diff options
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rwxr-xr-x | debian/monkeysphere.postinst | 4 | ||||
| -rw-r--r-- | etc/monkeysphere-server.conf | 8 | ||||
| -rw-r--r-- | etc/monkeysphere.conf | 18 | ||||
| -rw-r--r-- | man/man8/monkeysphere-server.8 | 7 | ||||
| -rw-r--r-- | src/common | 132 | ||||
| -rwxr-xr-x | src/monkeysphere | 145 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 163 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 11 |
9 files changed, 333 insertions, 161 deletions
diff --git a/debian/changelog b/debian/changelog index 1f1db61..48af4d7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,8 +7,12 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low * Privilege separation: use monkeysphere user to handle maintenance of the gnupg authentication keychain for server. * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sun, 29 Jun 2008 14:14:59 -0400 + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Wed, 09 Jul 2008 19:39:44 -0400 monkeysphere (0.3-1) experimental; urgency=low diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst index 87fbe12..a133a4b 100755 --- a/debian/monkeysphere.postinst +++ b/debian/monkeysphere.postinst @@ -28,7 +28,7 @@ install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg- # install authentication gpg.conf cat <<EOF > "$VARLIB"/gnupg-authentication/gpg.conf list-options show-uid-validity -primary-keyring ${VARLIB}/gnupg-authentication/pubring.gpg -keyring ${VARLIB}/gnupg-host/pubring.gpg +primary-keyring "$VARLIB"/gnupg-authentication/pubring.gpg +keyring "$VARLIB"/gnupg-host/pubring.gpg EOF chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf index defb0f7..15f43b1 100644 --- a/etc/monkeysphere-server.conf +++ b/etc/monkeysphere-server.conf @@ -2,8 +2,11 @@ # This is an sh-style shell configuration file. Variable names should # be separated from their assignements by a single '=' and no spaces. +# Environement variables with the same names as these variables but +# prefeced by "MONKEYSPHERE_" will take precedence over the values +# specified here. -# GPG keyserver to search for keys +# GPG keyserver to search for keys. #KEYSERVER=subkeys.pgp.net # Path to authorized_user_ids file to process to create @@ -20,3 +23,6 @@ # FIXME: this usage of "-" contravenes the normal convention where "-" # means standard in/out. Why not use "none" or "" instead? #RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" + +# User who controls the monkeysphere authentication keyring. +#MONKEYSPHERE_USER=monkeysphere diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index aa3a664..2648fa9 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -2,11 +2,17 @@ # This is an sh-style shell configuration file. Variable names should # be separated from their assignements by a single '=' and no spaces. +# Environement variables with the same names as these variables but +# prefeced by "MONKEYSPHERE_" will take precedence over the values +# specified here. -# GPG home directory -#GNUPGHOME=~/.gnupg +# GPG home directory. If not specified either here or in the +# MONKEYSPHERE_GNUPGHOME environment variable, then the value of the +# GNUPGHOME environment variable will be used. If GNUPGHOME is not +# set either, then the default value is listed below. +# GNUPGHOME=~/.gnupg -# GPG keyserver to search for keys +# GPG keyserver to search for keys. #KEYSERVER=subkeys.pgp.net # Set whether or not to check keyservers at every monkeysphere @@ -17,12 +23,12 @@ # of the keyserver. #CHECK_KEYSERVER=true -# ssh known_hosts file +# The path to the SSH known_hosts file. #KNOWN_HOSTS=~/.ssh/known_hosts # Whether or not to hash the generated known_hosts lines. -# Should be "true" or "false" +# Should be "true" or "false". #HASH_KNOWN_HOSTS=true -# ssh authorized_keys file (FIXME: why is this relevant in this file?) +# The path to the SSH authorized_keys file. #AUTHORIZED_KEYS=~/.ssh/authorized_keys diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 45605da..f33ffea 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -35,9 +35,10 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP -.B gen-key -Generate a OpenPGP key pair for the host. `g' may be used in place of -`gen-key'. +.B gen-key [HOSTNAME] +Generate a OpenPGP key pair for the host. If HOSTNAME is not +specified, then the system fully-qualified domain name will be user. +`g' may be used in place of `gen-key'. .TP .B show-fingerprint Show the fingerprint for the host's OpenPGP key. `f' may be used in place of @@ -83,10 +83,11 @@ remove_line() { file="$1" string="$2" - # if the line is there are removed, return 0 - if [ "$file" -a "$string" ] ; then + # if the string is in the file and removed, return 0 + if grep -q -F "$string" "$file" 2> /dev/null ; then grep -v -F "$string" "$file" | sponge "$file" return 0 + # otherwise return 1 else return 1 @@ -112,6 +113,11 @@ translate_ssh_variables() { echo "$path" } +# test that a string to conforms to GPG's expiration format +test_gpg_expire() { + echo "$1" | egrep -q "^[0-9][mwy]?$" +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID @@ -256,14 +262,14 @@ process_user_id() { fi requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") + # fetch the user ID if necessary/requested + gpg_fetch_userid "$userID" + # output gpg info for (exact) userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) - # fetch the user ID if necessary/requested - gpg_fetch_userid "$userID" - # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then log " - key not found." @@ -380,10 +386,10 @@ process_user_id() { process_host_known_hosts() { local host local userID + local nKeys + local nKeysOK local ok local keyid - local idOK - local idRemoved local tmpfile host="$1" @@ -392,17 +398,26 @@ process_host_known_hosts() { userID="ssh://${host}" + nKeys=0 + nKeysOK=0 + for line in $(process_user_id "ssh://${host}") ; do + # note that key was found + nKeys=$((nKeys+1)) + ok=$(echo "$line" | cut -d: -f1) keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") # remove the old host key line, and note if removed - remove_line "$KNOWN_HOSTS" "$sshKey" && idRemoved=true + remove_line "$KNOWN_HOSTS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then + # note that key was found ok + nKeysOK=$((nKeysOK+1)) + # hash if specified if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then # FIXME: this is really hackish cause ssh-keygen won't @@ -415,21 +430,19 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi - - # note that at least one ok id was found - idOK=true fi done - # if at least one ok id was found, return 0 - if [ "$idOK" ] ; then - return 0 - - # if ids were only removed, return 2 - elif [ "$idRemoved" ] ; then - return 2 - - # else return 1, to indicate nothing happened + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 else return 1 fi @@ -439,9 +452,9 @@ process_host_known_hosts() { # line update_known_hosts() { local nHosts - local host local nHostsOK local nHostsBAD + local host # the number of hosts specified on command line nHosts="$#" @@ -480,17 +493,19 @@ update_known_hosts() { log "known_hosts file updated." fi - # if all hosts were OK, return 0 - if [ "$nHostsOK" -eq "$nHosts" ] ; then + # if an acceptable host was found, return 0 + if [ "$nHostsOK" -gt 0 ] ; then return 0 - - # if all hosts were BAD, return 2 - elif [ "$nHostsBAD" -eq "$nHosts" ] ; then - return 2 - - # else return 1 + # else if no ok hosts were found... else - return 1 + # if no bad host were found then no hosts were found at all, + # and return 1 + if [ "$nHostsBAD" -eq 0 ] ; then + return 1 + # else if at least one bad host was found, return 2 + else + return 2 + fi fi } @@ -511,42 +526,49 @@ process_known_hosts() { # process uids for the authorized_keys file process_uid_authorized_keys() { local userID + local nKeys + local nKeysOK local ok local keyid - local idOK - local idRemoved userID="$1" log "processing user ID: $userID" + nKeys=0 + nKeysOK=0 + for line in $(process_user_id "$userID") ; do + # note that key was found + nKeys=$((nKeys+1)) + ok=$(echo "$line" | cut -d: -f1) keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_line "$AUTHORIZED_KEYS" "$sshKey" && idRemoved=true + remove_line "$AUTHORIZED_KEYS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then - ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" + # note that key was found ok + nKeysOK=$((nKeysOK+1)) - # note that at least one ok id was found - idOK=true + ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" fi done - # if at least one ok id was found, return 0 - if [ "$idOK" ] ; then - return 0 - - # if ids were only removed, return 2 - elif [ "$idRemoved" ] ; then - return 2 - - # else return 1, to indicate nothing happened + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 else return 1 fi @@ -599,17 +621,19 @@ update_authorized_keys() { log "authorized_keys file updated." fi - # if all ids were OK, return 0 - if [ "$nIDsOK" -eq "$nIDs" ] ; then + # if an acceptable id was found, return 0 + if [ "$nIDsOK" -gt 0 ] ; then return 0 - - # if all ids were BAD, return 2 - elif [ "$nIDsBAD" -eq "$nIDs" ] ; then - return 2 - - # else return 1 + # else if no ok ids were found... else - return 1 + # if no bad ids were found then no ids were found at all, and + # return 1 + if [ "$nIDsBAD" -eq 0 ] ; then + return 1 + # else if at least one bad id was found, return 2 + else + return 2 + fi fi } diff --git a/src/monkeysphere b/src/monkeysphere index b10adb7..59b7e4a 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -11,18 +11,15 @@ ######################################################################## PGRM=$(basename $0) -SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} -export SHAREDIR -. "${SHAREDIR}/common" || exit 1 - -GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"} -[ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" +SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} +export SHARE +. "${SHARE}/common" || exit 1 # date in UTF format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up -GREP_OPTIONS= +unset GREP_OPTIONS # default return code ERR=0 @@ -40,6 +37,8 @@ subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file gen-subkey (g) KEYID generate an 'a' capable subkey + -l|--length BITS key length in bits (2048) + -e|--expire EXPIRE date to expire help (h,?) this help EOF @@ -79,11 +78,12 @@ gen_subkey(){ fi # set subkey defaults - SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"} - SUBKEY_LENGTH=${SUBKEY_LENGTH:-} - SUBKEY_USAGE=${SUBKEY_USAGE:-"auth"} - SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"} - cat <<EOF + KEY_TYPE="RSA" + KEY_LENGTH=${KEY_LENGTH:-} + KEY_USAGE="auth" + # prompt about key expiration if not specified + if [ -z "$KEY_EXPIRE" ] ; then + cat <<EOF Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days @@ -91,7 +91,16 @@ Please specify how long the key should be valid. <n>m = key expires in n months <n>y = key expires in n years EOF - read -p "Key is valid for? ($SUBKEY_EXPIRE) " SUBKEY_EXPIRE; SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"} + while [ -z "$KEY_EXPIRE" ] ; do + read -p "Key is valid for? (0) " KEY_EXPIRE + if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then + echo "invalid value" + unset KEY_EXPIRE + fi + done + elif ! test_gpg_expire "$KEY_EXPIRE" ; then + failure "invalid key expiration value '$KEY_EXPIRE'." + fi # generate the list of commands that will be passed to edit-key editCommands=$(cat <<EOF @@ -101,8 +110,8 @@ S E A Q -$SUBKEY_LENGTH -$SUBKEY_EXPIRE +$KEY_LENGTH +$KEY_EXPIRE save EOF ) @@ -116,47 +125,85 @@ EOF # MAIN ######################################################################## +# unset variables that should be defined only in config file +unset KEYSERVER +unset CHECK_KEYSERVER +unset KNOWN_HOSTS +unset HASH_KNOWN_HOSTS +unset AUTHORIZED_KEYS + +# load global config +[ -r "${ETC}/monkeysphere.conf" ] && . "${ETC}/monkeysphere.conf" + +# set monkeysphere home directory +MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.config/monkeysphere"} +mkdir -p -m 0700 "$MONKEYSPHERE_HOME" + +# load local config +[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] && . "$MONKEYSPHERE_CONFIG" + +# set empty config variables with ones from the environment, or from +# config file, or with defaults +GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}} +KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}} +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} +KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=${KNOWN_HOSTS:="${HOME}/.ssh/known_hosts"}} +HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=${HASH_KNOWN_HOSTS:="true"}} +AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=${AUTHORIZED_KEYS:="${HOME}/.ssh/authorized_keys"}} + +# other variables not in config file +AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"} +REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"} +REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} + +# export GNUPGHOME and make sure gpg home exists with proper +# permissions +export GNUPGHOME +mkdir -p -m 0700 "$GNUPGHOME" + +# get subcommand COMMAND="$1" [ "$COMMAND" ] || failure "Type '$PGRM help' for usage." shift -# set ms home directory -MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"} - -# load configuration file -MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"} -[ -e "$MS_CONF" ] && . "$MS_CONF" - -# set empty config variable with defaults -GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} -KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} -CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} -KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} -HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"} -AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"} - -# other variables -AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} -REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"} -REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} - -export GNUPGHOME - -# make sure gpg home exists with proper permissions -mkdir -p -m 0700 "$GNUPGHOME" - -# make sure the user monkeysphere home directory exists -mkdir -p -m 0700 "$MS_HOME" -touch "$AUTHORIZED_USER_IDS" +# unset option variables +unset KEY_LENGTH +unset KEY_EXPIRE + +# get options for key generation and add-certifier functions +TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") + +if [ $? != 0 ] ; then + usage + exit 1 +fi + +# Note the quotes around `$TEMP': they are essential! +eval set -- "$TEMP" + +while true ; do + case "$1" in + -l|--length) + KEY_LENGTH="$2" + shift 2 + ;; + -e|--expire) + KEY_EXPIRE="$2" + shift 2 + ;; + --) + shift + ;; + *) + break + ;; + esac +done case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') MODE='known_hosts' - # touch the known_hosts file to make sure it exists - # ssh-keygen complains if it doesn't exist - touch "$KNOWN_HOSTS" - # if hosts are specified on the command line, process just # those hosts if [ "$1" ] ; then @@ -167,7 +214,7 @@ case $COMMAND in # in the user's known_hosts file else if [ ! -s "$KNOWN_HOSTS" ] ; then - failure "known_hosts file '$KNOWN_HOSTS' is empty." + failure "known_hosts file '$KNOWN_HOSTS' is empty or does not exist." fi process_known_hosts @@ -180,7 +227,7 @@ case $COMMAND in # fail if the authorized_user_ids file is empty if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - failure "$AUTHORIZED_USER_IDS is empty." + failure "$AUTHORIZED_USER_IDS is empty or does not exist." fi # process authorized_user_ids file diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a080076..b7e82d8 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -11,7 +11,7 @@ ######################################################################## PGRM=$(basename $0) -SHARE=${SHARE:-"/usr/share/monkeysphere"} +SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"} export SHARE . "${SHARE}/common" || exit 1 @@ -22,7 +22,7 @@ export VARLIB DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up -GREP_OPTIONS= +unset GREP_OPTIONS # default return code ERR=0 @@ -38,12 +38,21 @@ MonkeySphere server admin tool. subcommands: update-users (u) [USER]... update users authorized_keys files + gen-key (g) [HOSTNAME] generate gpg key for the server + -l|--length BITS key length in bits (2048) + -e|--expire EXPIRE date to expire + -r|--revoker FINGERPRINT add a revoker