Merge commit 'jrollins/master'

3 files changed, 116 insertions, 85 deletions

diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics
index 73e93a0..45a8ce2 100644
--- a/src/share/ma/diagnostics
+++ b/src/share/ma/diagnostics
@@ -28,15 +28,6 @@ local badhostkeys
 local sshd_config
 local problemsfound=0
 
-# FIXME: what's the correct, cross-platform answer?
-sshd_config=/etc/ssh/sshd_config
-seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
-keysfound=$(echo "$seckey" | grep -c ^sec:)
-curdate=$(date +%s)
-# warn when anything is 2 months away from expiration
-warnwindow='2 months'
-warndate=$(advance_date $warnwindow +%s)
-
 if ! id monkeysphere >/dev/null ; then
     echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
     problemsfound=$(($problemsfound+1))
@@ -47,13 +38,28 @@ if ! [ -d "$SYSDATADIR" ] ; then
     problemsfound=$(($problemsfound+1))
 fi
 
-echo "Checking host GPG key..."
+echo "Checking for authentication directory..."
+if ! [ -d "$MADATADIR" ] ; then
+    echo "! No authentication data directory found."
+    echo " - Recommendation: run 'monkeysphere-authentication setup'"
+    exit
+fi    
+
+# FIXME: what's the correct, cross-platform answer?
+seckey=$(gpg_core --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
+keysfound=$(echo "$seckey" | grep -c ^sec:)
+curdate=$(date +%s)
+# warn when anything is 2 months away from expiration
+warnwindow='2 months'
+warndate=$(advance_date $warnwindow +%s)
+
+echo "Checking core GPG key..."
 if (( "$keysfound" < 1 )); then
-    echo "! No host key found."
-    echo " - Recommendation: run 'monkeysphere-server gen-key'"
+    echo "! No core key found."
+    echo " - Recommendation: run 'monkeysphere-authentication setup'"
     problemsfound=$(($problemsfound+1))
 elif (( "$keysfound" > 1 )); then
-    echo "! More than one host key found?"
+    echo "! More than one core key found?"
     # FIXME: recommend a way to resolve this
     problemsfound=$(($problemsfound+1))
 else
@@ -63,86 +69,23 @@ else
     # check for key expiration:
     if [ "$expire" ]; then
 	if (( "$expire"  < "$curdate" )); then
-	    echo "! Host key is expired."
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+	    echo "! Core key is expired."
+	    echo " - Recommendation: ???"
 	    problemsfound=$(($problemsfound+1))
 	elif (( "$expire" < "$warndate" )); then
-	    echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+	    echo "! Core key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+	    echo " - Recommendation: ???"
 	    problemsfound=$(($problemsfound+1))
 	fi
     fi
 
     # and weirdnesses:
     if [ "$create" ] && (( "$create" > "$curdate" )); then
-	echo "! Host key was created in the future(?!). Is your clock correct?"
+	echo "! Core key was created in the future(?!). Is your clock correct?"
 	echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
 	problemsfound=$(($problemsfound+1))
     fi
-    
-    # check for UserID expiration:
-    echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
-    while IFS=: read create expire uid ; do
-	# FIXME: should we be doing any checking on the form
-	# of the User ID?  Should we be unmangling it somehow?
-
-	if [ "$create" ] && (( "$create" > "$curdate" )); then
-	    echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
-	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
-	    problemsfound=$(($problemsfound+1))
-	fi
-	if [ "$expire" ] ; then
-	    if (( "$expire" < "$curdate" )); then
-		echo "! User ID '$uid' is expired."
-		# FIXME: recommend a way to resolve this
-		problemsfound=$(($problemsfound+1))
-	    elif (( "$expire" < "$warndate" )); then
-		echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
-		# FIXME: recommend a way to resolve this
-		problemsfound=$(($problemsfound+1))
-	    fi
-	fi
-    done
 	    
-# FIXME: verify that the host key is properly published to the
-#   keyservers (do this with the non-privileged user)
-
-# FIXME: check that there are valid, non-expired certifying signatures
-#   attached to the host key after fetching from the public keyserver
-#   (do this with the non-privileged user as well)
-
-# FIXME: propose adding a revoker to the host key if none exist (do we
-#   have a way to do that after key generation?)
-
-    # Ensure that the ssh_host_rsa_key file is present and non-empty:
-    echo
-    echo "Checking host SSH key..."
-    if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
-	echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
-	problemsfound=$(($problemsfound+1))
-    else
-	if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
-	    echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-	# propose changes needed for sshd_config (if any)
-	if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
-	    echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
-	    echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
-	    problemsfound=$(($problemsfound+1))
-	fi
-	if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
-	    echo "! $sshd_config refers to some non-monkeysphere host keys:"
-	    echo "$badhostkeys"
-	    echo " - Recommendation: remove the above HostKey lines from $sshd_config"
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-        # FIXME: test (with ssh-keyscan?) that the running ssh
-        # daemon is actually offering the monkeysphere host key.
-
-    fi
 fi
 
 # FIXME: look at the ownership/privileges of the various keyrings,
@@ -150,7 +93,7 @@ fi
 #    we make them as minimal as possible?)
 
