summaryrefslogtreecommitdiff
path: root/src/share
diff options
context:
space:
mode:
Diffstat (limited to 'src/share')
-rwxr-xr-xsrc/share/checkperms2
-rw-r--r--src/share/ma/keys_for_user50
2 files changed, 51 insertions, 1 deletions
diff --git a/src/share/checkperms b/src/share/checkperms
index aa67d96..3f8ad56 100755
--- a/src/share/checkperms
+++ b/src/share/checkperms
@@ -88,7 +88,7 @@ sub permissions_ok {
# OpenSSH sources for an explanation of this bailout (see also
# monkeysphere #675):
if ($path eq $user->dir) {
- mslog('DEBUG', "stopping at the %s's home directory '%s'\n", $user->name, $path);
+ mslog('DEBUG', "stopping at %s's home directory '%s'\n", $user->name, $path);
return undef;
}
diff --git a/src/share/ma/keys_for_user b/src/share/ma/keys_for_user
new file mode 100644
index 0000000..f48d5d3
--- /dev/null
+++ b/src/share/ma/keys_for_user
@@ -0,0 +1,50 @@
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere authentication keys-for-user subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
+
+# This command could be run as an sshd AuthorizedKeysCommand to
+# provide the authorized keys for a user, based on OpenPGP user id's
+# listed in the user's authorized_user_ids file.
+
+keys_for_user() {
+
+local uname
+local authorizedUserIDs
+local line
+local userIDs
+
+# get users from command line
+uname="$1"
+
+# path to authorized_user_ids file, translating ssh-style path
+# variables
+authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
+
+# exit if the authorized_user_ids file is empty
+if [ ! -s "$authorizedUserIDs" ] ; then
+ failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
+fi
+
+log debug "authorized_user_ids file: $authorizedUserIDs"
+
+# check permissions on the authorized_user_ids file path
+check_key_file_permissions "$uname" "$authorizedUserIDs" || failure
+
+GNUPGHOME="$GNUPGHOME_SPHERE"
+export GNUPGHOME
+
+# extract user IDs from authorized_user_ids file
+IFS=$'\n'
+for line in $(meat "$authorizedUserIDs") ; do
+ su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid '$line'"
+done
+
+}