diff options
| -rwxr-xr-x | Makefile | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 17 | ||||
| -rw-r--r-- | src/share/common | 6 | ||||
| -rw-r--r-- | src/share/mh/gen_key | 6 | ||||
| -rw-r--r-- | src/share/mh/import_key | 3 | ||||
| -rwxr-xr-x | tests/basic | 18 | ||||
| -rw-r--r-- | tests/etc/monkeysphere/monkeysphere-authentication.conf (renamed from tests/etc/monkeysphere/monkeysphere-server.conf) | 0 |
7 files changed, 16 insertions, 36 deletions
@@ -29,7 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common + sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/share/common cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4c978c9..0b37ba9 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -107,18 +107,12 @@ check_host_keyring() { show_key() { local fingerprintPGP local fingerprintSSH - local ret=0 # FIXME: you shouldn't have to be root to see the host key fingerprint - if is_root ; then - check_host_keyring - fingerprintPGP=$(fingerprint_server_key) - gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null - echo "OpenPGP fingerprint: $fingerprintPGP" - else - log info "You must be root to see host OpenPGP fingerprint." - ret='1' - fi + check_host_keyring + fingerprintPGP=$(fingerprint_server_key) + gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null + echo "OpenPGP fingerprint: $fingerprintPGP" if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \ @@ -126,10 +120,7 @@ show_key() { echo "ssh fingerprint: $fingerprintSSH" else log info "SSH host key not found." - ret='1' fi - -return $ret } ######################################################################## diff --git a/src/share/common b/src/share/common index ef931ca..9adae05 100644 --- a/src/share/common +++ b/src/share/common @@ -533,12 +533,6 @@ gpg_fetch_userid() { --search ="$userID" > /dev/null 2>&1 returnCode="$?" - # if the user is the monkeysphere user, then update the - # monkeysphere user's trustdb - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - gpg_authentication "--check-trustdb" > /dev/null 2>&1 - fi - return "$returnCode" } diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index aad213a..162a64e 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -85,10 +85,6 @@ echo "$keyParameters" | gpg_host --batch --gen-key # find the key fingerprint of the newly generated key fingerprint=$(fingerprint_server_key) -# export host ownertrust to authentication keyring -log verbose "setting ultimate owner trust for host key..." -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" - # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use @@ -98,7 +94,7 @@ echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 386e02d..c0d5956 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -77,10 +77,9 @@ fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring log verbose "setting ultimate owner trust for host key..." echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # export public key to file -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key diff --git a/tests/basic b/tests/basic index b8ab4fc..5006f8f 100755 --- a/tests/basic +++ b/tests/basic @@ -123,7 +123,7 @@ export PATH="$TESTDIR"/../src:"$TESTDIR"/../src/keytrans:"$PATH" export MONKEYSPHERE_SYSDATADIR="$TEMPDIR" export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" -export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src +export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) export MONKEYSPHERE_CHECK_KEYSERVER=false export MONKEYSPHERE_LOG_LEVEL=DEBUG @@ -168,15 +168,15 @@ HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authentication/authorized_keys/%u EOF -# set up monkeysphere-server -echo "### configuring monkeysphere..." +# set up monkeysphere host +echo "### configuring monkeysphere host..." mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/host -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/authorized_keys -mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/tmp -cp etc/monkeysphere/monkeysphere-server.conf "$TEMPDIR"/monkeysphere-server.conf -cat <<EOF >> "$TEMPDIR"/monkeysphere-server.conf + +# set up monkeysphere authentication +echo "### configuring monkeysphere authentication..." +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} +cp etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ +cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" EOF cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf diff --git a/tests/etc/monkeysphere/monkeysphere-server.conf b/tests/etc/monkeysphere/monkeysphere-authentication.conf index 9cc396f..9cc396f 100644 --- a/tests/etc/monkeysphere/monkeysphere-server.conf +++ b/tests/etc/monkeysphere/monkeysphere-authentication.conf |