summaryrefslogtreecommitdiff
path: root/src/share/common
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-02-18 22:37:12 -0500
committerJameson Graef Rollins <jrollins@finestructure.net>2009-02-19 00:54:23 -0500
commitd09b0814096b1660c3a300e939091a58622a57a6 (patch)
tree02987d577979445c186b956600a4170db0d597e0 /src/share/common
parent62374dd1c16a2719202955ad3fe878be5cc14dba (diff)
Cleanup how variables are specified and loaded:
- define more common variables in share/common - cleanup how defaults are specified - fix how CHECK_KEYSERVER was determined in monkeysphere Fix calls to update_known_hosts and update_authorized_keys in monkeysphere so that some of the checks are done within the functions themselves, as opposed in the monkeysphere wrapper, so that other functions can call them easier. Fix ssh-proxycommand that had some left over cruft from the transition.
Diffstat (limited to 'src/share/common')
-rw-r--r--src/share/common44
1 files changed, 44 insertions, 0 deletions
diff --git a/src/share/common b/src/share/common
index 6b7d51b..96fea77 100644
--- a/src/share/common
+++ b/src/share/common
@@ -23,6 +23,21 @@ export SYSCONFIGDIR
# monkeysphere version
VERSION=__VERSION__
+# default log level
+LOG_LEVEL="INFO"
+
+# default keyserver
+KEYSERVER="pool.sks-keyservers.net"
+
+# whether or not to check keyservers by defaul
+CHECK_KEYSERVER="true"
+
+# default monkeysphere user
+MONKEYSPHERE_USER="monkeysphere"
+
+# default about whether or not to prompt
+PROMPT="true"
+
########################################################################
### UTILITY FUNCTIONS
@@ -800,6 +815,9 @@ process_host_known_hosts() {
local sshKey
local tmpfile
+ # set the key processing mode
+ export MODE='known_hosts'
+
host="$1"
userID="ssh://${host}"
@@ -879,6 +897,13 @@ update_known_hosts() {
nHostsOK=0
nHostsBAD=0
+ # touch the known_hosts file so that the file permission check
+ # below won't fail upon not finding the file
+ (umask 0022 && touch "$KNOWN_HOSTS")
+
+ # check permissions on the known_hosts file path
+ check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
+
# create a lockfile on known_hosts:
lock create "$KNOWN_HOSTS"
# FIXME: we're discarding any pre-existing EXIT trap; is this bad?
@@ -933,6 +958,11 @@ update_known_hosts() {
process_known_hosts() {
local hosts
+ # exit if the known_hosts file does not exist
+ if [ ! -e "$KNOWN_HOSTS" ] ; then
+ failure "known_hosts file '$KNOWN_HOSTS' does not exist."
+ fi
+
log debug "processing known_hosts file..."
hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
@@ -956,6 +986,9 @@ process_uid_authorized_keys() {
local ok
local sshKey
+ # set the key processing mode
+ export MODE='authorized_keys'
+
userID="$1"
log verbose "processing: $userID"
@@ -1017,6 +1050,9 @@ update_authorized_keys() {
nIDsOK=0
nIDsBAD=0
+ # check permissions on the authorized_keys file path
+ check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
+
# create a lockfile on authorized_keys
lock create "$AUTHORIZED_KEYS"
# FIXME: we're discarding any pre-existing EXIT trap; is this bad?
@@ -1082,6 +1118,14 @@ process_authorized_user_ids() {
authorizedUserIDs="$1"
+ # exit if the authorized_user_ids file is empty
+ if [ ! -e "$authorizedUserIDs" ] ; then
+ failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
+ fi
+
+ # check permissions on the authorized_user_ids file path
+ check_key_file_permissions "$USER" "$authorizedUserIDs" || failure
+
log debug "processing authorized_user_ids file..."
if ! meat "$authorizedUserIDs" > /dev/null ; then