diff options
author | Jameson Rollins <jrollins@finestructure.net> | 2010-07-04 00:06:35 -0400 |
---|---|---|
committer | Jameson Rollins <jrollins@finestructure.net> | 2010-07-04 00:13:02 -0400 |
commit | ca88f1bccc252571c1f40ed84c40ea7ed4d7db20 (patch) | |
tree | 0d0e152c770715d49d5fc9d297f7672dc275485a /src/share/ma | |
parent | c74075ae34bf6dd035f42ce044046e6f273ae73d (diff) |
add keys-for-user subcommand to monkeysphere-authentication
This subcommand will output all valid key for a given user. The
user's authorized_user_ids file will be read for OpenPGP user IDs, one
per line. The ssh-formated RSA keys will be output to stdout.
Also included is a simple script that takes the user as it's one
argument and exec's this command. This is something that would be
suitable for the proposed sshd AuthorizedKeysCommand.
Diffstat (limited to 'src/share/ma')
-rw-r--r-- | src/share/ma/keys_for_user | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/share/ma/keys_for_user b/src/share/ma/keys_for_user new file mode 100644 index 0000000..f48d5d3 --- /dev/null +++ b/src/share/ma/keys_for_user @@ -0,0 +1,50 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere authentication keys-for-user subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2010, and are all released under the GPL, +# version 3 or later. + +# This command could be run as an sshd AuthorizedKeysCommand to +# provide the authorized keys for a user, based on OpenPGP user id's +# listed in the user's authorized_user_ids file. + +keys_for_user() { + +local uname +local authorizedUserIDs +local line +local userIDs + +# get users from command line +uname="$1" + +# path to authorized_user_ids file, translating ssh-style path +# variables +authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") + +# exit if the authorized_user_ids file is empty +if [ ! -s "$authorizedUserIDs" ] ; then + failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist." +fi + +log debug "authorized_user_ids file: $authorizedUserIDs" + +# check permissions on the authorized_user_ids file path +check_key_file_permissions "$uname" "$authorizedUserIDs" || failure + +GNUPGHOME="$GNUPGHOME_SPHERE" +export GNUPGHOME + +# extract user IDs from authorized_user_ids file +IFS=$'\n' +for line in $(meat "$authorizedUserIDs") ; do + su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid '$line'" +done + +} |