show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver - add-certifier (a) KEYID import and tsign a certification key - remove-certifier (r) KEYID remove a certification key - list-certifiers (l) list certification keys + + add-identity-certifier (a) KEYID import and tsign a certification key + -n|--domain DOMAIN domain of certifier () + -t|--trust TRUST trust level of certifier ('full') + -d|--depth DEPTH trust depth for certifier (1) + remove-identity-certifier (r) KEYID remove a certification key + list-identity-certifiers (l) list certification keys + help (h,?) this help EOF @@ -76,6 +85,9 @@ gpg_host() { } # function to interact with the authentication gnupg keyring +# FIXME: this function requires basically accepts only a single +# argument because of problems with quote expansion. this needs to be +# fixed/improved. gpg_authentication() { GNUPGHOME="$GNUPGHOME_AUTHENTICATION" export GNUPGHOME @@ -199,20 +211,20 @@ gen_key() { local fingerprint hostName=${1:-$(hostname --fqdn)} + userID="ssh://${hostName}" - SERVICE=${SERVICE:-"ssh"} - userID="${SERVICE}://${hostName}" - + # check for presense of key with user ID if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then failure "Key for '$userID' already exists" fi - # set key defaults - KEY_TYPE=${KEY_TYPE:-"RSA"} - KEY_LENGTH=${KEY_LENGTH:-"2048"} - KEY_USAGE=${KEY_USAGE:-"auth"} - KEY_EXPIRE=${KEY_EXPIRE:-"0"} - cat <<EOF + # set key variables + KEY_TYPE="RSA" + KEY_LENGTH=${KEY_LENGTH:="2048"} + KEY_USAGE="auth" + # prompt about key expiration if not specified + if [ -z "$KEY_EXPIRE" ] ; then + cat <<EOF Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days @@ -220,7 +232,16 @@ Please specify how long the key should be valid. <n>m = key expires in n months <n>y = key expires in n years EOF - read -p "Key is valid for? ($KEY_EXPIRE) " KEY_EXPIRE; KEY_EXPIRE=${KEY_EXPIRE:-"0"} + while [ -z "$KEY_EXPIRE" ] ; do + read -p "Key is valid for? (0) " KEY_EXPIRE + if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then + echo "invalid value" + unset KEY_EXPIRE + fi + done + elif ! test_gpg_expire "$KEY_EXPIRE" ; then + failure "invalid key expiration value '$KEY_EXPIRE'." + fi # set key parameters keyParameters=$(cat <<EOF @@ -233,12 +254,10 @@ EOF ) # add the revoker field if specified - # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. why? - # FIXME: why is this marked "sensitive"? how will this signature ever - # be transmitted to the expected revoker? + # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. + # FIXME: key is marked "sensitive"? is this appropriate? if [ "$REVOKER" ] ; then keyParameters="${keyParameters}"$(cat <<EOF - Revoker: 1:$REVOKER sensitive EOF ) @@ -313,14 +332,14 @@ add_certifier() { gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust" # get the key from the key server - gpg_authentication "--keyserver $KEYSERVER --recv-key $keyID" + gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'" # get the full fingerprint of a key ID fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint $keyID" | \ grep '^fpr:' | grep "$keyID" | cut -d: -f10) if [ -z "$fingerprint" ] ; then - failure "Could not find key '$keyID'." + failure "Could not find key \"${keyID}\"." fi echo "key found:" @@ -335,15 +354,16 @@ add_certifier() { gpg_authentication "--export $keyID" | gpg_host --import # default values for trust depth and domain - DEPTH=${DEPTH:-1} DOMAIN=${DOMAIN:-} + TRUST=${TRUST:-2} + DEPTH=${DEPTH:-1} # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign y -2 +$TRUST $DEPTH $DOMAIN y @@ -381,27 +401,29 @@ list_certifiers() { # MAIN ######################################################################## -COMMAND="$1" -[ "$COMMAND" ] || failure "Type '$PGRM help' for usage." -shift +# unset variables that should be defined only in config file +unset KEYSERVER +unset AUTHORIZED_USER_IDS +unset RAW_AUTHORIZED_KEYS +unset MONKEYSPHERE_USER # load configuration file -MS_CONF=${MS_CONF:-"${ETC}/monkeysphere-server.conf"} -[ -e "$MS_CONF" ] && . "$MS_CONF" +[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${ETC}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG" -# set empty config variable with defaults -MONKEYSPHERE_USER=${MONKEYSPHERE_USER:-"monkeysphere"} -KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} -CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} -AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"%h/.config/monkeysphere/authorized_user_ids"} -RAW_AUTHORIZED_KEYS=${RAW_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"} +# set empty config variable with ones from the environment, or with +# defaults +KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}} +AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.config/monkeysphere/authorized_user_ids"}} +RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} +MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} # other variables -REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} -GNUPGHOME_HOST=${GNUPGHOME_HOST:-"${VARLIB}/gnupg-host"} -GNUPGHOME_AUTHENTICATION=${GNUPGHOME_AUTHENTICATION:-"${VARLIB}/gnupg-authentication"} +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} +REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} +GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${VARLIB}/gnupg-host"} +GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${VARLIB}/gnupg-authentication"} -# export variables +# export variables needed in su invocation export DATE export MODE export MONKEYSPHERE_USER @@ -412,6 +434,65 @@ export GNUPGHOME_HOST export GNUPGHOME_AUTHENTICATION export GNUPGHOME +# get subcommand +COMMAND="$1" +[ "$COMMAND" ] || failure "Type '$PGRM help' for usage." +shift + +# unset option variables +unset KEY_LENGTH +unset KEY_EXPIRE +unset REVOKER +unset DOMAIN +unset TRUST +unset DEPTH + +# get options for key generation and add-certifier functions +TEMP=$(getopt -o l:e:r:n:t:d: -l length:,expire:,revoker:,domain:,trust:,depth: -n "$PGRM" -- "$@") + +if [ $? != 0 ] ; then + usage + exit 1 +fi + +# Note the quotes around `$TEMP': they are essential! +eval set -- "$TEMP" + +while true ; do + case "$1" in + -l|--length) + KEY_LENGTH="$2" + shift 2 + ;; + -e|--expire) + KEY_EXPIRE="$2" + shift 2 + ;; + -r|--revoker) + REVOKER="$2" + shift 2 + ;; + -n|--domain) + DOMAIN="$2" + shift 2 + ;; + -t|--trust) + TRUST="$2" + shift 2 + ;; + -d|--depth) + DEPTH="$2" + shift 2 + ;; + --) + shift + ;; + *) + break + ;; + esac +done + case $COMMAND in 'update-users'|'update-user'|'u') update_users "$@" @@ -429,21 +510,21 @@ case $COMMAND in publish_server_key ;; - 'add-certifier'|'a') + 'add-identity-certifier'|'add-certifier'|'a') if [ -z "$1" ] ; then failure "You must specify a key ID." fi add_certifier "$1" ;; - 'remove-certifier'|'r') + 'remove-identity-certifier'|'remove-certifier'|'r') if [ -z "$1" ] ; then failure "You must specify a key ID." fi remove_certifier "$1" ;; - 'list-certifiers'|'l') + 'list-identity-certifiers'|'list-certifiers'|'list-certifier'|'l') list_certifiers "$@" ;; diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index b70f3c6..6d6d3c0 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -53,27 +53,30 @@ URI="ssh://${HOSTP}" # if the host is in the gpg keyring... if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"} + CHECK_KEYSERVER="false" # if the host is NOT in the keyring... else # if the host key is found in the known_hosts file... # FIXME: this only works for default known_hosts location hostKey=$(ssh-keygen -F "$HOST") + if [ "$hostKey" ] ; then # do not check the keyserver # FIXME: more nuanced checking should be done here to properly # take into consideration hosts that join monkeysphere by # converting an existing and known ssh key - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"} + CHECK_KEYSERVER="false" # if the host key is not found in the known_hosts file... else # check the keyserver - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"true"} + CHECK_KEYSERVER="true" fi fi -export CHECK_KEYSERVER + +MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} +export MONKEYSPHERE_CHECK_KEYSERVER # update the known_hosts file for the host monkeysphere update-known_hosts "$HOSTP" |