summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-03-13update Changelog to describe the admin-visible changes to m-aHEADrootsquashmasterDaniel Kahn Gillmor
2013-03-13Fix quote command embedded in another command (thanks, Daniel!)Jonas Smedegaard
NB! There seems to be many more of these, e.g. revealed by this command: git grep '[^="]$(' -- '*/*'
2013-03-13Optimize to not spawn subshell in su-wrapper when running as same user.Jonas Smedegaard
2013-03-13Preserve (instead of collapse) arguments in su_monkeysphere_user().Jonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, but not impossible: Bourne-derived shells treat single-quoting literally, which means that shell command arguments (i.e. an array of strings) should be safe to serialize (dual-quote) using these simple rules: b) each single-quote inside each string is escaped as '\'' a) each string is surrounded by single-quotes This patch applies above single-quote serialization for su_monkeysphere_user(). This appears to break for commands that start with variable assignment, like: PAGER=cat git diff So as long as we do not use that form, su_monkeysphere_user() should not treat its variables any worse than previous non-quoting.
2013-03-13update documentation for monkeysphere-authentication gpg-cmdDaniel Kahn Gillmor
The previous changeset ("simplify arguments passed to su_monkeysphere_user and gpg_sphere") changes the semantics for m-a gpg-cmd by making it take its arguments separately, rather than as a single string.
2013-03-13Simplify arguments passed to su_monkeysphere_user() and gpg_sphereJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. This patch improves argument passing like this: a) Each argument is passed individually (not all as a single string) b) Arguments containing no variables are not quoted c) Dynamic arguments are double-quoted ( "$@" ) Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@") arguments are collapsed into single strings, and this change is therefore mostly¹ cosmetic. It does improve clarity, however. Also, it eases switching to safer quoted arguments in the future. ¹ma/update_users had $STRICT_MODES properly dual-quoted line 82 which is dropped with this change (to keep patches simple). Next patch will restore proper quoting generally (i.e. including this one now relaxed).
2013-03-13Pass only single commands through su wrapperJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when more than a single command is wrapped together. This patch simplifies convoluted shell calls to contain only one command each. Example: before: bash -c ". .../common; process_authorized_user_ids -" after: bash -c ".../common process_authorized_user_ids -"
2013-03-13enable executing shell functions by invoking common directly.Daniel Kahn Gillmor
if you want to just launch a subshell that invokes a single function (e.g. foobar) from monkeysphere's common source, you should now be able to do so with: ${SYSSHAREDIR}/common foobar
2013-02-07added keyid-format 0xlong to monkeysphere-authentication default gpg.conf ↵Daniel Kahn Gillmor
files (thanks, Jonas!)
2013-02-06incorporate example combined ProxyCommand from sanoj_Daniel Kahn Gillmor
2013-01-18enable openpgp2pem as well from keytransDaniel Kahn Gillmor
2012-09-11fetch all keys instead of the first 5 (and work better with gpg 2.0.19, ↵Daniel Kahn Gillmor
which apparently does not retrieve keys from gpg --search if the --batch argument is also present)
2012-03-20add --batch to gpg invocations, since gpg2 requires it to use --passphrase-* ↵Daniel Kahn Gillmor
arguments
2012-03-16use date somewhat more portablyDaniel Kahn Gillmor
2012-02-24fix url in man page, fixes #635648Micah Anderson
2011-01-02genericized x509 certificate generation -- now works for any service, not ↵Daniel Kahn Gillmor
just https (invoke it like "make-x509-certreqs imap" for imap:// keys, etc)
2010-12-21avoid problems with filenames containing regexp special characters.Jamie McClelland
2010-12-21On dkg's suggestion, using hash index as more elegant way to ensureJamie McClelland
we don't repeat users.
2010-12-21Tracking users while generating watch list is more reliableJamie McClelland
way to ensure m-a u is executed on the right users.
2010-12-20adding some comments/concerns about the current monkeysphere-monitor-keys ↵Daniel Kahn Gillmor
implementation
2010-12-20added example script to auto-generate X.509 certificate requests with the ↵Daniel Kahn Gillmor
PGPExtension embedded in them from https monkeysphere-host keys.
2010-12-20update debug to use printf and always emit newlines; use warnings;Daniel Kahn Gillmor
2010-12-20whitespace, simple style cleanupDaniel Kahn Gillmor
2010-12-20Merge remote branch 'jamie/master'Daniel Kahn Gillmor
2010-12-20keytrans: avoid confusing user IDs across different keys (closes MS # 2682)Daniel Kahn Gillmor
2010-12-20Comments at top now contains more concrete explanation of howJamie McClelland
the script works. Location of key files to monitor is more configurable by the sys admin. All changed files treated the same for simplicity. Added debug mode.
2010-12-20more precise description of file::ChangeNotify's behaviorJamie McClelland
with regard to different operating systems. And, monitoring /etc/passwd is not recommended, so removed from description.
2010-12-19first attempt at closing #499 (changes to user authorized_keys files notJamie McClelland
immediately incorporated)
2010-11-13update changelogJameson Rollins
2010-11-13If for whatever reason the primary UID comes up empty, give the injected ↵Daniel Kahn Gillmor
subkey a reasonable name instead of the empty string
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-11-13avoid using the running MSVA from the user during the testsDaniel Kahn Gillmor
2010-10-30update upstream changelogJameson Rollins
2010-10-30clean up ssh_proxycommand function (no functional change)Jameson Rollins
2010-10-30break out proxy command validation code into it's own function (no ↵Jameson Rollins
functional change)
2010-10-30improve debug outputJameson Rollins
2010-10-30fix variable declarations in update_known_hostsJameson Rollins
2010-10-30catch return for grep in remove_line, for case where grep -v returns nothing ↵Jameson Rollins
(e.g. only line in file is removed)
2010-10-29fix ssh_proxycommand marginal uiJameson Rollins
After the last big code cleanup, the bookkeeping of numbers of processed/valid keys was removed. This was done because most things don't use that info, and it was confusing return codes of top-level functions. The one thing that did use that, though, was the ssh_proxycommand. We fix this by using a global variable to keep track of the number of processed and valid keys. The proxy command can now easily determine when it should output it's marginal ui block.
2010-10-29fix variable declaration (leftover from break out of touch_key_file_or_fail)Jameson Rollins
2010-10-29consolidate and simplify printing of key lines in process_keys_for_fileJameson Rollins
also move hashing of known_hosts lines into ssh2known_hosts function
2010-10-27remove reference to USE_VALIDATION_AGENT (the usage was incorrect as well)Jameson Rollins
2010-10-27fix label in upstream changelogJameson Rollins
2010-10-26finalize changelog for 0.34 releaseJameson Rollins
2010-10-26add note about CHECK_KEYSERVER var in msph-auth man pageJameson Rollins
2010-10-25ensure that we only remove fully-matching lines once we have found themDaniel Kahn Gillmor
2010-10-24back to using grep fixed-string matching when removing key linesJameson Rollins
This method uses grep -F to find the full line to match, and then second call to grep -v -F to actually remove the line. For known_hosts, we use two piped grep -F calls. No rexexp are used, and only one extra call to grep is required for known_hosts line removal. There is still an issue here about sub-string matches, but there is at least no regression over early versions.
2010-10-24don't fail if authorized_keys file not presentJameson Rollins
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
2010-10-22tweak log levels and messages in ma/update_usersJameson Rollins
2010-10-19fix remove_line function to not use fixed string checking, and to mv -f the ↵Jameson Rollins
tmp file into place