summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/monkeysphere-authentication15
-rwxr-xr-xsrc/monkeysphere-host13
-rw-r--r--src/share/ma/setup12
-rw-r--r--src/share/ma/update_users2
-rw-r--r--src/share/mh/gen_key12
-rw-r--r--src/share/mh/import_key4
-rwxr-xr-xtests/basic6
7 files changed, 36 insertions, 28 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 4aaf02d..7c43aa8 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -12,20 +12,25 @@
# version 3 or later.
########################################################################
+set -e
+
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
# sharedir for authentication functions
MASHAREDIR="${SYSSHAREDIR}/ma"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for authentication functions
+MADATADIR="${SYSDATADIR}/authentication"
# temp directory to enable atomic moves of authorized_keys files
-MATMPDIR="${SYSDATADIR}/tmp"
+MATMPDIR="${MADATADIR}/tmp"
export MSTMPDIR
# UTC date in ISO 8601 format if needed
@@ -135,8 +140,8 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"}
-GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"}
+GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
+GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
# export variables needed in su invocation
export DATE
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 0b37ba9..3f4a434 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -18,11 +18,14 @@ SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
# sharedir for host functions
MHSHAREDIR="${SYSSHAREDIR}/mh"
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for host functions
+MHDATADIR="${SYSDATADIR}/host"
# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')
@@ -114,8 +117,8 @@ show_key() {
gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
echo "OpenPGP fingerprint: $fingerprintPGP"
- if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
- fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+ if [ -f "${MHDATADIR}/ssh_host_rsa_key.pub" ] ; then
+ fingerprintSSH=$(ssh-keygen -l -f "${MHDATADIR}/ssh_host_rsa_key.pub" | \
awk '{ print $1, $2, $4 }')
echo "ssh fingerprint: $fingerprintSSH"
else
@@ -144,7 +147,7 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/host"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
# export variables needed in su invocation
export DATE
diff --git a/src/share/ma/setup b/src/share/ma/setup
index abce3af..672a960 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -12,8 +12,9 @@
# version 3 or later.
setup() {
- # make the core and the sphere:
- mkdir -p "${SYSDATADIR}"/authentication
+ # make all needed directories
+ mkdir -p "${MADATADIR}"
+ mkdir -p "${MATMPDIR}"
mkdir -p "${GNUPGHOME_SPHERE}"
mkdir -p "${GNUPGHOME_CORE}"
@@ -46,14 +47,17 @@ EOF
local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
- local TMPLOC=$(mktemp -d ${MATMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
- ssh-keygen -q -b 2048 -t rsa -N'' "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+ local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+ # generate the key with ssh-keygen...
+ ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
+ # and then translate to openpgp encoding and import
# FIXME: pem2openpgp currently sets the A flag and a short
# expiration date. We should set the C flag and no expiration
# date.
< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core"
+ gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key
CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: )
if [ -z "$CORE_FPR" ] ; then
failure "Failed to create Monkeysphere authentication trust core!"
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 73685f6..e9e3cc6 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -35,7 +35,7 @@ MODE="authorized_keys"
GNUPGHOME="$GNUPGHOME_SPHERE"
# the authorized_keys directory
-authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys"
+authorizedKeysDir="${MADATADIR}/authorized_keys"
# check to see if the gpg trust database has been initialized
if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then
diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key
index 162a64e..c0445db 100644
--- a/src/share/mh/gen_key
+++ b/src/share/mh/gen_key
@@ -90,12 +90,12 @@ fingerprint=$(fingerprint_server_key)
# NOTE: assumes that the primary key is the proper key to use
(umask 077 && \
gpg_host --export-secret-key "$fingerprint" | \
- openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
-ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
-log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
-gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key")
+log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key"
+ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub"
+log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub"
+gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
+log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
# show info about new key
show_key
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index c0d5956..0f16d27 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -79,8 +79,8 @@ log verbose "setting ultimate owner trust for host key..."
echo "${fingerprint}:6:" | gpg_host "--import-ownertrust"
# export public key to file
-gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
+log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
# show info about new key
show_key
diff --git a/tests/basic b/tests/basic
index e30f31b..b5afb23 100755
--- a/tests/basic
+++ b/tests/basic
@@ -209,16 +209,12 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
# set up monkeysphere authentication
echo "##################################################"
-echo "### configuring monkeysphere authentication..."
+echo "### setup monkeysphere authentication..."
mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp}
cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/
cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf
AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids"
EOF
-
-# setup server authentication
-echo "##################################################"
-echo "### setting up server authentication..."
monkeysphere-authentication setup
get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf