summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/monkeysphere-authentication9
-rwxr-xr-xsrc/monkeysphere-host13
-rw-r--r--src/share/ma/add_certifier8
-rw-r--r--src/share/ma/remove_certifier7
-rw-r--r--src/share/mh/add_hostname14
-rw-r--r--src/share/mh/add_revoker12
-rw-r--r--src/share/mh/publish_key29
-rw-r--r--src/share/mh/revoke_hostname14
-rw-r--r--src/share/mh/set_expire9
-rwxr-xr-xtests/basic2
10 files changed, 83 insertions, 34 deletions
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 60cb5f2..c349e6f 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -114,11 +114,14 @@ gpg_core_sphere_sig_transfer() {
# MAIN
########################################################################
-# unset variables that should be defined only in config file
+# unset variables that should be defined only in config file of in
+# MONKEYSPHERE_ variables
+unset LOG_LEVEL
unset KEYSERVER
unset AUTHORIZED_USER_IDS
unset RAW_AUTHORIZED_KEYS
unset MONKEYSPHERE_USER
+unset PROMPT
# load configuration file
[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG"
@@ -130,6 +133,7 @@ KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
@@ -142,8 +146,9 @@ CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"}
export DATE
export MODE
export LOG_LEVEL
-export MONKEYSPHERE_USER
export KEYSERVER
+export MONKEYSPHERE_USER
+export PROMPT
export CHECK_KEYSERVER
export REQUIRED_USER_KEY_CAPABILITY
export GNUPGHOME_CORE
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index a7b9697..2dc6003 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -177,6 +177,7 @@ show_key() {
# trap to remove tmp dir if break
trap "rm -rf $GNUPGHOME" EXIT
+ # import the host key into the tmp dir
gpg --quiet --import <"$HOST_KEY_FILE"
HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
@@ -208,9 +209,12 @@ show_key() {
# MAIN
########################################################################
-# unset variables that should be defined only in config file
+# unset variables that should be defined only in config file of in
+# MONKEYSPHERE_ variables
+unset LOG_LEVEL
unset KEYSERVER
unset MONKEYSPHERE_USER
+unset PROMPT
# load configuration file
[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG"
@@ -219,9 +223,8 @@ unset MONKEYSPHERE_USER
# defaults
LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
-AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
-RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
@@ -231,8 +234,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
export DATE
export MODE
export LOG_LEVEL
-export MONKEYSPHERE_USER
export KEYSERVER
+export MONKEYSPHERE_USER
+export PROMPT
+export CHECK_KEYSERVER
export GNUPGHOME_HOST
export GNUPGHOME
export HOST_FINGERPRINT=
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 28c229a..54ea673 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -36,8 +36,6 @@ local fingerprint
local ltsignCommand
local trustval
-PROMPT=true
-
# get options
while true ; do
case "$1" in
@@ -53,10 +51,6 @@ while true ; do
depth="$2"
shift 2
;;
- -y)
- PROMPT=false
- shift 1
- ;;
*)
if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
failure "Unknown option '$1'.
@@ -114,7 +108,7 @@ fi
log info "key found:"
gpg_sphere "--fingerprint 0x${fingerprint}!"
-if [ "$PROMPT" = true ] ; then
+if [ "$PROMPT" = "true" ] ; then
echo "Are you sure you want to add the above key as a"
read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N}
if [ "${OK/y/Y}" != 'Y' ] ; then
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 4e56264..8271ae0 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -23,13 +23,16 @@ if [ -z "$keyID" ] ; then
failure "You must specify the key ID of a key to remove."
fi
-if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then
+# FIXME: should we be doing a fancier list_certifier output here?
+gpg_core --list-key --fingerprint "0x${keyID}!" || failure
+
+if [ "$PROMPT" = "true" ] ; then
read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "Identity certifier not removed."
fi
else
- failure
+ log debug "certifier removed without prompting."
fi
# delete the requested key from the sphere keyring
diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname
index 910faf6..70bbec3 100644
--- a/src/share/mh/add_hostname
+++ b/src/share/mh/add_hostname
@@ -31,11 +31,15 @@ userID="ssh://${1}"
find_host_userid > /dev/null && \
failure "Host userID '$userID' already exists."
-echo "The following user ID will be added to the host key:"
-echo " $userID"
-read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
- failure "User ID not added."
+if [ "$PROMPT" = "true" ] ; then
+ echo "The following user ID will be added to the host key:"
+ echo " $userID"
+ read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "User ID not added."
+ fi
+else
+ log debug "adding user ID without prompting."
fi
# edit-key script command to add user ID
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 1464ae8..b4113df 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -77,10 +77,14 @@ fi
log info "key found:"
gpg_host --fingerprint "0x${fingerprint}!"
-echo "Are you sure you want to add the above key as a"
-read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N}
-if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "Revoker not added."
+if [ "$PROMPT" = "true" ] ; then
+ echo "Are you sure you want to add the above key as a"
+ read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "revoker not added."
+ fi
+else
+ log debug "adding revoker without prompting."
fi
# edit-key script to add revoker
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index 600dfcf..b433ad7 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -15,12 +15,33 @@
publish_key() {
-read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
- failure "key not published."
+local GNUPGHOME
+
+if [ "$PROMPT" = "true" ] ; then
+ read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "key not published."
+ fi
+else
+ log debug "publishing key without prompting."
fi
+# create a temporary gnupg directory from which to publish the key
+export GNUPGHOME=$(mktemp -d)
+
+# trap to remove tmp dir if break
+trap "rm -rf $GNUPGHOME" EXIT
+
+# import the host key into the tmp dir
+su_monkeysphere_user \
+ "gpg --quiet --import" <"$HOST_KEY_FILE"
+
# publish host key
-gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'"
+su_monkeysphere_user \
+ "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'"
+
+# remove the tmp file
+trap - EXIT
+rm -rf "$GNUPGHOME"
}
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
index 99ba603..77f1f0d 100644
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -42,11 +42,15 @@ userID="ssh://${1}"
uidIndex=$(find_host_userid) || \
failure "No non-revoked user ID found matching '$userID'."
-echo "The following host key user ID will be revoked:"
-echo " $userID"
-read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
- failure "User ID not revoked."
+if [ "$PROMPT" = "true" ] ; then
+ echo "The following host key user ID will be revoked:"
+ echo " $userID"
+ read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "User ID not revoked."
+ fi
+else
+ log debug "revoking user ID without prompting."
fi
# edit-key script command to revoke user ID
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 0b581d9..14d2501 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -21,6 +21,15 @@ local extendTo
# get the new expiration date
extendTo=$(get_gpg_expiration "$1")
+if [ "$PROMPT" = "true" ] ; then
+ read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "expiration not set."
+ fi
+else
+ log debug "extending without prompting."
+fi
+
log info "setting host key expiration to ${extendTo}:"
log debug "executing host expire script..."
diff --git a/tests/basic b/tests/basic
index d78a594..9114f32 100755
--- a/tests/basic
+++ b/tests/basic
@@ -242,7 +242,7 @@ gpg --export testuser | monkeysphere-authentication gpg-cmd --import
echo "##################################################"
echo "### update server authorized_keys file for this testuser..."
monkeysphere-authentication update-users $(whoami)
-# FIXME: NOT FAILING PROPERLY FOR:
+# FIXME: this is maybe not failing properly for:
# ms: improper group or other writability on path '/tmp'.