summaryrefslogtreecommitdiff
path: root/src/share
diff options
context:
space:
mode:
Diffstat (limited to 'src/share')
-rw-r--r--src/share/common116
-rwxr-xr-xsrc/share/keytrans44
-rw-r--r--src/share/m/gen_subkey21
-rw-r--r--src/share/ma/add_certifier2
-rw-r--r--src/share/ma/remove_certifier2
-rw-r--r--src/share/ma/update_users3
-rw-r--r--src/share/mh/add_hostname62
-rw-r--r--src/share/mh/add_name71
-rw-r--r--src/share/mh/add_revoker53
-rw-r--r--src/share/mh/diagnostics189
-rw-r--r--src/share/mh/import_key51
-rw-r--r--src/share/mh/publish_key19
-rw-r--r--src/share/mh/revoke_hostname68
-rw-r--r--src/share/mh/revoke_key18
-rw-r--r--src/share/mh/revoke_name72
-rw-r--r--src/share/mh/set_expire38
16 files changed, 509 insertions, 320 deletions
diff --git a/src/share/common b/src/share/common
index 4aa3f7c..e735319 100644
--- a/src/share/common
+++ b/src/share/common
@@ -281,7 +281,7 @@ get_gpg_expiration() {
keyExpire="$1"
- if [ -z "$keyExpire" -a "$PROMPT" = 'true' ]; then
+ if [ -z "$keyExpire" -a "$PROMPT" != 'false' ]; then
cat >&2 <<EOF
Please specify how long the key should be valid.
0 = key does not expire
@@ -436,6 +436,28 @@ list_users() {
fi
}
+# take one argument, a service name. in response, print a series of
+# lines, each with a unique numeric port number that might be
+# associated with that service name. (e.g. in: "https", out: "443")
+# if nothing is found, print nothing, and return 0.
+#
+# return 1 if there was an error in the search somehow
+get_port_for_service() {
+
+ [[ "$1" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$ ]] || \
+ failure $(printf "This is not a valid service name: '%s'" "$1")
+ if type getent &>/dev/null ; then
+ # for linux and FreeBSD systems (getent returns 2 if not found, 0 on success, 1 or 3 on various failures)
+ (getent services "$service" || if [ "$?" -eq 2 ] ; then true ; else false; fi) | awk '{ print $2 }' | cut -f1 -d/ | sort -u
+ elif [ -r /etc/services ] ; then
+ # fall back to /etc/services for systems that don't have getent (MacOS?)
+ # FIXME: doesn't handle aliases like "null" (or "http"?), which don't show up at the beginning of the line.
+ awk $(printf '/^%s[[:space:]]/{ print $2 }' "$1") /etc/services | cut -f1 -d/ | sort -u
+ else
+ return 1
+ fi
+}
+
# return the path to the home directory of a user
get_homedir() {
local uname=${1:-`whoami`}
@@ -530,6 +552,15 @@ gpg2authorized_keys() {
### GPG UTILITIES
+# script to determine if gpg version is equal to or greater than specified version
+is_gpg_version_greater_equal() {
+ local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }')
+ local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \
+ | tr '.' ' ' | sort -g -k1 -k2 -k3 \
+ | tail -1 | tr ' ' '.')
+ [[ "$gpgVersion" == "$latest" ]]
+}
+
# retrieve all keys with given user id from keyserver
# FIXME: need to figure out how to retrieve all matching keys
# (not just first N (5 in this case))
@@ -559,7 +590,7 @@ gpg_fetch_userid() {
# userid and key policy checking
# the following checks policy on the returned keys
# - checks that full key has appropriate valididy (u|f)
-# - checks key has specified capability (REQUIRED_*_KEY_CAPABILITY)
+# - checks key has specified capability (REQUIRED_KEY_CAPABILITY)
# - checks that requested user ID has appropriate validity
# (see /usr/share/doc/gnupg/DETAILS.gz)
# output is one line for every found key, in the following format:
@@ -571,8 +602,6 @@ gpg_fetch_userid() {
#
# all log output must go to stderr, as stdout is used to pass the
# flag:sshKey to the calling function.
-#
-# expects global variable: "MODE"
process_user_id() {
local returnCode=0
local userID
@@ -593,11 +622,7 @@ process_user_id() {
userID="$1"
# set the required key capability based on the mode
- if [ "$MODE" = 'known_hosts' ] ; then
- requiredCapability="$REQUIRED_HOST_KEY_CAPABILITY"
- elif [ "$MODE" = 'authorized_keys' ] ; then
- requiredCapability="$REQUIRED_USER_KEY_CAPABILITY"
- fi
+ requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
# fetch the user ID if necessary/requested
@@ -758,6 +783,59 @@ process_user_id() {
# being processed in the key files over "bad" keys (key flag '1')
}
+# output all valid keys for specified user ID literal
+keys_for_userid() {
+ local userID
+ local noKey=
+ local nKeys
+ local nKeysOK
+ local ok
+ local sshKey
+ local tmpfile
+
+ userID="$1"
+
+ log verbose "processing: $userID"
+
+ nKeys=0
+ nKeysOK=0
+
+ IFS=$'\n'
+ for line in $(process_user_id "${userID}") ; do
+ # note that key was found
+ nKeys=$((nKeys+1))
+
+ ok=$(echo "$line" | cut -d: -f1)
+ sshKey=$(echo "$line" | cut -d: -f2)
+
+ if [ -z "$sshKey" ] ; then
+ continue
+ fi
+
+ # if key OK, output key to stdout
+ if [ "$ok" -eq '0' ] ; then
+ # note that key was found ok
+ nKeysOK=$((nKeysOK+1))
+
+ printf '%s\n' "$sshKey"
+ fi
+ done
+
+ # if at least one key was found...
+ if [ "$nKeys" -gt 0 ] ; then
+ # if ok keys were found, return 0
+ if [ "$nKeysOK" -gt 0 ] ; then
+ return 0
+ # else return 2
+ else
+ return 2
+ fi
+ # if no keys were found, return 1
+ else
+ return 1
+ fi
+}
+
# process a single host in the known_host file
process_host_known_hosts() {
local host
@@ -770,7 +848,7 @@ process_host_known_hosts() {
local tmpfile
# set the key processing mode
- export MODE='known_hosts'
+ export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY"
host="$1"
userID="ssh://${host}"
@@ -954,7 +1032,7 @@ process_uid_authorized_keys() {
local sshKey
# set the key processing mode
- export MODE='authorized_keys'
+ export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY"
userID="$1"
@@ -1121,9 +1199,23 @@ process_authorized_user_ids() {
# fingerprints, one per line:
list_primary_fingerprints() {
local fake=$(msmktempdir)
- GNUPGHOME="$fake" gpg --no-tty --quiet --import
+ trap "rm -rf $fake" EXIT
+ GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
awk -F: '/^fpr:/{ print $10 }'
+ trap - EXIT
+ rm -rf "$fake"
+}
+
+# takes an OpenPGP key or set of keys on stdin, a fingerprint or other
+# key identifier as $1, and outputs the gpg-formatted information for
+# the requested keys from the material on stdin
+get_cert_info() {
+ local fake=$(msmktempdir)
+ trap "rm -rf $fake" EXIT
+ GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
+ GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1"
+ trap - EXIT
rm -rf "$fake"
}
diff --git a/src/share/keytrans b/src/share/keytrans
index ae4fb09..255a271 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -722,6 +722,7 @@ sub findkey {
my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
# left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
$foundfprstr = sprintf("%040s", $foundfprstr);
+ my $matched = 0;
# is this a match?
if ((!defined($data->{target}->{fpr})) ||
@@ -731,6 +732,7 @@ sub findkey {
}
$data->{key} = { 'rsa' => $pubkey,
'timestamp' => $key_timestamp };
+ $matched = 1;
}
if ($tag != $packet_types->{seckey} &&
@@ -740,7 +742,7 @@ sub findkey {
}
return;
}
- if (!defined($data->{key})) {
+ if (!$matched) {
# we don't think the public part of this key matches
if ($readbytes < $packetlen) {
read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n";
@@ -810,6 +812,40 @@ sub openpgp2rsa {
return $data->{key}->{rsa};
}
+sub findkeyfprs {
+ my $data = shift;
+ my $instr = shift;
+ my $tag = shift;
+ my $packetlen = shift;
+
+ findkey($data, $instr, $tag, $packetlen);
+ if (defined($data->{key})) {
+ if (defined($data->{key}->{rsa}) && defined($data->{key}->{timestamp})) {
+ $data->{keys}->{fingerprint($data->{key}->{rsa}, $data->{key}->{timestamp})} = $data->{key};
+ } else {
+ die "should have found some key here";
+ }
+ undef($data->{key});
+ }
+};
+
+sub getallprimarykeys {
+ my $instr = shift;
+
+ my $subs = { $packet_types->{pubkey} => \&findkeyfprs,
+ $packet_types->{seckey} => \&findkeyfprs,
+ };
+ my $data = {target => { } };
+
+ packetwalk($instr, $subs, $data);
+
+ if (defined $data->{keys}) {
+ return $data->{keys};
+ } else {
+ return {};
+ }
+}
+
sub adduserid {
my $instr = shift;
my $fpr = shift;
@@ -1102,6 +1138,12 @@ for (basename($0)) {
});
print $newuid;
+ } elsif (/^listfprs$/) {
+ my $instream;
+ open($instream,'-');
+ binmode($instream, ":bytes");
+ my $keys = getallprimarykeys($instream);
+ printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
} else {
die "Unrecognized subcommand. keytrans subcommands are not a stable interface!\n";
}
diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey
index a90c618..cf1ed0c 100644
--- a/src/share/m/gen_subkey
+++ b/src/share/m/gen_subkey
@@ -19,6 +19,7 @@ gen_subkey(){
local keyID
local editCommands
local fifoDir
+ local keyType
# get options
while true ; do
@@ -43,9 +44,27 @@ Type '$PGRM help' for usage."
# check that an authentication subkey does not already exist
check_gpg_authentication_subkey "$keyID"
+ # determine which keyType to use from gpg version
+ keyType=7
+ case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
+ 1)
+ if is_gpg_version_greater_equal 1.4.10 ; then
+ keyType=8
+ fi
+ ;;
+ 2)
+ if is_gpg_version_greater_equal 2.0.13 ; then
+ keyType=8
+ fi
+ ;;
+ *)
+ keyType=8
+ ;;
+ esac
+
# generate the list of commands that will be passed to edit-key
editCommands="addkey
-8
+$keyType
S
E
A
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 1601997..bd38190 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -135,7 +135,7 @@ EOF
log info "key found:"
gpg_sphere "--fingerprint 0x${fingerprint}!"
- if [ "$PROMPT" = "true" ] ; then
+ if [ "$PROMPT" != "false" ] ; then
printf "Are you sure you want to add the above key as a certifier\nof users on this system? (Y/n) " >&2
read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 79f1cda..51c7ee7 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -26,7 +26,7 @@ fi
# FIXME: should we be doing a fancier list_certifier output here?
gpg_core --list-key --fingerprint "0x${keyID}!" || failure
-if [ "$PROMPT" = "true" ] ; then
+if [ "$PROMPT" != "false" ] ; then
printf "Really remove the above listed identity certifier? (Y/n) " >&2
read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 31b53bf..0086cd3 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -27,9 +27,6 @@ else
unames=$(list_users)
fi
-# set mode
-MODE="authorized_keys"
-
# set gnupg home
GNUPGHOME="$GNUPGHOME_SPHERE"
diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname
deleted file mode 100644
index c1b32a9..0000000
--- a/src/share/mh/add_hostname
+++ /dev/null
@@ -1,62 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host add-hostname subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# add hostname user ID to server key
-
-add_hostname() {
-
-local userID
-local fingerprint
-local tmpuidMatch
-local line
-local adduidCommand
-
-if [ -z "$1" ] ; then
- failure "You must specify a hostname to add."
-fi
-
-userID="ssh://${1}"
-
-# test that the desired user ID does not already exist
-find_host_userid "$userID" && \
- failure "Host userID '$userID' already exists."
-
-if [ "$PROMPT" = "true" ] ; then
- printf "The following user ID will be added to the host key:\n %s\nAre you sure you would like to add this user ID? (Y/n) " "$userID" >&2
- read OK; OK=${OK:=Y}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "User ID not added."
- fi
-else
- log debug "adding user ID without prompting."
-fi
-
-# execute edit-key script
-if PEM2OPENPGP_USAGE_FLAGS=authenticate \
- <"$GNUPGHOME_HOST/secring.gpg" \
- "$SYSSHAREDIR/keytrans" adduserid \
- "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
- gpg_host --check-trustdb
-
- update_gpg_pub_file
-
- show_key
-
- echo
- echo "NOTE: User ID added to key, but key not published."
- echo "Run '$PGRM publish-key' to publish the new user ID."
-else
- failure "Problem adding user ID."
-fi
-
-}
diff --git a/src/share/mh/add_name b/src/share/mh/add_name
new file mode 100644
index 0000000..39ebace
--- /dev/null
+++ b/src/share/mh/add_name
@@ -0,0 +1,71 @@
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere host add-hostname subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
+
+# add servicename user ID to server key
+
+add_name() {
+
+local serviceName
+local keyID
+local fingerprint
+local tmpuidMatch
+local line
+local adduidCommand
+
+if [ -z "$1" ] ; then
+ failure "You must specify a service name to add."
+fi
+serviceName="$1"
+shift
+
+keyID=$(check_key_input "$@")
+
+# test that the desired user ID does not already exist
+check_key_userid "$keyID" "$serviceName" && \
+ failure "Service name '$serviceName' already exists on key '$keyID'."
+
+# test that a key with that user ID does not already exist
+prompt_userid_exists "$serviceName"
+
+check_service_name "$serviceName"
+
+if [ "$PROMPT" != "false" ] ; then
+ printf "The following service name will be added to key '$keyID':\n %s\nAre you sure you would like to add this service name? (Y/n) " "$serviceName" >&2
+ read OK; OK=${OK:=Y}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "Service name not added."
+ fi
+else
+ log debug "adding service name without prompting."
+fi
+
+# execute edit-key script
+if PEM2OPENPGP_USAGE_FLAGS=authenticate \
+ <"$GNUPGHOME_HOST/secring.gpg" \
+ "$SYSSHAREDIR/keytrans" adduserid "$keyID" "$serviceName" \
+ | gpg_host --import ; then
+
+ gpg_host --check-trustdb
+
+ update_pgp_pub_file
+
+ show_key "$keyID"
+
+ echo
+ echo "NOTE: Service name added to key, but key not published."
+ echo "Run '$PGRM publish-key' to publish the new service name."
+else
+ failure "Problem adding service name."
+fi
+
+}
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 89e6fcf..41cf090 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -8,24 +8,27 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008, and are all released under the GPL, version 3
-# or later.
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
# add a revoker to the host key
add_revoker() {
+local revokerKeyID
local keyID
local tmpDir
local fingerprint
local addrevokerCommand
-keyID="$1"
-
# check that key ID or file is specified
-if [ -z "$keyID" ] ; then
+if [ -z "$1" ] ; then
failure "You must specify the key ID of a revoker key, or specify a file to read the key from."
fi
+revokerKeyID="$1"
+shift
+
+keyID=$(check_key_input "$@")
# make a temporary directory for storing keys during import, and set
# the trap to delete it on exit
@@ -33,33 +36,33 @@ tmpDir=$(msmktempdir)
trap "rm -rf $tmpDir" EXIT
# if file is specified
-if [ -f "$keyID" -o "$keyID" = '-' ] ; then
+if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# load the key from stdin
- if [ "$keyID" = '-' ] ; then
+ if [ "$revokerKeyID" = '-' ] ; then
# make a temporary file to hold the key from stdin
- keyID="$tmpDir"/importkey
- log verbose "reading key from stdin..."
- cat > "$keyID"
+ revokerKeyID="$tmpDir"/importkey
+ log verbose "reading revoker key from stdin..."
+ cat > "$revokerKeyID"
# load the key from the file
- elif [ -f "$keyID" ] ; then
- log verbose "reading key from file '$keyID'..."
+ elif [ -f "$revokerKeyID" ] ; then
+ log verbose "reading revoker key from file '$revokerKeyID'..."
fi
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID")
+ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
fi
# load the key
- gpg_host --import <"$keyID" \
- || failure "could not read key from '$keyID'"
+ gpg_host --import <"$revokerKeyID" \
+ || failure "could not read revoker key from '$revokerKeyID'"
-# else, get the key from the keyserver
+# else, get the revoker key from the keyserver
else
# fix permissions and ownership on temporary directory which will
# be used by monkeysphere user for storing the downloaded key
@@ -67,13 +70,13 @@ else
chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir"
# download the key from the keyserver as the monkeysphere user
- log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
- su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \
- || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+ log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
+ su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${revokerKeyID}!" \
+ || failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
# get the full fingerprint of new revoker key
log debug "getting fingerprint of revoker key..."
- fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \
+ fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint ${revokerKeyID}" \
| grep '^fpr:' | cut -d: -f10)
# test that there is only a single fingerprint
@@ -86,11 +89,11 @@ EOF
failure
fi
- log info "key found:"
+ log info "revoker key found:"
su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!"
if [ "$PROMPT" = "true" ] ; then
- printf "Are you sure you want to add the above key as a revoker\nof the host key? (Y/n) " >&2
+ printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "revoker not added."
@@ -100,7 +103,7 @@ EOF
fi
# export the new key to the host keyring
- log debug "loading key into host keyring..."
+ log debug "loading revoker key into host keyring..."
su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \
| gpg_host --import
fi
@@ -115,9 +118,9 @@ save
# core ltsigns the newly imported revoker key
log debug "executing add revoker script..."
-if echo "$addrevokerCommand" | gpg_host_edit ; then
+if echo "$addrevokerCommand" | gpg_host_edit "0x${keyID}!" ; then
- update_gpg_pub_file
+ update_pgp_pub_file
log info "Revoker added."
else
diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics
index b92d729..9409f1d 100644
--- a/src/share/mh/diagnostics
+++ b/src/share/mh/diagnostics
@@ -8,107 +8,88 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009, and are all released under the GPL,
+# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.
