diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common | 22 | ||||
| -rwxr-xr-x | src/monkeysphere | 8 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 14 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 14 |
4 files changed, 29 insertions, 29 deletions
@@ -42,7 +42,7 @@ log() { # list in decreasing verbosity (all caps). # separate with $IFS explicitly, since we do some fancy footwork # elsewhere. - alllevels="DEBUG${IFS}INFO${IFS}ERROR" + alllevels="DEBUG${IFS}VERBOSE${IFS}INFO${IFS}ERROR" # translate lowers to uppers in global log level LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]") @@ -485,7 +485,7 @@ process_user_id() { # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then - log info " no primary keys found." + log verbose " no primary keys found." return 1 fi @@ -502,7 +502,7 @@ process_user_id() { lastKeyOK= fingerprint= - log info " primary key found: $keyid" + log verbose " primary key found: $keyid" # if overall key is not valid, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then @@ -551,7 +551,7 @@ process_user_id() { # output a line for the primary key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log info " * acceptable primary key." + log verbose " * acceptable primary key." if [ -z "$sshKey" ] ; then log error " ! primary key could not be translated (not RSA or DSA?)." else @@ -607,7 +607,7 @@ process_user_id() { # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log info " * acceptable sub key." + log verbose " * acceptable sub key." if [ -z "$sshKey" ] ; then log error " ! sub key could not be translated (not RSA or DSA?)." else @@ -642,7 +642,7 @@ process_host_known_hosts() { host="$1" userID="ssh://${host}" - log info "processing: $host" + log verbose "processing: $host" nKeys=0 nKeysOK=0 @@ -743,7 +743,7 @@ update_known_hosts() { # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then - log info "known_hosts file updated." + log verbose "known_hosts file updated." fi # if an acceptable host was found, return 0 @@ -766,7 +766,7 @@ update_known_hosts() { process_known_hosts() { local hosts - log info "processing known_hosts file..." + log verbose "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -791,7 +791,7 @@ process_uid_authorized_keys() { userID="$1" - log info "processing: $userID" + log verbose "processing: $userID" nKeys=0 nKeysOK=0 @@ -886,7 +886,7 @@ update_authorized_keys() { # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then - log info "authorized_keys file updated." + log verbose "authorized_keys file updated." fi # if an acceptable id was found, return 0 @@ -913,7 +913,7 @@ process_authorized_user_ids() { authorizedUserIDs="$1" - log info "processing authorized_user_ids file..." + log verbose "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then log error "no user IDs to process." diff --git a/src/monkeysphere b/src/monkeysphere index b0003fc..471da20 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -93,7 +93,7 @@ gen_subkey(){ if [ -z "$1" ] ; then # find all secret keys - keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u) # if multiple sec keys exist, fail if (( $(echo "$keyID" | wc -l) > 1 )) ; then echo "Multiple secret keys found:" @@ -115,7 +115,7 @@ key before joining the monkeysphere. You can do this with: # fail if multiple sec lines are returned, which means the id # given is not unique - if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then + if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then failure "Key ID '$keyID' is not unique." fi @@ -146,7 +146,7 @@ save EOF ) - log info "generating subkey..." + log verbose "generating subkey..." fifoDir=$(mktemp -d) (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & @@ -155,7 +155,7 @@ EOF rm -rf "$fifoDir" wait - log info "done." + log verbose "done." } function subkey_to_ssh_agent() { diff --git a/src/monkeysphere-server b/src/monkeysphere-server index ad94786..4c7df19 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -157,7 +157,7 @@ update_users() { for uname in $unames ; do # check all specified users exist if ! getent passwd "$uname" >/dev/null ; then - log info "----- unknown user '$uname' -----" + log error "----- unknown user '$uname' -----" continue fi @@ -173,17 +173,17 @@ update_users() { fi fi - log info "----- user: $uname -----" + log verbose "----- user: $uname -----" # exit if the authorized_user_ids file is empty if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then - log error "Improper permissions on authorized_user_ids file path." + log error "Improper permissions on path '$AUTHORIZED_USER_IDS'." continue fi # check permissions on the authorized_keys file path if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then - log error "Improper permissions on authorized_keys file path path." + log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'." continue fi @@ -227,7 +227,7 @@ update_users() { # add user-controlled authorized_keys file path if specified if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then - log info "adding raw authorized_keys file... " + log verbose "adding raw authorized_keys file... " cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" fi @@ -346,7 +346,7 @@ EOF EOF ) - log info "generating server key..." + log verbose "generating server key..." echo "$keyParameters" | gpg_host --batch --gen-key # output the server fingerprint @@ -356,7 +356,7 @@ EOF fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring - log info "setting ultimate owner trust for server key..." + log verbose "setting ultimate owner trust for server key..." echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # translate the private key to ssh format, and export to a file diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index cc81020..a7b87ca 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -14,10 +14,6 @@ # ProxyCommand monkeysphere-ssh-proxycommand %h %p ######################################################################## -SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} -. "${SHARE}/common" || exit 1 - -######################################################################## usage() { cat <<EOF >&2 @@ -38,8 +34,6 @@ fi HOST="$1" PORT="$2" -MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"} - if [ -z "$HOST" ] ; then echo "Host not specified." >&2 usage @@ -57,6 +51,12 @@ else fi URI="ssh://${HOSTP}" +# specify keyserver checking. the behavior of this proxy command is +# intentionally different than that of running monkeyesphere normally, +# and keyserver checking is intentionally done under certain +# circumstances. This can be overridden by setting the +# MONKEYSPHERE_CHECK_KEYSERVER environment variable. + # if the host is in the gpg keyring... if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver @@ -81,7 +81,7 @@ else CHECK_KEYSERVER="true" fi fi - +# set and export the variable for use by monkeysphere MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} export MONKEYSPHERE_CHECK_KEYSERVER |