| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
This patch improves argument passing like this:
a) Each argument is passed individually (not all as a single string)
b) Arguments containing no variables are not quoted
c) Dynamic arguments are double-quoted ( "$@" )
Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@")
arguments are mostly¹ coollapsed into single strings, and this change is
therefore only cosmetic.
It does improve clarity, however. Also, it eases switching to safer
quoted arguments in the future.
¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
|
|
|
|
|
|
This function now properly outputs to stdout exactly what would have
been written to the monkeysphere-controlled authorized_keys file, but
without actually touching it.
|
|
|
|
The use of $* instead of $@ in the call to su_monkeysphere_user is
what we want to not split the input to the bash subcalls into separate
words.
|
|
|
|
Various install paths were hard coded in the top level scripts. This
was causing problems for non-standard install locations. Also added
use of LOCALSTATEDIR variable to specify /var/lib path.
|
|
This subcommand will output all valid key for a given user. The
user's authorized_user_ids file will be read for OpenPGP user IDs, one
per line. The ssh-formated RSA keys will be output to stdout.
Also included is a simple script that takes the user as it's one
argument and exec's this command. This is something that would be
suitable for the proposed sshd AuthorizedKeysCommand.
|
|
|
|
and monkeysphere-authentication
|
|
unknown subcommand is issued
|
|
|
|
|
|
Get rid of 'MODE' stuff, since it was not very clear and wasn't really
being used.
|
|
an improper number of arguments is passed, rather output a line
telling the user how to get the help output.
|
|
checking.
|
|
|
|
|
|
The monkeysphere group is now determined from the system "groups"
command, and then MONKEYSPHERE_GROUP is explicitly set from this, and
then used when setting group ownership.
|
|
LOG_PREFIX. also make sure to always export the LOG_PREFIX, so that
it gets passed to subprocces su_monkeysphere_user.
|
|
of log prefix.
|
|
shown gpg noise.
|
|
|
|
|
|
this allows the common file to be sourced without reseting variables
to their defaults, which was causing a problem with
su_monkeysphere_user.
also added some more debug messages.
|
|
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
|
|
VERSION file, which is created in the tarball target. This is then
installed at /usr/share/monkeysphere/VERSION, and cat'ed when the
version number is requested by the front-end ui. No more manual
setting of version number required (to avoid future problems, aka
"0.23.1"). This system is also more flexible, as the VERSION file
could potentially hold more info than just the release number.
|
|
is more similar, and so that they can read keys from stdin instead of
just from a file. Also fix the permissions on the tempdir in
publish_key.
|
|
|
|
|
|
key fingerprint during add-certifier from file.
|
|
- define more common variables in share/common
- cleanup how defaults are specified
- fix how CHECK_KEYSERVER was determined in monkeysphere
Fix calls to update_known_hosts and update_authorized_keys in
monkeysphere so that some of the checks are done within the functions
themselves, as opposed in the monkeysphere wrapper, so that other
functions can call them easier.
Fix ssh-proxycommand that had some left over cruft from the
transition.
|
|
failure.
|
|
much gpg output as possible. then cleanup gpg invocations.
|
|
it's never needed to be run manually, and can therefore be supressed
in the usage/documentation. Also, add setup to the postinst script so
that it's setup on installation.
Also add pipefail to ma, and try to supress unnecessary gpg output,
and redirect other to log debug.
|
|
for functions that prompt for confirmation. Also fix publish_key
function (NOT TESTED).
|
|
|
|
|
|
this was OK now that import_key works, and we can't really see a
reason to keep it around. We can resurect it down the line if need
be. Also, removed "expert" subcommand, after promting import_key,
since it may be need semi-regularly. The other "expert" commands are
now just not listed in the usage.
|
|
|
|
single argument, as required by the strange su requirements.
|
|
- fix reference to MONKEYSPHERE_USER for GNUPGHOME_SPHERE
- break out core_fingerprint function
- export core key to sphere keyring (necessary)
- fix some logging (add more debug) and formatting
|
|
be needed by both m-host and m-auth for communicating with keyservers.
|
|
can specify something smaller than the default.
|
|
is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files. updated some comments/documentation as well.
|
|
|
|
|
|
|
|
|
