return code to be 0, since a key was found - returnCode=0 + # note that at least one ok id was found + idOK=true fi done - return "$returnCode" + # if at least one ok id was found, return 0 + if [ "$idOK" ] ; then + return 0 + + # if ids were only removed, return 2 + elif [ "$idRemoved" ] ; then + return 2 + + # else return 1, to indicate nothing happened + else + return 1 + fi } # update the authorized_keys files from a list of user IDs on command # line update_authorized_keys() { local userID - local returnCode + local nIDs + local nIDsOK + local nIDsBAD - # default return code is 0, which assumes a key was found for - # every user ID. code will be set to 1 if a key is not found for - # at least one user ID - returnCode=0 + # the number of ids specified on command line + nIDs="$#" + + nIDsOK=0 + nIDsBAD=0 # set the trap to remove any lockfiles on exit trap "lockfile-remove $AUTHORIZED_KEYS" EXIT @@ -536,7 +575,17 @@ update_authorized_keys() { for userID ; do # process the user ID, change return code if key not found for # user ID - process_uid_authorized_keys "$userID" || returnCode=1 + process_uid_authorized_keys "$userID" + + # note the result + case "$?" in + 0) + nIDsOK=$((nIDsOK+1)) + ;; + 2) + nIDsBAD=$((nIDsBAD+1)) + ;; + esac # touch the lockfile, for good measure. lockfile-touch --oneshot "$AUTHORIZED_KEYS" @@ -545,31 +594,40 @@ update_authorized_keys() { # remove the lockfile lockfile-remove "$AUTHORIZED_KEYS" - return "$returnCode" + # note if the authorized_keys file was updated + if [ "$nIDsOK" -gt 0 -o "$nIDsBAD" -gt 0 ] ; then + log "authorized_keys file updated." + fi + + # if all ids were OK, return 0 + if [ "$nIDsOK" -eq "$nIDs" ] ; then + return 0 + + # if all ids were BAD, return 2 + elif [ "$nIDsBAD" -eq "$nIDs" ] ; then + return 2 + + # else return 1 + else + return 1 + fi } # process an authorized_user_ids file for authorized_keys process_authorized_user_ids() { - local userid - local returnCode - - log "processing authorized_user_ids file..." - - # default return code is 0, and is set to 1 if a key for a user ID - # is not found - returnCode=0 + local line + local userIDs authorizedUserIDs="$1" - # set the IFS to be newline for parsing the authorized_user_ids - # file. can't find it in BASH(1) (found it on the net), but it - # works. - IFS=$'\n' - for userid in $(cat "$authorizedUserIDs" | meat) ; do - update_authorized_keys "$userid" || returnCode=1 + log "processing authorized_user_ids file..." + + # extract user IDs from authorized_user_ids file + for line in $(seq 1 $(meat "$authorizedUserIDs" | wc -l)) ; do + userIDs[$((line-1))]=$(cutline "$line" "$authorizedUserIDs") done - return "$returnCode" + update_authorized_keys "${userIDs[@]}" } # EXPERIMENTAL (unused) process userids found in authorized_keys file @@ -590,7 +648,7 @@ process_authorized_keys() { # take all the monkeysphere userids from the authorized_keys file # comment field (third field) that starts with "MonkeySphere uid:" # FIXME: needs to handle authorized_keys options (field 0) - cat "$authorizedKeys" | meat | \ + meat "$authorizedKeys" | \ while read -r options keytype key comment ; do # if the comment field is empty, assume the third field was # the comment diff --git a/src/monkeysphere b/src/monkeysphere index 15a2a7a..ab42665 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -13,7 +13,7 @@ PGRM=$(basename $0) SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} export SHAREDIR -. "${SHAREDIR}/common" +. "${SHAREDIR}/common" || exit 1 GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"} [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" @@ -160,7 +160,8 @@ case $COMMAND in # if hosts are specified on the command line, process just # those hosts if [ "$1" ] ; then - update_known_hosts "$@" || ERR=1 + update_known_hosts "$@" + ERR="$?" # otherwise, if no hosts are specified, process every host # in the user's known_hosts file @@ -168,10 +169,10 @@ case $COMMAND in if [ ! -s "$KNOWN_HOSTS" ] ; then failure "known_hosts file '$KNOWN_HOSTS' is empty." fi - process_known_hosts || ERR=1 - fi - log "known_hosts file updated." + process_known_hosts + ERR="$?" + fi ;; 'update-authorized_keys'|'update-authorized-keys'|'a') @@ -183,8 +184,8 @@ case $COMMAND in fi # process authorized_user_ids file - process_authorized_user_ids "$AUTHORIZED_USER_IDS" || ERR=1 - log "authorized_keys file updated." + process_authorized_user_ids "$AUTHORIZED_USER_IDS" + ERR="$?" ;; 'gen-subkey'|'g') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 4c403f2..1e05799 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -10,11 +10,10 @@ ######################################################################## PGRM=$(basename $0) -PGRM_PATH=$(dirname $0) SHARE=${SHARE:-"/usr/share/monkeysphere"} export SHARE -. "${SHARE}/common" +. "${SHARE}/common" || exit 1 VARLIB="/var/lib/monkeysphere" export VARLIB @@ -42,12 +41,156 @@ subcommands: gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver - trust-key (t) KEYID [LEVEL] set owner trust for keyid + trust-key (t) KEYID import and tsign a certification key help (h,?) this help EOF } +su_monkeysphere_user() { + su --preserve-environment "$MONKEYSPHERE_USER" -- -c "$@" +} + +# function to interact with the host gnupg keyring +gpg_host() { + local returnCode + + GNUPGHOME="$GNUPGHOME_HOST" + export GNUPGHOME + + # NOTE: we supress this warning because we need the monkeysphere + # user to be able to read the host pubring. we realize this might + # be problematic, but it's the simplest solution, without too much + # loss of security. + gpg --no-permission-warning "$@" + returnCode="$?" + + # always reset the permissions on the host pubring so that the + # monkeysphere user can read the trust signatures + chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg" + chmod g+r "${GNUPGHOME_HOST}/pubring.gpg" + + return "$returnCode" +} + +# function to interact with the authentication gnupg keyring +gpg_authentication() { + GNUPGHOME="$GNUPGHOME_AUTHENTICATION" + export GNUPGHOME + + su_monkeysphere_user "gpg $@" +} + +# update authorized_keys for users +update_users() { + if [ "$1" ] ; then + # get users from command line + unames="$@" + else + # or just look at all users if none specified + unames=$(getent passwd | cut -d: -f1) + fi + + # set mode + MODE="authorized_keys" + + # set gnupg home + GNUPGHOME="$GNUPGHOME_AUTHENTICATION" + + # check to see if the gpg trust database has been initialized + if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then + failure "GNUPG trust database uninitialized. Please see MONKEYSPHERE-SERVER(8)." + fi + + # make sure the authorized_keys directory exists + mkdir -p "${VARLIB}/authorized_keys" + + # loop over users + for uname in $unames ; do + # check all specified users exist + if ! getent passwd "$uname" >/dev/null ; then + error "----- unknown user '$uname' -----" + continue + fi + + # set authorized_user_ids and raw authorized_keys variables, + # translating ssh-style path variables + authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") + rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS") + + # if neither is found, skip user + if [ ! -s "$authorizedUserIDs" ] ; then + if [ "$rawAuthorizedKeys" = '-' -o ! -s "$rawAuthorizedKeys" ] ; then + continue + fi + fi + + log "----- user: $uname -----" + + # make temporary directory + TMPDIR=$(mktemp -d) + + # trap to delete temporary directory on exit + trap "rm -rf $TMPDIR" EXIT + + # create temporary authorized_user_ids file + TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids" + touch "$TMP_AUTHORIZED_USER_IDS" + + # create temporary authorized_keys file + AUTHORIZED_KEYS="${TMPDIR}/authorized_keys" + touch "$AUTHORIZED_KEYS" + + # set restrictive permissions on the temporary files + # FIXME: is there a better way to do this? + chmod 0700 "$TMPDIR" + chmod 0600 "$AUTHORIZED_KEYS" + chmod 0600 "$TMP_AUTHORIZED_USER_IDS" + chown -R "$MONKEYSPHERE_USER" "$TMPDIR" + + # if the authorized_user_ids file exists... + if [ -s "$authorizedUserIDs" ] ; then + # copy user authorized_user_ids file to temporary + # location + cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS" + + # export needed variables + export AUTHORIZED_KEYS + export TMP_AUTHORIZED_USER_IDS + + # process authorized_user_ids file, as monkeysphere + # user + su_monkeysphere_user \ + ". ${SHARE}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" + ERR="$?" + fi + + # add user-controlled authorized_keys file path if specified + if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then + log -n "adding raw authorized_keys file... " + cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" + loge "done." + fi + + # openssh appears to check the contents of the + # authorized_keys file as the user in question, so the + # file must be readable by that user at least. + # FIXME: is there a better way to do this? + chown root "$AUTHORIZED_KEYS" + chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" + chmod g+r "$AUTHORIZED_KEYS" + + # if the resulting authorized_keys file is not empty, move + # it into place + mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}" + + log "authorized_keys file updated." + + # destroy temporary directory + rm -rf "$TMPDIR" + done +} + # generate server gpg key gen_key() { local hostName @@ -60,8 +203,7 @@ gen_key() { SERVICE=${SERVICE:-"ssh"} userID="${SERVICE}://${hostName}" - GNUPGHOME="$GNUPGHOME_HOST" - if gpg --list-key ="$userID" > /dev/null 2>&1 ; then + if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then failure "Key for '$userID' already exists" fi @@ -90,7 +232,7 @@ Expire-Date: $KEY_EXPIRE EOF ) - # add the revoker field if requested + # add the revoker field if specified # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. why? # FIXME: why is this marked "sensitive"? how will this signature ever # be transmitted to the expected revoker? @@ -102,7 +244,7 @@ EOF ) fi - echo "The following key parameters will be used:" + echo "The following key parameters will be used for the host private key:" echo "$keyParameters" read -p "Generate key? [Y|n]: " OK; OK=${OK:=Y} @@ -119,45 +261,27 @@ EOF ) log "generating server key..." - GNUPGHOME="$GNUPGHOME_HOST" - echo "$keyParameters" | gpg --batch --gen-key + echo "$keyParameters" | gpg_host --batch --gen-key # output the server fingerprint fingerprint_server_key "=${userID}" # find the key fingerprint of the server primary key - GNUPGHOME="$GNUPGHOME_HOST" - fingerprint=$(gpg --list-key --with-colons --with-fingerprint "=${userID}" | \ + fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \ grep '^fpr:' | head -1 | cut -d: -f10) - # export the host key to the authentication keyring - GNUPGHOME="$GNUPGHOME_HOST" gpg --export "$fingerprint" | \ - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "GNUPGHOME=$GNUPGHOME_AUTHENTICATION gpg --import" - - # set host key owner trust to ultimate in authentication keyring - echo "${fingerprint}:6:" | \ - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "GNUPGHOME=$GNUPGHOME_AUTHENTICATION gpg --import-ownertrust" - - # write the key to the file + # translate the private key to ssh format, and export to a file + # for sshs usage. # NOTE: assumes that the primary key is the proper key to use - GNUPGHOME="$GNUPGHOME_HOST" - (umask 077 && gpgsecret2ssh "$fingerprint" > "${VARLIB}/ssh_host_rsa_key") + (umask 077 && \ + gpg_host --export-secret-key "$fingerprint" | \ + openpgp2ssh "$fingerprint" > "${VARLIB}/ssh_host_rsa_key") log "Private SSH host key output to file: ${VARLIB}/ssh_host_rsa_key" } # gpg output key fingerprint fingerprint_server_key() { - local ID - - if [ "$1" ] ; then - ID="$1" - else - ID="=ssh://$(hostname --fqdn)" - fi - - gpg --fingerprint --list-secret-keys "$ID" + gpg_host --fingerprint --list-secret-keys } # publish server key to keyserver @@ -171,12 +295,10 @@ publish_server_key() { # FIXME: need to figure out better way to identify host key # dummy command so as not to publish fakes keys during testing # eventually: - #gpg --keyserver "$KEYSERVER" --send-keys $(hostname -f) - failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development). -To publish manually, do: gpg --keyserver $KEYSERVER --send-keys $(hostname -f)" + #gpg_authentication "--keyring $GNUPGHOME_HOST/pubring.gpg --keyserver $KEYSERVER --send-keys $(hostname -f)" + failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development)." } - # retrieve key from web of trust, and set owner trust to "full" # if key is found. trust_key() { @@ -184,7 +306,10 @@ trust_key() { local trustLevel keyID="$1" - trustLevel="$2" + + # default values for trust depth and domain + DEPTH=${DEPTH:-1} + DOMAIN=${DOMAIN:-} if [ -z "$keyID" ] ; then failure "You must specify key to trust." @@ -192,79 +317,44 @@ trust_key() { export keyID + # export host ownertrust to authentication keyring + gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust" + # get the key from the key server - GNUPGHOME="$GNUPGHOME_AUTHENTICATION" - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "gpg --keyserver $KEYSERVER --recv-key $keyID" - if [ "$?" != 0 ] ; then - failure "Could not retrieve key '$keyID'." - fi + gpg_authentication "--keyserver $KEYSERVER --recv-key $keyID" - # move the key from the authentication keyring to the host keyring - GNUPGHOME="$GNUPGHOME_AUTHENTICATION" - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "gpg --export $keyID" | \ - GNUPGHOME="$GNUPGHOME_HOST" gpg --import + # get the full fingerprint of a key ID + fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint $keyID" | \ + grep '^fpr:' | grep "$keyID" | cut -d: -f10) - # get key fingerprint - GNUPGHOME="$GNUPGHOME_HOST" - fingerprint=$(get_key_fingerprint "$keyID") + if [ -z "$fingerprint" ] ; then + failure "Could not find key '$keyID'." + fi echo "key found:" - GNUPGHOME="$GNUPGHOME_HOST" - gpg --fingerprint "$fingerprint" - - while [ -z "$trustLevel" ] ; do - cat <<EOF -Please decide how far you trust this user to correctly verify other users' keys -(by looking at passports, checking fingerprints from different sources, etc.) - - 1 = I don't know or won't say - 2 = I do NOT trust - 3 = I trust marginally - 4 = I trust fully - 5 = I trust ultimately - + gpg_authentication "--fingerprint $fingerprint" + + # export the key to the host keyring + gpg_authentication "--export $keyID" | gpg_host --import + + # ltsign command + # NOTE: *all* user IDs will be ltsigned + ltsignCommand=$(cat <<EOF +ltsign +y +2 +$DEPTH +$DOMAIN +y +save EOF - read -p "Your decision? " trustLevel - if echo "$trustLevel" | grep -v "[1-5]" ; then - echo "Unknown trust level '$trustLevel'." - unset trustLevel - elif [ "$trustLevel" = 'q' ] ; then - failure "Aborting." - fi - done - - # attach a "non-exportable" signature to the key - # this is required for the key to have any validity at all - # the 'y's on stdin indicates "yes, i really want to sign" - GNUPGHOME="$GNUPGHOME_HOST" - echo -e 'y\ny' | \ - gpg --quiet --lsign-key --command-fd 0 "$fingerprint" - - # copy the host keyring into the authentication keyring - mv "$GNUPGHOME_AUTHENTICATION"/pubring.gpg{,.old} - cp "$GNUPGHOME_HOST"/pubring.gpg "$GNUPGHOME_AUTHENTICATION"/pubring.gpg - chown "$MONKEYSPHERE_USER" "$GNUPGHOME_AUTHENTICATION"/pubring.gpg - GNUPGHOME="$GNUPGHOME_AUTHENTICATION" - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "gpg --import ${GNUPGHOME_AUTHENTICATION}/pubring.gpg.old" - - # index trustLevel by one to difference between level in ui and level - # internally - trustLevel=$((trustLevel+1)) +) - # import new owner trust level for key - GNUPGHOME="$GNUPGHOME_AUTHENTICATION" - echo "${fingerprint}:${trustLevel}:" | \ - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - "GNUPGHOME=$GNUPGHOME_AUTHENTICATION gpg --import-ownertrust" + # ltsign the key + echo "$ltsignCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint" - if [ $? = 0 ] ; then - log "Owner trust updated." - else - failure "There was a problem changing owner trust." - fi + # update the trustdb for the authentication keyring + gpg_authentication "--check-trustdb" } ######################################################################## @@ -275,11 +365,8 @@ COMMAND="$1" [ "$COMMAND" ] || failure "Type '$PGRM help' for usage." shift -# set ms home