-# check on the status and validity of the key and public certificates
+# check on the status and validity of the host's public certificates (and keys?)
-diagnostics() {
-
-local seckey
-local keysfound
-local curdate
-local warnwindow
-local warndate
-local create
-local expire
-local uid
-local fingerprint
-local badhostkeys
-local problemsfound=0
-
-if ! [ -d "$SYSDATADIR" ] ; then
- echo "! no $SYSDATADIR directory found. Please create it."
- exit
-fi
-
-if ! [ -f "$HOST_KEY_FILE" ] ; then
- echo "No host key gpg pub file found!"
- echo " - Recommendation: run 'monkeysphere-host import-key'"
- exit
-fi
+# global vars for communicating between functions:
-# load the host key fingerprint
-load_fingerprint
-
-seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
-keysfound=$(echo "$seckey" | grep -c ^sec:)
-curdate=$(date +%s)
+MHD_CURDATE=$(date +%s)
# warn when anything is 2 months away from expiration
-warnwindow='2 months'
-warndate=$(advance_date $warnwindow +%s)
-
-if ! id monkeysphere >/dev/null ; then
- echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell."
- problemsfound=$(($problemsfound+1))
-fi
+MHD_WARNWINDOW='2 months'
+MHD_WARNDATE=$(advance_date $MHD_WARNWINDOW +%s)
+MHD_PROBLEMSFOUND=0
+
+
+diagnose_key() {
+ local fpr="$1"
+ local certinfo
+ local create
+ local expire
+ local uid
+ local keysfound
+ local uiderrs
+ local errcount
+
+ printf "Checking OpenPGP Certificate for key 0x%s\n" "$fpr"
+
+ certinfo=$(get_cert_info "0x$fpr" <"$HOST_KEY_FILE")
+ keysfound=$(grep -c ^pub: <<<"$certinfo")
+
+ if [ "$keysfound" -lt 1 ] ; then
+ printf "! Could not find key with fingerprint 0x%s\n" "$fpr"
+ # FIXME: recommend a way to resolve this!
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1))
+ fi
-echo "Checking host GPG key..."
-if (( "$keysfound" < 1 )); then
- echo "! No host key found. The monkeysphere-host data directory is corrupt?!?!"
- echo " - Recommendation: purge the MHDATADIR ($MHDATADIR) and rerun 'monkeysphere-host import-key'"
- problemsfound=$(($problemsfound+1))
-elif (( "$keysfound" > 1 )); then
- echo "! More than one host key found?"
- # FIXME: recommend a way to resolve this
- problemsfound=$(($problemsfound+1))
-else
- create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
- expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
- fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:)
+ create=$(echo "$certinfo" | grep ^pub: | cut -f6 -d:)
+ expire=$(echo "$certinfo" | grep ^pub: | cut -f7 -d:)
# check for key expiration:
if [ "$expire" ]; then
- if (( "$expire" < "$curdate" )); then
- echo "! Host key is expired."
- echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'"
- problemsfound=$(($problemsfound+1))
- elif (( "$expire" < "$warndate" )); then
- echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
- echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'"
- problemsfound=$(($problemsfound+1))
+ if (( "$expire" < "$MHD_CURDATE" )); then
+ printf "! Host key 0x%s is expired.\n" "$fpr"
+ printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire 0x%s'\n" "$fpr"
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1))
+ elif (( "$expire" < "$MHD_WARNDATE" )); then
+ printf "! Host key 0x%s expires in less than %s: %s\n" "$fpr" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F)
+ printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire %s'\n" "$fpr"
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1))
fi
fi
# and weirdnesses:
- if [ "$create" ] && (( "$create" > "$curdate" )); then
- echo "! Host key was created in the future(?!). Is your clock correct?"
- echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
- problemsfound=$(($problemsfound+1))
+ if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then
+ printf "! Host key 0x%s was created in the future(?!): %s. Is your clock correct?\n" "$fpr" $(date -d "1970-01-01 + $create seconds" +%F)
+ printf " - Recommendation: Check your clock (is it really %s?); use NTP?\n" $(date +%F_%T)
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1))
fi
# check for UserID expiration:
- echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
- while IFS=: read create expire uid ; do
- # FIXME: should we be doing any checking on the form
- # of the User ID? Should we be unmangling it somehow?
-
- if [ "$create" ] && (( "$create" > "$curdate" )); then
- echo "! User ID '$uid' was created in the future(?!). Is your clock correct?"
- echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
- problemsfound=$(($problemsfound+1))
- fi
- if [ "$expire" ] ; then
- if (( "$expire" < "$curdate" )); then
- echo "! User ID '$uid' is expired."
+ uiderrs=$(printf '%s\n' "$certinfo" | grep ^uid: | cut -d: -f6,7,10 | \
+ while IFS=: read -r create expire uid ; do
+ uid=$(gpg_unescape <<<"$uid")
+
+ check_service_name "$uid"
+ if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then
+ printf "! The latest self-sig on User ID '%s' was created in the future(?!): %s.\n - Is your clock correct?\n" "$uid" $(date -d "1970-01-01 + $create seconds" +%F)
+ printf " - Recommendation: Check your clock (is it really %s ?); use NTP?\n" $(date +%F_%T)
+ fi
+ if [ "$expire" ] ; then
+ if (( "$expire" < "$MHD_CURDATE" )); then
+ printf "! User ID '%s' is expired.\n" "$uid"
# FIXME: recommend a way to resolve this
- problemsfound=$(($problemsfound+1))
- elif (( "$expire" < "$warndate" )); then
- echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+ elif (( "$expire" < "$MHD_WARNDATE" )); then
+ printf "! User ID '%s' expires in less than %s: %s\n" "%s" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F)
# FIXME: recommend a way to resolve this
- problemsfound=$(($problemsfound+1))
+ fi
fi
- fi
- done
+ done)
+ errcount=$(grep -c '^!' <<<"$uiderrs") || \
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+ $errcount ))
+ printf '%s\n' "$uiderrs"
+
+
# FIXME: verify that the host key is properly published to the
# keyservers (do this with the non-privileged user)
@@ -120,11 +101,45 @@ else
# FIXME: propose adding a revoker to the host key if none exist (do we
# have a way to do that after key generation?)
-# FIXME: test (with ssh-keyscan?) that the running ssh
-# daemon is actually offering the monkeysphere host key.
+# FIXME: test (with ssh-keyscan?) that any running ssh daemon is
+# actually offering the monkeysphere host key, if such a key is
+# loaded.
+
+# FIXME: scan /proc/net/tcp and /proc/net/tcp6 to see what
+# known-crypto ports (ssh, https, imaps?, ldaps?, etc) are in use
+# locally. Propose bringing them into the monkeysphere.
+
+# FIXME: ensure that the key is of a reasonable size
+
+# FIXME: ensure that the cert has the right key usage flags
+
+# FIXME: ensure that the key doesn't match any known blacklist
+}
+
+diagnostics() {
+
+MHD_PROBLEMSFOUND=0
+
+
+if ! [ -d "$SYSDATADIR" ] ; then
+ echo "! no $SYSDATADIR directory found. Please create it."
+ exit
+fi
+if ! [ -f "$HOST_KEY_FILE" ] ; then
+ echo "No host OpenPGP certificates file found!"
+ echo " - Recommendation: run 'monkeysphere-host import-key' with a service key"
+ exit
fi
+if ! id monkeysphere >/dev/null ; then
+ echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell."
+ MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1))
+fi
+
+echo "Checking host OpenPGP certificates..."
+multi_key diagnose_key
+
# FIXME: look at the ownership/privileges of the various keyrings,
# directories housing them, etc (what should those values be? can
# we make them as minimal as possible?)
@@ -132,8 +147,8 @@ fi
# report on any cruft from old monkeysphere version
report_cruft
-if [ "$problemsfound" -gt 0 ]; then
- echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
+if [ "$MHD_PROBLEMSFOUND" -gt 0 ]; then
+ echo "When the above $MHD_PROBLEMSFOUND issue"$(if [ "$MHD_PROBLEMSFOUND" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
echo " monkeysphere-host diagnostics"
else
echo "Everything seems to be in order!"
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index f7c69c3..0f362b8 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -8,60 +8,53 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009 and are all released under the GPL,
+# They are Copyright 2008-2010 and are all released under the GPL,
# version 3 or later.
import_key() {
-local sshKeyFile
-local hostName
-local domain
-local userID
-
-sshKeyFile="$1"
-hostName="$2"
+local keyFile="$1"
+local serviceName="$2"
# check that key file specified
-if [ -z "$sshKeyFile" ] ; then
- failure "Must specify ssh key file to import, or specify '-' for stdin."
