Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-01-02 | genericized x509 certificate generation -- now works for any service, not ↵ | Daniel Kahn Gillmor | |
just https (invoke it like "make-x509-certreqs imap" for imap:// keys, etc) | |||
2010-12-21 | avoid problems with filenames containing regexp special characters. | Jamie McClelland | |
2010-12-21 | On dkg's suggestion, using hash index as more elegant way to ensure | Jamie McClelland | |
we don't repeat users. | |||
2010-12-21 | Tracking users while generating watch list is more reliable | Jamie McClelland | |
way to ensure m-a u is executed on the right users. | |||
2010-12-20 | adding some comments/concerns about the current monkeysphere-monitor-keys ↵ | Daniel Kahn Gillmor | |
implementation | |||
2010-12-20 | added example script to auto-generate X.509 certificate requests with the ↵ | Daniel Kahn Gillmor | |
PGPExtension embedded in them from https monkeysphere-host keys. | |||
2010-12-20 | update debug to use printf and always emit newlines; use warnings; | Daniel Kahn Gillmor | |
2010-12-20 | whitespace, simple style cleanup | Daniel Kahn Gillmor | |
2010-12-20 | Merge remote branch 'jamie/master' | Daniel Kahn Gillmor | |
2010-12-20 | keytrans: avoid confusing user IDs across different keys (closes MS # 2682) | Daniel Kahn Gillmor | |
2010-12-20 | Comments at top now contains more concrete explanation of how | Jamie McClelland | |
the script works. Location of key files to monitor is more configurable by the sys admin. All changed files treated the same for simplicity. Added debug mode. | |||
2010-12-20 | more precise description of file::ChangeNotify's behavior | Jamie McClelland | |
with regard to different operating systems. And, monitoring /etc/passwd is not recommended, so removed from description. | |||
2010-12-19 | first attempt at closing #499 (changes to user authorized_keys files not | Jamie McClelland | |
immediately incorporated) | |||
2010-11-13 | update changelog | Jameson Rollins | |
2010-11-13 | If for whatever reason the primary UID comes up empty, give the injected ↵ | Daniel Kahn Gillmor | |
subkey a reasonable name instead of the empty string | |||
2010-11-13 | universalize and consolidate on --fixed-list-mode | Daniel Kahn Gillmor | |
2010-11-13 | avoid using the running MSVA from the user during the tests | Daniel Kahn Gillmor | |
2010-10-30 | update upstream changelog | Jameson Rollins | |
2010-10-30 | clean up ssh_proxycommand function (no functional change) | Jameson Rollins | |
2010-10-30 | break out proxy command validation code into it's own function (no ↵ | Jameson Rollins | |
functional change) | |||
2010-10-30 | improve debug output | Jameson Rollins | |
2010-10-30 | fix variable declarations in update_known_hosts | Jameson Rollins | |
2010-10-30 | catch return for grep in remove_line, for case where grep -v returns nothing ↵ | Jameson Rollins | |
(e.g. only line in file is removed) | |||
2010-10-29 | fix ssh_proxycommand marginal ui | Jameson Rollins | |
After the last big code cleanup, the bookkeeping of numbers of processed/valid keys was removed. This was done because most things don't use that info, and it was confusing return codes of top-level functions. The one thing that did use that, though, was the ssh_proxycommand. We fix this by using a global variable to keep track of the number of processed and valid keys. The proxy command can now easily determine when it should output it's marginal ui block. | |||
2010-10-29 | fix variable declaration (leftover from break out of touch_key_file_or_fail) | Jameson Rollins | |
2010-10-29 | consolidate and simplify printing of key lines in process_keys_for_file | Jameson Rollins | |
also move hashing of known_hosts lines into ssh2known_hosts function | |||
2010-10-27 | remove reference to USE_VALIDATION_AGENT (the usage was incorrect as well) | Jameson Rollins | |
2010-10-27 | fix label in upstream changelog | Jameson Rollins | |
2010-10-26 | finalize changelog for 0.34 release | Jameson Rollins | |
2010-10-26 | add note about CHECK_KEYSERVER var in msph-auth man page | Jameson Rollins | |
2010-10-25 | ensure that we only remove fully-matching lines once we have found them | Daniel Kahn Gillmor | |
2010-10-24 | back to using grep fixed-string matching when removing key lines | Jameson Rollins | |
This method uses grep -F to find the full line to match, and then second call to grep -v -F to actually remove the line. For known_hosts, we use two piped grep -F calls. No rexexp are used, and only one extra call to grep is required for known_hosts line removal. There is still an issue here about sub-string matches, but there is at least no regression over early versions. | |||
2010-10-24 | don't fail if authorized_keys file not present | Jameson Rollins | |
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644 | |||
2010-10-22 | tweak log levels and messages in ma/update_users | Jameson Rollins | |
2010-10-19 | fix remove_line function to not use fixed string checking, and to mv -f the ↵ | Jameson Rollins | |
tmp file into place | |||
2010-10-18 | fix remove_monkeysphere_lines function to just read from stdin and write to ↵ | Jameson Rollins | |
stdout | |||
2010-10-18 | fix update_known_hosts to create proper initial temp file | Jameson Rollins | |
2010-10-18 | fix back to integer indexing in process_authorized_user_ids | Jameson Rollins | |
2010-10-18 | cleanup update_known_hosts | Jameson Rollins | |
* don't update if unchanged * proper trap setting * cleanup comments | |||
2010-10-18 | fix up update_authorized_keys | Jameson Rollins | |
* better trap handling * don't update file if unchanged * clean up comments | |||
2010-10-18 | fix process_keys_for_file so that it can accept '-' as a file, and send ↵ | Jameson Rollins | |
output to stdout. | |||
2010-10-18 | update changelog | Jameson Rollins | |
2010-10-18 | Simplification/refactoring of key/file processing | Jameson Rollins | |
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing. | |||
2010-10-18 | fix test for keys-for-user | Jameson Rollins | |
2010-10-18 | add check for argument in keys-for-user | Jameson Rollins | |
2010-10-17 | fixed bug in remove_monkeysphere_lines function | Jameson Rollins | |
it was matching MonkeySphere strings as full lines and therefore not actually removing monkeysphere lines. I'm not sure exactly why, upon further consideration, why we actually need to be removing all monkeysphere lines in update_authorized_keys. | |||
2010-10-17 | fix changelog | Jameson Rollins | |
2010-10-17 | remove unneccessary export of TMP_AUTHORIZED_USER_IDS | Jameson Rollins | |
2010-10-17 | fix keys-for-user | Jameson Rollins | |
This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it. | |||
2010-10-17 | add missing CHECK_KEYSERVER config in skeleton monkeysphere-authentication.conf | Jameson Rollins | |