 # FIXME: look to see that the ownertrust rules are set properly on the
-#    authentication keyring
+#    sphere keyring
 
 # FIXME: make sure that at least one identity certifier exists
 
@@ -161,7 +104,7 @@ fi
 # authorized_keys?
 
 echo
-echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+echo "Checking for Monkeysphere-enabled public-key authentication for users ..."
 # Ensure that User ID authentication is enabled:
 if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
     echo "! $sshd_config does not point to monkeysphere authorized keys."
@@ -177,7 +120,7 @@ fi
 
 if [ "$problemsfound" -gt 0 ]; then
     echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
-    echo "  monkeysphere-server diagnostics"
+    echo "  monkeysphere-authentication expert diagnostics"
 else
     echo "Everything seems to be in order!"
 fi
diff --git a/src/share/ma/setup b/src/share/ma/setup
new file mode 100644
index 0000000..672a960
--- /dev/null
+++ b/src/share/ma/setup
@@ -0,0 +1,88 @@
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere authentication setup subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2009, and are all released under the GPL,
+# version 3 or later.
+
+setup() {
+    # make all needed directories
+    mkdir -p "${MADATADIR}"
+    mkdir -p "${MATMPDIR}"
+    mkdir -p "${GNUPGHOME_SPHERE}"
+    mkdir -p "${GNUPGHOME_CORE}"
+
+    # deliberately replace the config files via truncation
+    # FIXME: should we be dumping to tmp files and then moving atomically?
+    cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF
+# Monkeysphere trust core GnuPG configuration
+# This file is maintained by the Monkeysphere software.
+# Edits will be overwritten.
+no-greeting
+list-options show-uid-validity
+EOF
+    
+    cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
+# Monkeysphere trust sphere GnuPG configuration
+# This file is maintained by the Monkeysphere software.
+# Edits will be overwritten.
+no-greeting
+primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg
+keyring ${GNUPGHOME_CORE}/pubring.gpg
+
+list-options show-uid-validity
+EOF
+
+    # fingerprint of core key.  this should be empty on unconfigured systems.
+    local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
+
+    if [ -z "$CORE_FPR" ] ; then
+	log info "Setting up Monkeysphere authentication trust core"
+
+	local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
+    
+	local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+
+	# generate the key with ssh-keygen...
+	ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+	# and then translate to openpgp encoding and import
+	# FIXME: pem2openpgp currently sets the A flag and a short
+	# expiration date.  We should set the C flag and no expiration
+	# date.
+	< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
+
+	gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key
+	CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
+	if [ -z "$CORE_FPR" ] ; then
+	    failure "Failed to create Monkeysphere authentication trust core!"
+	fi
+	
+    else 
+	log verbose "This system has already set up the Monkeysphere authentication trust core"
+    fi
+
+
+    # ensure that the authentication sphere checker has absolute ownertrust on the expected key.
+    printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
+    local ORIG_TRUST
+    if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
+	if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
+	    failure "Monkeysphere authentication trust sphere should explicitly trust the core.  It does not have proper ownertrust settings."
+	fi
+    else
+	failure "Could not get monkeysphere-authentication trust guidelines."
+    fi
+
+    # ensure that we're using the extended trust model (1), and that
+    # our preferences are reasonable (i.e. 3 marginal OR 1 fully
+    # trusted certifications are sufficient to grant full validity.
+    if [ "1:3:1" != $(gpg_sphere --with-colons --fixed-list-mode --list-keys | head -n1 | grep ^tru: cut -f3,6,7 -d:) ] ; then
+	failure "monkeysphere-preference does not have the expected trust model settings"
+    fi
+}
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 73685f6..e9e3cc6 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -35,7 +35,7 @@ MODE="authorized_keys"
 GNUPGHOME="$GNUPGHOME_SPHERE"
 
 # the authorized_keys directory
-authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys"
+authorizedKeysDir="${MADATADIR}/authorized_keys"
 
 # check to see if the gpg trust database has been initialized
 if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then