directory -MS_HOME=${MS_HOME:-"$ETC"} - # load configuration file -MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf} +MS_CONF=${MS_CONF:-"${ETC}/monkeysphere-server.conf"} [ -e "$MS_CONF" ] && . "$MS_CONF" # set empty config variable with defaults @@ -295,6 +382,7 @@ GNUPGHOME_HOST=${GNUPGHOME_HOST:-"${VARLIB}/gnupg-host"} GNUPGHOME_AUTHENTICATION=${GNUPGHOME_AUTHENTICATION:-"${VARLIB}/gnupg-authentication"} # export variables +export DATE export MODE export MONKEYSPHERE_USER export KEYSERVER @@ -306,128 +394,18 @@ export GNUPGHOME case $COMMAND in 'update-users'|'update-user'|'u') - if [ "$1" ] ; then - # get users from command line - unames="$@" - else - # or just look at all users if none specified - unames=$(getent passwd | cut -d: -f1) - fi - - # set mode - MODE="authorized_keys" - - # set gnupg home - GNUPGHOME="$GNUPGHOME_AUTHENTICATION" - - # check to see if the gpg trust database has been initialized - if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then - failure "GNUPG trust database uninitialized. Please see MONKEYSPHERE-SERVER(8)." - fi - - # make sure the authorized_keys directory exists - mkdir -p "${VARLIB}/authorized_keys" - - # loop over users - for uname in $unames ; do - # check all specified users exist - if ! getent passwd "$uname" >/dev/null ; then - error "----- unknown user '$uname' -----" - continue - fi - - # set authorized_user_ids and raw authorized_keys variables, - # translating ssh-style path variables - authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") - rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS") - - # if neither is found, skip user - if [ ! -s "$authorizedUserIDs" ] ; then - if [ "$rawAuthorizedKeys" = '-' -o ! -s "$rawAuthorizedKeys" ] ; then - continue - fi - fi - - log "----- user: $uname -----" - - # make temporary directory - TMPDIR=$(mktemp -d) - - # trap to delete temporary directory on exit - trap "rm -rf $TMPDIR" EXIT - - # create temporary authorized_user_ids file - TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids" - touch "$TMP_AUTHORIZED_USER_IDS" - - # create temporary authorized_keys file - AUTHORIZED_KEYS="${TMPDIR}/authorized_keys" - touch "$AUTHORIZED_KEYS" - - # set restrictive permissions on the temporary files - # FIXME: is there a better way to do this? - chmod 0700 "$TMPDIR" - chmod 0600 "$AUTHORIZED_KEYS" - chmod 0600 "$TMP_AUTHORIZED_USER_IDS" - chown -R "$MONKEYSPHERE_USER" "$TMPDIR" - - # if the authorized_user_ids file exists... - if [ -s "$authorizedUserIDs" ] ; then - # copy user authorized_user_ids file to temporary - # location - cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS" - - # export needed variables - export AUTHORIZED_KEYS - export TMP_AUTHORIZED_USER_IDS - - # process authorized_user_ids file, as monkeysphere - # user - su --preserve-environment "$MONKEYSPHERE_USER" -c -- \ - ". ${SHARE}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" - fi - - # add user-controlled authorized_keys file path if specified - if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then - log -n "adding raw authorized_keys file... " - cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" - loge "done." - fi - - # openssh appears to check the contents of the - # authorized_keys file as the user in question, so the - # file must be readable by that user at least. - # FIXME: is there a better way to do this? - chown root "$AUTHORIZED_KEYS" - chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" - chmod g+r "$AUTHORIZED_KEYS" - - # if the resulting authorized_keys file is not empty, move - # it into place - mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}" - - log "authorized_keys file updated." - - # destroy temporary directory - rm -rf "$TMPDIR" - done + update_users "$@" ;; 'gen-key'|'g') - # set gnupg home - GNUPGHOME="$GNUPGHOME_HOST" gen_key "$@" ;; 'show-fingerprint'|'f') - # set gnupg home - GNUPGHOME="$GNUPGHOME_HOST" - fingerprint_server_key "$@" + fingerprint_server_key ;; 'publish-key'|'p') - # set gnupg home - GNUPGHOME="$GNUPGHOME_HOST" publish_server_key ;; |