diff options
Diffstat (limited to 'src/share')
| -rw-r--r-- | src/share/common | 110 | ||||
| -rw-r--r-- | src/share/m/gen_subkey | 83 | ||||
| -rw-r--r-- | src/share/m/import_subkey | 72 | ||||
| -rw-r--r-- | src/share/m/ssh_proxycommand | 39 | ||||
| -rw-r--r-- | src/share/m/subkey_to_ssh_agent | 15 | ||||
| -rw-r--r-- | src/share/ma/add_certifier | 125 | ||||
| -rw-r--r-- | src/share/ma/diagnostics | 18 | ||||
| -rw-r--r-- | src/share/ma/list_certifiers | 1 | ||||
| -rw-r--r-- | src/share/ma/remove_certifier | 2 | ||||
| -rw-r--r-- | src/share/ma/setup | 27 | ||||
| -rw-r--r-- | src/share/ma/update_users | 2 | ||||
| -rw-r--r-- | src/share/mh/add_hostname | 4 | ||||
| -rw-r--r-- | src/share/mh/add_revoker | 132 | ||||
| -rw-r--r-- | src/share/mh/diagnostics | 37 | ||||
| -rw-r--r-- | src/share/mh/import_key | 27 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 8 | ||||
| -rw-r--r-- | src/share/mh/revoke_hostname | 6 | ||||
| -rw-r--r-- | src/share/mh/revoke_key | 28 | ||||
| -rw-r--r-- | src/share/mh/set_expire | 2 |
19 files changed, 426 insertions, 312 deletions
diff --git a/src/share/common b/src/share/common index 4120259..653d58b 100644 --- a/src/share/common +++ b/src/share/common @@ -8,7 +8,7 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# Copyright 2008, released under the GPL, version 3 or later +# Copyright 2008-2009, released under the GPL, version 3 or later # all-caps variables are meant to be user supplied (ie. from config # file) and are considered global @@ -21,7 +21,22 @@ SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} export SYSCONFIGDIR # monkeysphere version -VERSION=__VERSION__ +VERSION=0.23~pre + +# default log level +LOG_LEVEL="INFO" + +# default keyserver +KEYSERVER="pool.sks-keyservers.net" + +# whether or not to check keyservers by defaul +CHECK_KEYSERVER="true" + +# default monkeysphere user +MONKEYSPHERE_USER="monkeysphere" + +# default about whether or not to prompt +PROMPT="true" ######################################################################## ### UTILITY FUNCTIONS @@ -134,6 +149,16 @@ cutline() { head --line="$1" "$2" | tail -1 } +# make a temporary directory +msmktempdir() { + mktemp -d ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX +} + +# make a temporary file +msmktempfile() { + mktemp ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX +} + # this is a wrapper for doing lock functions. # # it lets us depend on either lockfile-progs (preferred) or procmail's @@ -271,7 +296,7 @@ get_gpg_expiration() { keyExpire="$1" - if [ -z "$keyExpire" ]; then + if [ -z "$keyExpire" -a "$PROMPT" = 'true' ]; then cat >&2 <<EOF Please specify how long the key should be valid. 0 = key does not expire @@ -795,6 +820,9 @@ process_host_known_hosts() { local sshKey local tmpfile + # set the key processing mode + export MODE='known_hosts' + host="$1" userID="ssh://${host}" @@ -874,6 +902,13 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 + # touch the known_hosts file so that the file permission check + # below won't fail upon not finding the file + (umask 0022 && touch "$KNOWN_HOSTS") + + # check permissions on the known_hosts file path + check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure + # create a lockfile on known_hosts: lock create "$KNOWN_HOSTS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -928,6 +963,11 @@ update_known_hosts() { process_known_hosts() { local hosts + # exit if the known_hosts file does not exist + if [ ! -e "$KNOWN_HOSTS" ] ; then + failure "known_hosts file '$KNOWN_HOSTS' does not exist." + fi + log debug "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -951,6 +991,9 @@ process_uid_authorized_keys() { local ok local sshKey + # set the key processing mode + export MODE='authorized_keys' + userID="$1" log verbose "processing: $userID" @@ -1012,6 +1055,9 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 + # check permissions on the authorized_keys file path + check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure + # create a lockfile on authorized_keys lock create "$AUTHORIZED_KEYS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -1077,6 +1123,14 @@ process_authorized_user_ids() { authorizedUserIDs="$1" + # exit if the authorized_user_ids file is empty + if [ ! -e "$authorizedUserIDs" ] ; then + failure "authorized_user_ids file '$authorizedUserIDs' does not exist." + fi + + # check permissions on the authorized_user_ids file path + check_key_file_permissions "$USER" "$authorizedUserIDs" || failure + log debug "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then @@ -1095,3 +1149,53 @@ process_authorized_user_ids() { update_authorized_keys "${userIDs[@]}" } + +# takes a gpg key or keys on stdin, and outputs a list of +# fingerprints, one per line: +list_primary_fingerprints() { + local fake=$(msmktempdir) + GNUPGHOME="$fake" gpg --no-tty --quiet --import + GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ + awk -F: '/^fpr:/{ print $10 }' + rm -rf "$fake" +} + + +check_cruft_file() { + local loc="$1" + local version="$2" + + if [ -e "$loc" ] ; then + printf "! The file '%s' is no longer used by\n monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info + fi +} + +check_upgrade_dir() { + local loc="$1" + local version="$2" + + if [ -d "$loc" ] ; then + printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info + fi +} + +## look for cruft from old versions of the monkeysphere, and notice if +## upgrades have not been run: +report_cruft() { + check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23 + check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23 + + check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23 + check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23 + + local found= + for foo in "${SYSDATADIR}/backup-from-"*"-transition" ; do + if [ -d "$foo" ] ; then + printf "! %s\n" "$foo" | log info + found=true + fi + done + if [ "$found" ] ; then + printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info + fi +} diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index cbefaa3..dbd9dd6 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -15,10 +15,10 @@ gen_subkey(){ local keyLength - local keyExpire + local gpgSecOut local keyID - local gpgOut - local userID + local editCommands + local fifoDir # get options while true ; do @@ -27,10 +27,6 @@ gen_subkey(){ keyLength="$2" shift 2 ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -41,63 +37,11 @@ Type '$PGRM help' for usage." esac done - case "$#" in - 0) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') - ;; - 1) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure - ;; - *) - failure "You must specify only a single primary key ID." - ;; - esac - - # check that only a single secret key was found - case $(echo "$gpgSecOut" | grep -c '^sec:') in - 0) - failure "No secret keys found. Create an OpenPGP key with the following command: - gpg --gen-key" - ;; - 1) - keyID=$(echo "$gpgSecOut" | cut -d: -f5) - ;; - *) - echo "Multiple primary secret keys found:" - echo "$gpgSecOut" | cut -d: -f5 - failure "Please specify which primary key to use." - ;; - esac + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") - # check that a valid authentication key does not already exist - IFS=$'\n' - for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do - type=$(echo "$line" | cut -d: -f1) - validity=$(echo "$line" | cut -d: -f2) - usage=$(echo "$line" | cut -d: -f12) - - # look at keys only - if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then - continue - fi - # check for authentication capability - if ! check_capability "$usage" 'a' ; then - continue - fi - # if authentication key is valid, prompt to continue - if [ "$validity" = 'u' ] ; then - echo "A valid authentication key already exists for primary key '$keyID'." - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "aborting." - fi - break - fi - done - - # set subkey defaults - # prompt about key expiration if not specified - keyExpire=$(get_gpg_expiration "$keyExpire") + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" # generate the list of commands that will be passed to edit-key editCommands=$(cat <<EOF @@ -108,19 +52,24 @@ E A Q $keyLength -$keyExpire +0 save EOF ) - log verbose "generating subkey..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + # setup the temp fifo dir for retrieving the key password + log debug "creating password fifo..." + fifoDir=$(msmktempdir) + trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + + log verbose "generating subkey..." + echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + trap - EXIT rm -rf "$fifoDir" wait log verbose "done." diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index aa89958..8d60f26 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -13,41 +13,55 @@ # import an existing ssh key as a gpg subkey +## 2009-02-20 00:49:11-0500: This is not implemented yet, because we +## don't currently have a good way to manipulate the user's OpenPGP +## secret key such that we could make a proper subkey binding +## signature. + import_subkey() { - local keyFile="~/.ssh/id_rsa" - local keyExpire + local sshKeyFile local keyID - local gpgOut - local userID - - # get options - while true ; do - case "$1" in - -f|--keyfile) - keyFile="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - break - ;; - esac - done - - log verbose "importing ssh key..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + local gpgSecOut + local fifoDir + + # FIXME: implement! + failure "import-subkey is not implemented yet. We welcome patches. Sorry!" + + sshKeyFile="$1" + shift + + # check that key file specified + if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." + fi + + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") + + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" + + # setup the temp fifo dir for retrieving the key password + log debug "creating password fifo..." + fifoDir=$(msmktempdir) + trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + # import ssh key to as authentication subkey + if [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$sshKeyFile" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + fi + + # get the password if needed passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + trap - EXIT rm -rf "$fifoDir" wait log verbose "done." diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index cd0a1fb..bd09588 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -15,8 +15,6 @@ # established. Can be added to ~/.ssh/config as follows: # ProxyCommand monkeysphere ssh-proxycommand %h %p -ssh_proxycommand() { - # "marginal case" ouput in the case that there is not a full # validation path to the host output_no_valid_key() { @@ -45,7 +43,7 @@ EOF # found? # get the gpg info for userid - gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ + gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) @@ -66,14 +64,14 @@ An OpenPGP key matching the ssh key offered by the host was found: EOF - # do some crazy "Here Strings" redirection