diff options
Diffstat (limited to 'src/share')
-rw-r--r-- | src/share/common | 1 | ||||
-rw-r--r-- | src/share/m/gen_subkey | 85 | ||||
-rw-r--r-- | src/share/m/import_subkey | 65 | ||||
-rw-r--r-- | src/share/m/ssh_proxycommand | 6 | ||||
-rw-r--r-- | src/share/m/subkey_to_ssh_agent | 13 | ||||
-rw-r--r-- | src/share/ma/add_certifier | 43 | ||||
-rw-r--r-- | src/share/ma/setup | 2 | ||||
-rw-r--r-- | src/share/mh/add_revoker | 66 | ||||
-rw-r--r-- | src/share/mh/import_key | 9 | ||||
-rw-r--r-- | src/share/mh/publish_key | 2 |
10 files changed, 144 insertions, 148 deletions
diff --git a/src/share/common b/src/share/common index d151e85..653d58b 100644 --- a/src/share/common +++ b/src/share/common @@ -1153,7 +1153,6 @@ process_authorized_user_ids() { # takes a gpg key or keys on stdin, and outputs a list of # fingerprints, one per line: list_primary_fingerprints() { - local file="$1" local fake=$(msmktempdir) GNUPGHOME="$fake" gpg --no-tty --quiet --import GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index d926ad5..dbd9dd6 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -15,10 +15,10 @@ gen_subkey(){ local keyLength - local keyExpire + local gpgSecOut local keyID - local gpgOut - local userID + local editCommands + local fifoDir # get options while true ; do @@ -27,10 +27,6 @@ gen_subkey(){ keyLength="$2" shift 2 ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -41,67 +37,11 @@ Type '$PGRM help' for usage." esac done - case "$#" in - 0) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') - ;; - 1) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure - ;; - *) - failure "You must specify only a single primary key ID." - ;; - esac - - # check that only a single secret key was found - case $(echo "$gpgSecOut" | grep -c '^sec:') in - 0) - failure "No secret keys found. Create an OpenPGP key with the following command: - gpg --gen-key" - ;; - 1) - keyID=$(echo "$gpgSecOut" | cut -d: -f5) - ;; - *) - echo "Multiple primary secret keys found:" - echo "$gpgSecOut" | cut -d: -f5 - failure "Please specify which primary key to use." - ;; - esac + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") - # check that a valid authentication key does not already exist - IFS=$'\n' - for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do - type=$(echo "$line" | cut -d: -f1) - validity=$(echo "$line" | cut -d: -f2) - usage=$(echo "$line" | cut -d: -f12) - - # look at keys only - if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then - continue - fi - # check for authentication capability - if ! check_capability "$usage" 'a' ; then - continue - fi - # if authentication key is valid, prompt to continue - if [ "$validity" = 'u' ] ; then - log error "A valid authentication key already exists for primary key '$keyID'." - if [ "$PROMPT" = "true" ] ; then - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "aborting." - fi - break - else - failure "aborting." - fi - fi - done - - # set subkey defaults - # prompt about key expiration if not specified - keyExpire=$(get_gpg_expiration "$keyExpire") + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" # generate the list of commands that will be passed to edit-key editCommands=$(cat <<EOF @@ -112,19 +52,24 @@ E A Q $keyLength -$keyExpire +0 save EOF ) - log verbose "generating subkey..." + # setup the temp fifo dir for retrieving the key password + log debug "creating password fifo..." fifoDir=$(msmktempdir) + trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + + log verbose "generating subkey..." + echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + trap - EXIT rm -rf "$fifoDir" wait log verbose "done." diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index 8b04456..7333f80 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -14,40 +14,49 @@ # import an existing ssh key as a gpg subkey import_subkey() { - local keyFile="~/.ssh/id_rsa" - local keyExpire + local sshKeyFile local keyID - local gpgOut - local userID - - # get options - while true ; do - case "$1" in - -f|--keyfile) - keyFile="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - break - ;; - esac - done - - log verbose "importing ssh key..." + local gpgSecOut + local fifoDir + + # FIXME: implement! + failure "implement me!" + + sshKeyFile="$1" + shift + + # check that key file specified + if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." + fi + + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") + + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" + + # setup the temp fifo dir for retrieving the key password + log debug "creating password fifo..." fifoDir=$(msmktempdir) + trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + # import ssh key to as authentication subkey + if [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$sshKeyFile" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + fi + + # get the password if needed passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + trap - EXIT rm -rf "$fifoDir" wait log verbose "done." diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 0a81500..bd09588 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -43,7 +43,7 @@ EOF # found? # get the gpg info for userid - gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ + gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) @@ -71,7 +71,7 @@ EOF rm -f "$sshKeyGPGFile" # get the sigs for the matching key - gpgSigOut=$(gpg --check-sigs \ + gpgSigOut=$(gpg_user --check-sigs \ --list-options show-uid-validity \ "$keyid") @@ -171,7 +171,7 @@ URI="ssh://${HOSTP}" # CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... -if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then +if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index a92718e..818f4f7 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -46,7 +46,8 @@ For more details, see: # get list of secret keys (to work around bug # https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + secretkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint | \ grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then @@ -54,7 +55,7 @@ For more details, see: You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + authsubkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ --fingerprint --fingerprint $secretkeys | \ cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ grep '^fpr::' | cut -f3 -d: | sort -u) @@ -65,6 +66,7 @@ You might want to 'monkeysphere gen-subkey'" fi workingdir=$(msmktempdir) + trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 @@ -79,19 +81,19 @@ You might want to 'monkeysphere gen-subkey'" # fingerprint, but filtering out all / characters to make sure # the filename is legit. - primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) + primaryuid=$(gpg_user --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) #kname="[monkeysphere] $primaryuid" kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: - gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" + gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" (cd "$workingdir" && ssh-add -d "$kname") else # we're adding the subkey: mkfifo "$workingdir/$kname" - gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \ + gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )& @@ -104,6 +106,7 @@ You might want to 'monkeysphere gen-subkey'" rm -f "$workingdir/$kname" done + trap - EXIT rm -rf "$workingdir" # FIXME: sort out the return values: we're just returning the diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index bd41f23..e2df1d3 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -51,6 +51,9 @@ while true ; do depth="$2" shift 2 ;; + -) + break + ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -62,30 +65,48 @@ Type '$PGRM help' for usage." done keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - fingerprints=$(su_monkeysphere_user \ +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") - if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi - gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + # load the key + gpg_sphere "--import" <"$keyID" \ + || failure "could not read key from '$keyID'" + + keyID="$fingerprint" - keyID="$fingerprints" +# else, get the key from the keyserver else - # get the key from the key server - log debug "retrieving key from keyserver..." - gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi -export keyID - # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ diff --git a/src/share/ma/setup b/src/share/ma/setup index 8929871..e77afff 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -13,7 +13,7 @@ setup() { # make all needed directories - log debug "make authentication directory structure..." + log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" chmod 0750 "${MADATADIR}" chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 21dc0bb..2275f61 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -25,48 +25,62 @@ local ltsignCommand local trustval keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a revoker key, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - importinfo=$(gpg_host --import < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." + fingerprint=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + # load the key + gpg_host --import <"$keyID" \ + || failure "could not read key from '$keyID'" + + keyID="$fingerprint" + +# else, get the key from the keyserver else # create a temporary directory for storing the downloaded key - TMPLOC=$(msmktempdir) || failure "Could not create temporary directory!" + local TMPLOC=$(msmktempdir) + chmod 0700 "$GNUPGHOME" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # download the key from the keyserver as the monkeysphere user + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" + "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." # export the new key to the host keyring + log verbose "loading key $keyID..." su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ | gpg_host --import fi -export keyID - -# get the full fingerprint of the revoker key ID +# get the full fingerprint of new revoker key +log debug "getting fingerprint of revoker key..." fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 6394ad7..040b41c 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -21,6 +21,11 @@ local userID sshKeyFile="$1" hostName="$2" +# check that key file specified +if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." +fi + # use the default hostname if not specified if [ -z "$hostName" ] ; then hostName=$(hostname -f) || failure "Could not determine hostname." @@ -45,9 +50,7 @@ mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" # import ssh key to a private key -if [ -z "$sshKeyFile" ] ; then - failure "Must specify ssh key file to import, or specify '-' for stdin." -elif [ "$sshKeyFile" = '-' ] ; then +if [ "$sshKeyFile" = '-' ] ; then log verbose "importing ssh key from stdin..." PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ | gpg_host --import diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 05faa0b..b0ffd93 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -28,6 +28,8 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) +chmod 0700 "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT |