summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-01-02genericized x509 certificate generation -- now works for any service, not ↵Daniel Kahn Gillmor
just https (invoke it like "make-x509-certreqs imap" for imap:// keys, etc)
2010-12-21avoid problems with filenames containing regexp special characters.Jamie McClelland
2010-12-21On dkg's suggestion, using hash index as more elegant way to ensureJamie McClelland
we don't repeat users.
2010-12-21Tracking users while generating watch list is more reliableJamie McClelland
way to ensure m-a u is executed on the right users.
2010-12-20adding some comments/concerns about the current monkeysphere-monitor-keys ↵Daniel Kahn Gillmor
implementation
2010-12-20added example script to auto-generate X.509 certificate requests with the ↵Daniel Kahn Gillmor
PGPExtension embedded in them from https monkeysphere-host keys.
2010-12-20update debug to use printf and always emit newlines; use warnings;Daniel Kahn Gillmor
2010-12-20whitespace, simple style cleanupDaniel Kahn Gillmor
2010-12-20Merge remote branch 'jamie/master'Daniel Kahn Gillmor
2010-12-20keytrans: avoid confusing user IDs across different keys (closes MS # 2682)Daniel Kahn Gillmor
2010-12-20Comments at top now contains more concrete explanation of howJamie McClelland
the script works. Location of key files to monitor is more configurable by the sys admin. All changed files treated the same for simplicity. Added debug mode.
2010-12-20more precise description of file::ChangeNotify's behaviorJamie McClelland
with regard to different operating systems. And, monitoring /etc/passwd is not recommended, so removed from description.
2010-12-19first attempt at closing #499 (changes to user authorized_keys files notJamie McClelland
immediately incorporated)
2010-11-13update changelogJameson Rollins
2010-11-13If for whatever reason the primary UID comes up empty, give the injected ↵Daniel Kahn Gillmor
subkey a reasonable name instead of the empty string
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-11-13avoid using the running MSVA from the user during the testsDaniel Kahn Gillmor
2010-10-30update upstream changelogJameson Rollins
2010-10-30clean up ssh_proxycommand function (no functional change)Jameson Rollins
2010-10-30break out proxy command validation code into it's own function (no ↵Jameson Rollins
functional change)
2010-10-30improve debug outputJameson Rollins
2010-10-30fix variable declarations in update_known_hostsJameson Rollins
2010-10-30catch return for grep in remove_line, for case where grep -v returns nothing ↵Jameson Rollins
(e.g. only line in file is removed)
2010-10-29fix ssh_proxycommand marginal uiJameson Rollins
After the last big code cleanup, the bookkeeping of numbers of processed/valid keys was removed. This was done because most things don't use that info, and it was confusing return codes of top-level functions. The one thing that did use that, though, was the ssh_proxycommand. We fix this by using a global variable to keep track of the number of processed and valid keys. The proxy command can now easily determine when it should output it's marginal ui block.
2010-10-29fix variable declaration (leftover from break out of touch_key_file_or_fail)Jameson Rollins
2010-10-29consolidate and simplify printing of key lines in process_keys_for_fileJameson Rollins
also move hashing of known_hosts lines into ssh2known_hosts function
2010-10-27remove reference to USE_VALIDATION_AGENT (the usage was incorrect as well)Jameson Rollins
2010-10-27fix label in upstream changelogJameson Rollins
2010-10-26finalize changelog for 0.34 releaseJameson Rollins
2010-10-26add note about CHECK_KEYSERVER var in msph-auth man pageJameson Rollins
2010-10-25ensure that we only remove fully-matching lines once we have found themDaniel Kahn Gillmor
2010-10-24back to using grep fixed-string matching when removing key linesJameson Rollins
This method uses grep -F to find the full line to match, and then second call to grep -v -F to actually remove the line. For known_hosts, we use two piped grep -F calls. No rexexp are used, and only one extra call to grep is required for known_hosts line removal. There is still an issue here about sub-string matches, but there is at least no regression over early versions.
2010-10-24don't fail if authorized_keys file not presentJameson Rollins
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
2010-10-22tweak log levels and messages in ma/update_usersJameson Rollins
2010-10-19fix remove_line function to not use fixed string checking, and to mv -f the ↵Jameson Rollins
tmp file into place
2010-10-18fix remove_monkeysphere_lines function to just read from stdin and write to ↵Jameson Rollins
stdout
2010-10-18fix update_known_hosts to create proper initial temp fileJameson Rollins
2010-10-18fix back to integer indexing in process_authorized_user_idsJameson Rollins
2010-10-18cleanup update_known_hostsJameson Rollins
* don't update if unchanged * proper trap setting * cleanup comments
2010-10-18fix up update_authorized_keysJameson Rollins
* better trap handling * don't update file if unchanged * clean up comments
2010-10-18fix process_keys_for_file so that it can accept '-' as a file, and send ↵Jameson Rollins
output to stdout.
2010-10-18update changelogJameson Rollins
2010-10-18Simplification/refactoring of key/file processingJameson Rollins
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing.
2010-10-18fix test for keys-for-userJameson Rollins
2010-10-18add check for argument in keys-for-userJameson Rollins
2010-10-17fixed bug in remove_monkeysphere_lines functionJameson Rollins
it was matching MonkeySphere strings as full lines and therefore not actually removing monkeysphere lines. I'm not sure exactly why, upon further consideration, why we actually need to be removing all monkeysphere lines in update_authorized_keys.
2010-10-17fix changelogJameson Rollins
2010-10-17remove unneccessary export of TMP_AUTHORIZED_USER_IDSJameson Rollins
2010-10-17fix keys-for-userJameson Rollins
This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it.
2010-10-17add missing CHECK_KEYSERVER config in skeleton monkeysphere-authentication.confJameson Rollins