to get the key to - # ssh-keygen, since it doesn't read from stdin cleanly - sshFingerprint=$(ssh-keygen -l -f /dev/stdin \ - <<<$(echo "$sshKeyGPG") | \ + sshKeyGPGFile=$(msmktempfile) + printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile" + sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \ awk '{ print $2 }') + rm -f "$sshKeyGPGFile" # get the sigs for the matching key - gpgSigOut=$(gpg --check-sigs \ + gpgSigOut=$(gpg_user --check-sigs \ --list-options show-uid-validity \ "$keyid") @@ -136,10 +134,9 @@ EOF EOF } -######################################################################## -# export the monkeysphere log level -export MONKEYSPHERE_LOG_LEVEL +# the ssh proxycommand function itself +ssh_proxycommand() { if [ "$1" = '--no-connect' ] ; then NO_CONNECT='true' @@ -170,12 +167,13 @@ URI="ssh://${HOSTP}" # intentionally different than that of running monkeyesphere normally, # and keyserver checking is intentionally done under certain # circumstances. This can be overridden by setting the -# MONKEYSPHERE_CHECK_KEYSERVER environment variable. +# MONKEYSPHERE_CHECK_KEYSERVER environment variable, or by setting the +# CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... -if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then +if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver - CHECK_KEYSERVER="false" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} # if the host is NOT in the keyring... else @@ -188,20 +186,21 @@ else # FIXME: more nuanced checking should be done here to properly # take into consideration hosts that join monkeysphere by # converting an existing and known ssh key - CHECK_KEYSERVER="false" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} # if the host key is not found in the known_hosts file... else # check the keyserver - CHECK_KEYSERVER="true" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} fi fi -# set and export the variable for use by monkeysphere -MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} -export MONKEYSPHERE_CHECK_KEYSERVER + +# finally look in the MONKEYSPHERE_ environment variable for a +# CHECK_KEYSERVER setting to override all else +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} # update the known_hosts file for the host -monkeysphere update-known_hosts "$HOSTP" +update_known_hosts "$HOSTP" # output on depending on the return of the update-known_hosts # subcommand, which is (ultimately) the return code of the diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 012c95f..818f4f7 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -46,7 +46,8 @@ For more details, see: # get list of secret keys (to work around bug # https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + secretkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint | \ grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then @@ -54,7 +55,7 @@ For more details, see: You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + authsubkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ --fingerprint --fingerprint $secretkeys | \ cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ grep '^fpr::' | cut -f3 -d: | sort -u) @@ -64,7 +65,8 @@ You might want to run 'gpg --gen-key'." You might want to 'monkeysphere gen-subkey'" fi - workingdir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + workingdir=$(msmktempdir) + trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 @@ -79,19 +81,19 @@ You might want to 'monkeysphere gen-subkey'" # fingerprint, but filtering out all / characters to make sure # the filename is legit. - primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) + primaryuid=$(gpg_user --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) #kname="[monkeysphere] $primaryuid" kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: - gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" + gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" (cd "$workingdir" && ssh-add -d "$kname") else # we're adding the subkey: mkfifo "$workingdir/$kname" - gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \ + gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )& @@ -104,6 +106,7 @@ You might want to 'monkeysphere gen-subkey'" rm -f "$workingdir/$kname" done + trap - EXIT rm -rf "$workingdir" # FIXME: sort out the return values: we're just returning the diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index d34f0de..f2cadf2 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -31,7 +31,6 @@ local domain= local trust=full local depth=1 local keyID -local importinfo local fingerprint local ltsignCommand local trustval @@ -51,6 +50,9 @@ while true ; do depth="$2" shift 2 ;; + -) + break + ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -62,67 +64,13 @@ Type '$PGRM help' for usage." done keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then - failure "There was not exactly one gpg key in the file." - fi -else - # get the key from the key server - log debug "retrieving key from keyserver..." - gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." -fi - -export keyID - -# get the full fingerprint of new certifier key -log debug "getting fingerprint of certifier key..." -fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ - | grep '^fpr:' | grep "$keyID" | cut -d: -f10) - -if [ -z "$fingerprint" ] ; then - failure "Key '$keyID' not found." -fi - -log info "key found:" -gpg_sphere "--fingerprint 0x${fingerprint}!" - -if [ "$PROMPT" = "true" ] ; then - echo "Are you sure you want to add the above key as a" - read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Identity certifier not added." - fi -else - log debug "adding key without prompting." -fi - -# export the key to the core keyring so that the core can sign the -# new certifier key -log debug "exporting retrieved certifier key to core keyring..." -gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import +# check the trust value case "$trust" in 'marginal') trustval=1 @@ -135,6 +83,64 @@ case "$trust" in ;; esac +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + # make a temporary file to hold the key from stdin + keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." + fi + + # load the key + gpg_sphere "--import" <"$keyID" \ + || failure "could not read key from '$keyID'" + +# else, get the key from the keyserver +else + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + + # get the full fingerprint of new certifier key + log debug "getting fingerprint of certifier key..." + fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + + log info "key found:" + gpg_sphere "--fingerprint 0x${fingerprint}!" + + if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Identity certifier not added." + fi + else + log debug "adding key without prompting." + fi +fi + +# export the key to the core keyring so that the core can sign the +# new certifier key +log debug "loading key into core keyring..." +gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import + # edit-key script to ltsign key # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF @@ -151,8 +157,7 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \ - 2>&1 | log debug ; then + gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 0411080..ce463b2 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -28,6 +28,8 @@ local badhostkeys local sshd_config local problemsfound=0 +report_cruft + if ! id monkeysphere >/dev/null ; then echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." problemsfound=$(($problemsfound+1)) @@ -45,7 +47,10 @@ if ! [ -d "$MADATADIR" ] ; then exit fi -# FIXME: what's the correct, cross-platform answer? +# FIXME: what's the correct, cross-platform way to determine where +# sshd_config lives? +sshd_config=/etc/ssh/sshd_config + seckey=$(gpg_core --list-secret-keys --fingerprint --with-colons --fixed-list-mode) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -95,7 +100,16 @@ fi # FIXME: look to see that the ownertrust rules are set properly on the # sphere keyring -# FIXME: make sure that at least one identity certifier exists +# make sure that at least one identity certifier exists +echo +echo "Checking for Identity Certifiers..." +if ! monkeysphere-authentication list-identity-certifiers | egrep -q '^[A-F0-9]{40}:' then + echo "! No Identity Certifiers found!" + echo " - Recommendation: once you know who should be able to certify identities for + connecting users, you should add their key, with: + monkeysphere-authentication add-identity-certifier" + problemsfound=$(($problemsfound+1)) +fi # FIXME: look at the timestamps on the monkeysphere-generated # authorized_keys files -- warn if they seem out-of-date. diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index a02487d..38a3222 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -86,5 +86,4 @@ gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ esac done - } diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 10aa67b..a9a1451 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -27,7 +27,7 @@ fi gpg_core --list-key --fingerprint "0x${keyID}!" || failure if [ "$PROMPT" = "true" ] ; then - read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} + read -p "Really remove the identity certifier above? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi diff --git a/src/share/ma/setup b/src/share/ma/setup index a17e4f2..e77afff 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -13,13 +13,18 @@ setup() { # make all needed directories + log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" + chmod 0750 "${MADATADIR}" + chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" mkdir -p "${MATMPDIR}" + chmod 0750 "${MATMPDIR}" + chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" - chmod 700 "${GNUPGHOME_CORE}" + chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" - chmod 700 "${GNUPGHOME_SPHERE}" - mkdir -p "${MADATADIR}"/authorized_keys + chmod 0700 "${GNUPGHOME_SPHERE}" + mkdir -p "${SYSDATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -29,7 +34,6 @@ setup() { # This file is maintained by the Monkeysphere software. # Edits will be overwritten. no-greeting -list-options show-uid-validity EOF log debug "writing sphere gpg.conf..." @@ -43,9 +47,8 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome - log debuf "fixing sphere gnupg home ownership..." - chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" - chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" + log debug "fixing sphere gnupg home ownership..." + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) @@ -59,7 +62,7 @@ EOF log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." PEM2OPENPGP_USAGE_FLAGS=certify \ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \ - | gpg_core --import 2>&1 | log debug \ + | gpg_core --import \ || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point @@ -75,17 +78,17 @@ EOF # export the core key to the sphere keyring log debug "exporting core pub key to sphere keyring..." - gpg_core --quiet --export | gpg_sphere "--quiet --import" + gpg_core --export | gpg_sphere "--import" # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." - printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust" + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust" gpg_sphere "--export-ownertrust" 2>&1 | log debug # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -98,7 +101,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/ma/update_users b/src/share/ma/update_users index e9e3cc6..092d108 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -35,7 +35,7 @@ MODE="authorized_keys" GNUPGHOME="$GNUPGHOME_SPHERE" # the authorized_keys directory -authorizedKeysDir="${MADATADIR}/authorized_keys" +authorizedKeysDir="${SYSDATADIR}/authorized_keys" # check to see if the gpg trust database has been initialized if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 70bbec3..0da6a06 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -34,8 +34,8 @@ find_host_userid > /dev/null && \ if [ "$PROMPT" = "true" ] ; then echo "The following user ID will be added to the host key:" echo " $userID" - read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Are you sure you would like to add this user ID? (Y/n) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "User ID not added." fi else diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index b4113df..428b958 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -15,91 +15,99 @@ add_revoker() { -local domain= -local trust=full -local depth=1 local keyID -local importinfo +local tmpDir local fingerprint -local ltsignCommand -local trustval +local addrevokerCommand keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a revoker key, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - importinfo=$(gpg_host --import < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + +# make a temporary directory for storing keys during import, and set +# the trap to delete it on exit +tmpDir=$(msmktempdir) +trap "rm -rf $tmpDir" EXIT + +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + # make a temporary file to hold the key from stdin + keyID="$tmpDir"/importkey + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + # load the key + gpg_host --import <"$keyID" \ + || failure "could not read key from '$keyID'" + +# else, get the key from the keyserver else - # create a temporary directory for storing the downloaded key - TMPLOC=$(mktemp -d "${MHTMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + # fix permissions and ownership on temporary directory which will + # be used by monkeysphere user for storing the downloaded key + chmod 0700 "$tmpDir" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir" # download the key from the keyserver as the monkeysphere user - su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!" + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + + # get the full fingerprint of new revoker key + log debug "getting fingerprint of revoker key..." + fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + + log info "key found:" + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!" + + if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "revoker of the host key? (Y/n) " OK; OK=${OK:-Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "revoker not added." + fi + else + log debug "adding revoker without prompting." + fi # export the new key to the host keyring - su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \ + log debug "loading key into host keyring..." + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \ | gpg_host --import fi -export keyID - -# get the full fingerprint of the revoker key ID -fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ - | grep '^fpr:' | grep "$keyID" | cut -d: -f10) - -if [ -z "$fingerprint" ] ; then - failure "Key '$keyID' not found." -fi - -log info "key found:" -gpg_host --fingerprint "0x${fingerprint}!" - -if [ "$PROMPT" = "true" ] ; then - echo "Are you sure you want to add the above key as a" - read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "revoker not added." - fi -else - log debug "adding revoker without prompting." -fi - # edit-key script to add revoker addrevokerCommand=$(cat <<EOF addrevoker +$fingerprint +y +save EOF ) -# FIXME: implement! -failure "not implemented yet!" - # core ltsigns the newly imported revoker key -if echo "$addrevokerCommand" | \ - gpg_core_edit ; then +log debug "executing add revoker script..." +if echo "$addrevokerCommand" | gpg_host_edit ; then update_gpg_pub_file @@ -108,4 +116,8 @@ else failure "Problem adding revoker." fi +# remove the temporary directory +trap - EXIT +rm -rf "$tmpDir" + } diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index d774723..2f65f89 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -25,11 +25,10 @@ local expire local uid local fingerprint local badhostkeys -local sshd_config local problemsfound=0 -# FIXME: what's the correct, cross-platform answer? -sshd_config=/etc/ssh/sshd_config +report_cruft + seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -50,7 +49,7 @@ fi echo "Checking host GPG key..." if (( "$keysfound" < 1 )); then echo "! No host key found." - echo " - Recommendation: run 'monkeysphere-host gen-key' or 'monkeysphere-host import-key'" + echo " - Recommendation: run 'monkeysphere-host import-key'" problemsfound=$(($problemsfound+1)) elif (( "$keysfound" > 1 )); then echo "! More than one host key found?" @@ -114,35 +113,9 @@ else # FIXME: propose adding a revoker to the host key if none exist (do we # have a way to do that after key generation?) - # Ensure that the ssh_host_rsa_key file is present and non-empty: - echo - echo "Checking host SSH key..." - if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then - echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty." - problemsfound=$(($problemsfound+1)) - else - if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then - echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600." - problemsfound=$(($problemsfound+1)) - fi +# FIXME: test (with ssh-keyscan?) that the running ssh +# daemon is actually offering the monkeysphere host key. - # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then - echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)." - echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'" - problemsfound=$(($problemsfound+1)) - fi - if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then - echo "! $sshd_config refers to some non-monkeysphere host keys:" - echo "$badhostkeys" - echo " - Recommendation: remove the above HostKey lines from $sshd_config" - problemsfound=$(($problemsfound+1)) - fi - - # FIXME: test (with ssh-keyscan?) that the running ssh - # daemon is actually offering the monkeysphere host key. - - fi fi # FIXME: look at the ownership/privileges of the various keyrings, diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 557bb7f..040b41c 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -13,15 +13,22 @@ import_key() { +local sshKeyFile local hostName local domain local userID -hostName="$1" +sshKeyFile="$1" +hostName="$2" + +# check that key file specified +if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." +fi # use the default hostname if not specified if [ -z "$hostName" ] ; then - hostName=$(hostname -f) + hostName=$(hostname -f) || failure "Could not determine hostname." # test that the domain is not obviously illegitimate domain=${foo##*.} case $domain in @@ -39,14 +46,20 @@ userID="ssh://${hostName}" # create host home mkdir -p "${MHDATADIR}" -mkdir -p "${MHTMPDIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -log verbose "importing ssh key..." -# translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import 2>&1 | log debug +# import ssh key to a private key +if [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_host --import +else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + <"$sshKeyFile" \ + | gpg_host --import +fi # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b433ad7..b0ffd93 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -18,8 +18,8 @@ publish_key() { local GNUPGHOME if [ "$PROMPT" = "true" ] ; then - read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Really publish host key to $KEYSERVER? (Y/n) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "key not published." fi else @@ -27,7 +27,9 @@ else fi # create a temporary gnupg directory from which to publish the key -export GNUPGHOME=$(mktemp -d) +export GNUPGHOME=$(msmktempdir) +chmod 0700 "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 77f1f0d..71b56ed 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -28,7 +28,7 @@ if [ -z "$1" ] ; then fi echo "WARNING: There is a known bug in this function." -echo "This function has been known to occasionally revoke the wrong user ID." +echo "This function has been known to occasionally revoke the wrong hostname." echo "Please see the following bug report for more information:" echo "https://labs.riseup.net/code/issues/show/422" read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} @@ -45,8 +45,8 @@ uidIndex=$(find_host_userid) || \ if [ "$PROMPT" = "true" ] ; then echo "The following host key user ID will be revoked:" echo " $userID" - read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Are you sure you would like to revoke this user ID? (N/y) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "User ID not revoked." fi else diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index cccdc22..380236b 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -15,7 +15,31 @@ revoke_key() { -# FIXME: implement! -failure "not implemented yet!" +# Coming in here, we expect $HOST_FINGERPRINT to be set, and we +# believe that there is in fact a key. + # our current implementation is very simple: we just want to + # generate the revocation certificate on stdout. This provides + # for the two most likely (but hopefully not common) scenarios: + + # an admin wants a revocation certificate for the host which they + # can store securely offline. In this case, the admin can + # redirect stdout to a file, or can simply copy/paste or + # transcribe from the terminal. + + # Alternately, an admin might want to publish the revocation + # certificate immediately. here's a quick way to do this: + + + # tmp=$(mktemp -d) + # export GNUPGHOME="$tmp" + # gpg --import < /var/lib/monkeysphere/ssh_host_rsa_key.pub.gpg + # monkeysphere-host revoke-key | gpg --import + # gpg --keyserver pool.sks-keyservers.net --send $(hostname -f) + + + # note: we're not using the gpg_host function because we actually + # want to use gpg's UI in this case, so we want to omit --no-tty + + GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!" } diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index ae7c13a..63e5c55 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -22,7 +22,7 @@ local extendTo extendTo=$(get_gpg_expiration "$1") if [ "$PROMPT" = "true" ] ; then - read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N} + read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "expiration not set." fi |