+if [ -z "$keyFile" ] ; then
+ failure "Must specify PEM-encoded key file to import, or specify '-' for stdin."
fi
# fail if hostname not specified
-if [ -z "$hostName" ] ; then
- failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
+if [ -z "$serviceName" ] ; then
+ failure "You must specify a service name for use in the OpenPGP certificate user ID."
fi
-userID="ssh://${hostName}"
+# test that a key with that user ID does not already exist
+prompt_userid_exists "$serviceName"
+
+# check that the service name is well formatted
+check_service_name "$serviceName"
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
chmod 700 "${GNUPGHOME_HOST}"
-# import ssh key to a private key
-if [ "$sshKeyFile" = '-' ] ; then
- log verbose "importing ssh key from stdin..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+# import pem-encoded key to an OpenPGP private key
+if [ "$keyFile" = '-' ] ; then
+ log verbose "importing key from stdin..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
| gpg_host --import
else
- log verbose "importing ssh key from file '$sshKeyFile'..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- <"$sshKeyFile" \
+ log verbose "importing key from file '$keyFile'..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
+ <"$keyFile" \
| gpg_host --import
fi
-# load the new host fpr into the fpr variable. this is so we can
-# create the gpg pub key file. we have to do this from the secret key
-# ring since we obviously don't have the gpg pub key file yet, since
-# that's what we're trying to produce (see below).
-load_fingerprint_secret
-
-# export to gpg public key to file
-update_gpg_pub_file
+# export to OpenPGP public key to file
+update_pgp_pub_file
log info "host key imported:"
# show info about new key
-show_key
+show_key "$serviceName"
}
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index 48e4cbb..f1c1723 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -8,23 +8,24 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009, and are all released under the GPL, version 3
-# or later.
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
-# publish server key to keyserver
+# publish keys to keyserver
publish_key() {
+local keyID="$1"
local GNUPGHOME
-if [ "$PROMPT" = "true" ] ; then
- printf "Really publish host key to $KEYSERVER? (Y/n) " >&2
+if [ "$PROMPT" != "false" ] ; then
+ printf "Really publish key '$keyID' to $KEYSERVER? (Y/n) " >&2
read OK; OK=${OK:=Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "key not published."
fi
else
- log debug "publishing key without prompting."
+ log debug "publishing key '$keyID' without prompting."
fi
# create a temporary gnupg directory from which to publish the key
@@ -35,13 +36,13 @@ chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME"
# trap to remove tmp dir if break
trap "rm -rf $GNUPGHOME" EXIT
-# import the host key into the tmp dir
+# import the key into the tmp dir
su_monkeysphere_user \
"gpg --quiet --import" <"$HOST_KEY_FILE"
-# publish host key
+# publish key
su_monkeysphere_user \
- "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'"
+ "gpg --keyserver $KEYSERVER --send-keys '0x${keyID}!'"
# remove the tmp file
trap - EXIT
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
deleted file mode 100644
index 6b80802..0000000
--- a/src/share/mh/revoke_hostname
+++ /dev/null
@@ -1,68 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host revoke-hostname subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# revoke hostname user ID from host key
-
-revoke_hostname() {
-
-local userID
-local fingerprint
-local tmpuidMatch
-local line
-local message
-local revuidCommand
-
-if [ -z "$1" ] ; then
- failure "You must specify a hostname to revoke."
-fi
-
-userID="ssh://${1}"
-
-# make sure the user ID to revoke
-find_host_userid "$userID" || \
- failure "No non-revoked user ID found matching '$userID'."
-
-if [ "$PROMPT" = "true" ] ; then
- printf "The following host key user ID will be revoked:\n %s\nAre you sure you would like to revoke this user ID? (Y/n) " "$userID" >&2
- read OK; OK=${OK:=Y}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "User ID not revoked."
- fi
-else
- log debug "revoking user ID without prompting."
-fi
-
-# actually revoke:
-
-# the gpg secring might not contain the host key we are trying to
-# revoke (let alone any selfsig over that host key), but the plain
-# --export won't contain the secret key. "keytrans revokeuserid"
-# needs access to both pieces, so we feed it both of them.
-
-if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \
- "$SYSSHAREDIR/keytrans" revokeuserid \
- "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
- gpg_host --check-trustdb
-
- update_gpg_pub_file
-
- show_key
-
- echo
- echo "NOTE: User ID revoked, but revocation not published."
- echo "Run '$PGRM publish-key' to publish the revocation."
-else
- failure "Problem revoking user ID."
-fi
-
-}
diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key
index 5460e51..5a013e0 100644
--- a/src/share/mh/revoke_key
+++ b/src/share/mh/revoke_key
@@ -8,23 +8,24 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009, and are all released under the GPL,
+# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.
