diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-13 14:56:01 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-13 14:56:01 -0400 |
| commit | 0c2c01095b4e3e707a08e9ff6ebe61f18689bcaa (patch) | |
| tree | c77a0c6355c6665723f0740f42201267aa1a4162 /src | |
| parent | 2fa88e2fde0f56774c76e5cbdc8ea2c67849f3c0 (diff) | |
Modify how logging is handled. Now send most everything to stderr.
Change to known_hosts hashing on by default.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common | 22 | ||||
| -rwxr-xr-x | src/monkeysphere | 36 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 4 |
3 files changed, 28 insertions, 34 deletions
@@ -23,14 +23,8 @@ failure() { exit ${2:-'1'} } -# write output to stdout -log() { - echo -n "ms: " - echo "$@" -} - # write output to stderr -loge() { +log() { echo -n "ms: " 1>&2 echo "$@" 1>&2 } @@ -153,7 +147,7 @@ process_user_id() { # return 1 if there only "tru" lines are output from gpg if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then - loge " key not found." + log " key not found." return 1 fi @@ -182,18 +176,18 @@ process_user_id() { # check primary key validity if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then - loge " unacceptable primary key validity ($validity)." + log " unacceptable primary key validity ($validity)." continue fi # check capability is not Disabled... if check_capability "$capability" 'D' ; then - loge " key disabled." + log " key disabled." continue fi # check overall key capability # must be Encryption and Authentication if ! check_capability "$capability" $requiredPubCapability ; then - loge " unacceptable primary key capability ($capability)." + log " unacceptable primary key capability ($capability)." continue fi @@ -242,7 +236,7 @@ process_user_id() { # key cache file if [ "$keyOK" -a "$uidOK" -a "${keyIDs[*]}" ] ; then for keyID in ${keyIDs[@]} ; do - loge " acceptable key/uid found." + log " acceptable key/uid found." if [ "$MODE" = 'known_hosts' ] ; then # export the key @@ -298,11 +292,11 @@ process_known_hosts() { cacheDir="$2" # take all the hosts from the known_hosts file (first field), - # grep out all the hashed hosts (lines starting with '|') + # grep out all the hashed hosts (lines starting with '|')... cut -d ' ' -f 1 "$knownHosts" | \ grep -v '^|.*$' | \ while IFS=, read -r -a hosts ; do - # process each host + # ...and process each host for host in ${hosts[*]} ; do process_host "$host" "$cacheDir" done diff --git a/src/monkeysphere b/src/monkeysphere index 6e71765..69741e1 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -15,7 +15,7 @@ SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} export SHAREDIR . "${SHAREDIR}/common" -GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf} +GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"} [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" # date in UTF format if needed @@ -63,7 +63,7 @@ gen_ae_subkey(){ # return 1 if there only "tru" lines are output from gpg if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then - loge " key not found." + log " key not found." return 1 fi @@ -78,7 +78,7 @@ Name-Real: $userID EOF ) - log "The following key parameters will be used:" + echo "The following key parameters will be used:" echo "$keyParameters" read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} @@ -107,27 +107,27 @@ COMMAND="$1" shift # set ms home directory -MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere} +MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"} # load configuration file -MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf} +MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"} [ -e "$MS_CONF" ] && . "$MS_CONF" # set empty config variable with defaults -AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids} -GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg} -KEYSERVER=${KEYSERVER:-subkeys.pgp.net} +AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} +GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} +KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"} -USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys} -USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts} -HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-} +USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"} +USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} +HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"} export GNUPGHOME # stagging locations -hostKeysCacheDir="$MS_HOME"/host_keys -userKeysCacheDir="$MS_HOME"/user_keys -msAuthorizedKeys="$MS_HOME"/authorized_keys +hostKeysCacheDir="${MS_HOME}/host_keys" +userKeysCacheDir="${MS_HOME}/user_keys" +msAuthorizedKeys="${MS_HOME}/authorized_keys" # make sure gpg home exists with proper permissions mkdir -p -m 0700 "$GNUPGHOME" @@ -142,6 +142,7 @@ case $COMMAND in MODE='known_hosts' # touch the known_hosts file to make sure it exists + # ssh-keygen complains if it doesn't exist touch "$USER_KNOWN_HOSTS" # if hosts are specified on the command line, process just @@ -151,8 +152,8 @@ case $COMMAND in process_host "$host" "$hostKeysCacheDir" done - # otherwise, if no hosts are specified, process the user - # known_hosts file + # otherwise, if no hosts are specified, process every user + # in the user's known_hosts file else if [ ! -s "$USER_KNOWN_HOSTS" ] ; then failure "known_hosts file '$USER_KNOWN_HOSTS' is empty." @@ -167,8 +168,7 @@ case $COMMAND in # make sure authorized_user_ids file exists if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - log "authorized_user_ids file is empty or does not exist." - exit + failure "authorized_user_ids file is empty or does not exist." fi # set user-controlled authorized_keys file path diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 0ff06af..65a7dda 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -70,7 +70,7 @@ EOF ) fi - log "The following key parameters will be used:" + echo "The following key parameters will be used:" echo "$keyParameters" read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} @@ -90,7 +90,7 @@ EOF EOF ) - echo "generating server key..." + log "generating server key..." echo "$keyParameters" | gpg --batch --gen-key } |