diff options
| -rw-r--r-- | man/man1/monkeysphere.1 | 4 | ||||
| -rw-r--r-- | man/man1/pem2openpgp.1 | 2 | ||||
| -rw-r--r-- | packaging/debian/changelog | 4 | ||||
| -rwxr-xr-x | src/monkeysphere | 11 | ||||
| -rwxr-xr-x | src/monkeysphere-authentication | 1 | ||||
| -rw-r--r-- | src/share/common | 67 | ||||
| -rw-r--r-- | src/share/m/gen_subkey | 8 | ||||
| -rw-r--r-- | src/share/ma/update_users | 3 |
8 files changed, 81 insertions, 19 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 76eaf8d..459bfcb 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -130,6 +130,10 @@ place of `subkey\-to\-ssh\-agent'. Output the ssh fingerprint of a key in your gpg keyring. `f' may be used in place of `fingerprint'. .TP +.B keys\-from\-userid USERID +Output to stdout all acceptable keys for a given user ID literal. +`u' may be used in place of `keys\-from\-userid'. +.TP .B version Show the monkeysphere version number. `v' may be used in place of `version'. diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 index 5622bd7..fe20788 100644 --- a/man/man1/pem2openpgp.1 +++ b/man/man1/pem2openpgp.1 @@ -8,7 +8,7 @@ pem2openpgp .Sh SYNOPSIS .Nm pem2openpgp "$USERID" < mykey.pem | gpg \-\-import .Pp -.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem +.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authenticate,certify pem2openpgp "$USERID" <mykey.pem .Sh DESCRIPTION .Nm is a low-level utility for transforming raw, PEM-encoded RSA secret diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 8984114..df28da4 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -3,12 +3,14 @@ monkeysphere (0.27-1~pre1) UNRELEASED; urgency=low * New upstream release: - fixed monkeysphere gen-subkey subcommand that was erroneously creating DSA subkeys due to unannounced change in gpg edit-key UI. + - add new monkeysphere keys-from-userid subcommand to output all + acceptable keys for a given user ID literal * updated debian/copyright to match the latest revision of DEP5. * updated standards version to 3.8.3 (no changes needed) * updated Depends to require >=1.4.10 due to gpg UI change. * add cpio to Build-Depends (used in test suite) (Closes: #562444) - -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 24 Dec 2009 12:28:21 -0500 + -- Jameson Graef Rollins <jrollins@finestructure.net> Sun, 10 Jan 2010 16:52:54 -0500 monkeysphere (0.26-1) unstable; urgency=low diff --git a/src/monkeysphere b/src/monkeysphere index 14d2bf0..f21ca7c 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -45,12 +45,15 @@ Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file - gen-subkey (g) [KEYID] generate an authentication subkey - --length (-l) BITS key length in bits (2048) ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent sshfpr (f) KEYID output ssh fingerprint of gpg key + + keys-from-userid (u) USERID output valid keys for user id literal + gen-subkey (g) [KEYID] generate an authentication subkey + --length (-l) BITS key length in bits (2048) + version (v) show version number help (h,?) this help @@ -268,6 +271,10 @@ case $COMMAND in gpg_ssh_fingerprint "$@" ;; + 'keys-from-userid'|'u') + keys_from_userid "$@" + ;; + 'version'|'v') version ;; diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 057d14e..7870c0f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -136,7 +136,6 @@ LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '} # export variables needed in su invocation export DATE -export MODE export LOG_LEVEL export KEYSERVER export MONKEYSPHERE_USER diff --git a/src/share/common b/src/share/common index 4aa3f7c..28da3c0 100644 --- a/src/share/common +++ b/src/share/common @@ -559,7 +559,7 @@ gpg_fetch_userid() { # userid and key policy checking # the following checks policy on the returned keys # - checks that full key has appropriate valididy (u|f) -# - checks key has specified capability (REQUIRED_*_KEY_CAPABILITY) +# - checks key has specified capability (REQUIRED_KEY_CAPABILITY) # - checks that requested user ID has appropriate validity # (see /usr/share/doc/gnupg/DETAILS.gz) # output is one line for every found key, in the following format: @@ -571,8 +571,6 @@ gpg_fetch_userid() { # # all log output must go to stderr, as stdout is used to pass the # flag:sshKey to the calling function. -# -# expects global variable: "MODE" process_user_id() { local returnCode=0 local userID @@ -593,11 +591,7 @@ process_user_id() { userID="$1" # set the required key capability based on the mode - if [ "$MODE" = 'known_hosts' ] ; then - requiredCapability="$REQUIRED_HOST_KEY_CAPABILITY" - elif [ "$MODE" = 'authorized_keys' ] ; then - requiredCapability="$REQUIRED_USER_KEY_CAPABILITY" - fi + requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"} requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") # fetch the user ID if necessary/requested @@ -758,6 +752,59 @@ process_user_id() { # being processed in the key files over "bad" keys (key flag '1') } +# output all valid keys for specified user ID literal +keys_from_userid() { + local userID + local noKey= + local nKeys + local nKeysOK + local ok + local sshKey + local tmpfile + + userID="$1" + + log verbose "processing: $userID" + + nKeys=0 + nKeysOK=0 + + IFS=$'\n' + for line in $(process_user_id "${userID}") ; do + # note that key was found + nKeys=$((nKeys+1)) + + ok=$(echo "$line" | cut -d: -f1) + sshKey=$(echo "$line" | cut -d: -f2) + + if [ -z "$sshKey" ] ; then + continue + fi + + # if key OK, output key to stdout + if [ "$ok" -eq '0' ] ; then + # note that key was found ok + nKeysOK=$((nKeysOK+1)) + + printf '%s\n' "$sshKey" + fi + done + + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 + else + return 1 + fi +} + # process a single host in the known_host file process_host_known_hosts() { local host @@ -770,7 +817,7 @@ process_host_known_hosts() { local tmpfile # set the key processing mode - export MODE='known_hosts' + export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY" host="$1" userID="ssh://${host}" @@ -954,7 +1001,7 @@ process_uid_authorized_keys() { local sshKey # set the key processing mode - export MODE='authorized_keys' + export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY" userID="$1" diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index a90c618..9cc6028 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -19,6 +19,7 @@ gen_subkey(){ local keyID local editCommands local fifoDir + local keyType # get options while true ; do @@ -44,8 +45,13 @@ Type '$PGRM help' for usage." check_gpg_authentication_subkey "$keyID" # generate the list of commands that will be passed to edit-key + # 7 for < 1.4.10 + # 8 for >= 1.4.10 + # 7 for < 2.0.13 + # 8 for >= 2.0.13 + keyType=8 editCommands="addkey -8 +$keyType S E A diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 31b53bf..0086cd3 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -27,9 +27,6 @@ else unames=$(list_users) fi -# set mode -MODE="authorized_keys" - # set gnupg home GNUPGHOME="$GNUPGHOME_SPHERE" |