# revoke host key
revoke_key() {
-# Coming in here, we expect $HOST_FINGERPRINT to be set, and we
-# believe that there is in fact a key.
+ local keyID
+ local publish
+
+ keyID=$(check_key_input "$@")
if [ "$PROMPT" = "false" ] ; then
publish=N
else
cat <<EOF >&2
-This will generate a revocation certificate for your host key
-(fingerprint: $HOST_FINGERPRINT) and
-dump the certificate to standard output.
+This will generate a revocation certificate for key $keyID
+and dump the certificate to standard output.
It can also directly publish the new revocation certificate
to the public keyservers via $KEYSERVER if you want it to.
@@ -65,14 +66,13 @@ Monkeysphere host key revocation (automated) $(date '+%F_%T%z')
y
"
- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \
+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \
|| failure "Failed to generate revocation certificate!"
-
else
# note: we're not using the gpg_host function because we actually
# want to use gpg's UI in this case, so we want to omit --no-tty
- revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \
+ revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \
|| failure "Failed to generate revocation certificate!"
fi
diff --git a/src/share/mh/revoke_name b/src/share/mh/revoke_name
new file mode 100644
index 0000000..532cb30
--- /dev/null
+++ b/src/share/mh/revoke_name
@@ -0,0 +1,72 @@
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere host revoke-hostname subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
+
+# revoke service name user ID from host key
+
+revoke_name() {
+
+local serviceName
+local keyID
+local fingerprint
+local tmpuidMatch
+local line
+local message
+local revuidCommand
+
+if [ -z "$1" ] ; then
+ failure "You must specify a service name to revoke."
+fi
+serviceName="$1"
+shift
+
+keyID=$(check_key_input "$@")
+
+# make sure the user ID to revoke exists
+check_key_userid "$keyID" "$serviceName" || \
+ failure "No non-revoked service name found matching '$serviceName'."
+
+if [ "$PROMPT" != "false" ] ; then
+ printf "The following service name on key '$keyID' will be revoked:\n %s\nAre you sure you would like to revoke this service name? (Y/n) " "$serviceName" >&2
+ read OK; OK=${OK:=Y}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "User ID not revoked."
+ fi
+else
+ log debug "revoking service name without prompting."
+fi
+
+# actually revoke:
+
+# the gpg secring might not contain the host key we are trying to
+# revoke (let alone any selfsig over that host key), but the plain
+# --export won't contain the secret key. "keytrans revokeuserid"
+# needs access to both pieces, so we feed it both of them.
+
+if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$keyID") \
+ | "$SYSSHAREDIR/keytrans" revokeuserid "$keyID" "$serviceName" \
+ | gpg_host --import ; then
+
+ gpg_host --check-trustdb
+
+ update_pgp_pub_file
+
+ show_key "$keyID"
+
+ echo
+ echo "NOTE: Service name revoked, but revocation not published."
+ echo "Run '$PGRM publish-key' to publish the revocation."
+else
+ failure "Problem revoking service name."
+fi
+
+}
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 9889e76..68a8dfd 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -11,18 +11,32 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009, and are all released under the GPL,
+# They are Copyright 2008-2010, and are all released under the GPL,
# version 3 or later.
set_expire() {
-local extendTo
+local extendBy
+local keyID
+
+if [ -z "$1" ] ; then
+ cat <<EOF >&2
+Must specify expiration. The possibilities are:
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+EOF
+ failure
+fi
+extendBy="$1"
+shift
-# get the new expiration date
-extendTo=$(get_gpg_expiration "$1")
+keyID=$(check_key_input "$@")
-if [ "$PROMPT" = "true" ] ; then
- printf "Are you sure you want to change the expiration on the host key to '%s'? (Y/n) " "$extendTo" >&2
+if [ "$PROMPT" != "false" ] ; then
+ printf "Are you sure you want to change the expiration on key '$keyID' by '%s'? (Y/n) " "$extendBy" >&2
read OK; OK=${OK:-Y}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "expiration not set."
@@ -31,18 +45,18 @@ else
log debug "extending without prompting."
fi
-log info "setting host key expiration to ${extendTo}."
+log info "setting key expiration to ${extendBy}."
-log debug "executing host expire script..."
-gpg_host_edit expire <<EOF
-$extendTo
+log debug "executing key expire script..."
+gpg_host_edit "0x${keyID}!" expire <<EOF
+$extendBy
save
EOF
-update_gpg_pub_file
+update_pgp_pub_file
log info <<EOF
-NOTE: Host key expiration date adjusted, but not yet published.
+NOTE: Key expiration date adjusted, but not yet published.
Run '$PGRM publish-key' to publish the new expiration date.
EOF