summaryrefslogtreecommitdiff
path: root/src/share/common
AgeCommit message (Collapse)Author
2012-09-11fetch all keys instead of the first 5 (and work better with gpg 2.0.19, ↵Daniel Kahn Gillmor
which apparently does not retrieve keys from gpg --search if the --batch argument is also present)
2012-03-16use date somewhat more portablyDaniel Kahn Gillmor
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-10-30improve debug outputJameson Rollins
2010-10-30catch return for grep in remove_line, for case where grep -v returns nothing ↵Jameson Rollins
(e.g. only line in file is removed)
2010-10-29fix ssh_proxycommand marginal uiJameson Rollins
After the last big code cleanup, the bookkeeping of numbers of processed/valid keys was removed. This was done because most things don't use that info, and it was confusing return codes of top-level functions. The one thing that did use that, though, was the ssh_proxycommand. We fix this by using a global variable to keep track of the number of processed and valid keys. The proxy command can now easily determine when it should output it's marginal ui block.
2010-10-29fix variable declaration (leftover from break out of touch_key_file_or_fail)Jameson Rollins
2010-10-29consolidate and simplify printing of key lines in process_keys_for_fileJameson Rollins
also move hashing of known_hosts lines into ssh2known_hosts function
2010-10-25ensure that we only remove fully-matching lines once we have found themDaniel Kahn Gillmor
2010-10-24back to using grep fixed-string matching when removing key linesJameson Rollins
This method uses grep -F to find the full line to match, and then second call to grep -v -F to actually remove the line. For known_hosts, we use two piped grep -F calls. No rexexp are used, and only one extra call to grep is required for known_hosts line removal. There is still an issue here about sub-string matches, but there is at least no regression over early versions.
2010-10-24don't fail if authorized_keys file not presentJameson Rollins
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
2010-10-19fix remove_line function to not use fixed string checking, and to mv -f the ↵Jameson Rollins
tmp file into place
2010-10-18fix remove_monkeysphere_lines function to just read from stdin and write to ↵Jameson Rollins
stdout
2010-10-18fix back to integer indexing in process_authorized_user_idsJameson Rollins
2010-10-18fix process_keys_for_file so that it can accept '-' as a file, and send ↵Jameson Rollins
output to stdout.
2010-10-18Simplification/refactoring of key/file processingJameson Rollins
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing.
2010-10-17fixed bug in remove_monkeysphere_lines functionJameson Rollins
it was matching MonkeySphere strings as full lines and therefore not actually removing monkeysphere lines. I'm not sure exactly why, upon further consideration, why we actually need to be removing all monkeysphere lines in update_authorized_keys.
2010-10-04fix need for only single argument to gpg_sphereJameson Rollins
The use of $* instead of $@ in the call to su_monkeysphere_user is what we want to not split the input to the bash subcalls into separate words.
2010-10-02fix formatting of b3f0bbedbf242d2640d3bc56cce62ae726081400 to conform to ↵Jameson Rollins
standard
2010-10-02Assume that space- or tab-prefixed lines contain ssh authorized_keys options ↵Clint Adams
applicable to the preceding user ID.
2010-09-21change log level for outputting message: "! primary key could not beJamie McClelland
translated (not RSA?)." from "error" to "verbose"
2010-04-17do not try to add to known_hosts if HASH_KNOWN_HOSTS is true but ssh-keygen ↵Daniel Kahn Gillmor
is not available (includes some comments about how to fix these corner cases).
2010-04-17make comment more nit-pickingly accurateDaniel Kahn Gillmor
2010-03-14warn if keyserver query fails (Closes: MS #1750)Daniel Kahn Gillmor
2010-02-18enforce --no-armor when exporting to openpgp2ssh in case weird gpg.conf ↵Daniel Kahn Gillmor
options (see bug 1625)
2010-01-19dump gpg --import error spew to /dev/null during hackish uses of gpgDaniel Kahn Gillmor
2010-01-19ignoring time conflict when extracting info in a hacky way from gpg. ↵Daniel Kahn Gillmor
warnings still come out to stderr
2010-01-19add get_cert_info() to commonDaniel Kahn Gillmor
2010-01-18flesh out check for reasonable-looking service namesDaniel Kahn Gillmor
2010-01-18canonicalize prompting to prompt if MONKEYSPHERE_PROMPT != 'false'Jameson Rollins
2010-01-15add trap to remove temp dir in list_primary_fingerprints functionJameson Rollins
2010-01-11rename keys-from-userid command to more accurate keys-for-useridJameson Rollins
leave the old command for now, but warn as deprecated.
2010-01-10Fix patch for gen_key to test gpg version.Jameson Rollins
This patch checks the version of gpg (for v1 and v2) and sets the key type command for the gen_subkey gpg edit-key script appropriately.
2010-01-10Add new keys-from-userid subcommand to monkeysphere UI.Jameson Rollins
This new subcommand calls a new function, keys_from_userid, that outputs to stdout all acceptable keys for a given user ID literal.
2010-01-10Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id.Jameson Rollins
Get rid of 'MODE' stuff, since it was not very clear and wasn't really being used.
2009-09-24avoid noisy warning message when ssh-askpass not availableDaniel Kahn Gillmor
2009-08-01switch to using new checkperms script.Daniel Kahn Gillmor
2009-07-26added MONKEYSPHERE_STRICT_MODES environment option to disable permissions ↵Daniel Kahn Gillmor
checking.
2009-07-24small bug fix, and readbility improvementsJameson Graef Rollins
2009-07-24shoring up known_hosts creation with proper umask and with multi-level ↵Daniel Kahn Gillmor
directory creation.
2009-07-24make failures with unwritable known_hosts slightly less cryptic.Daniel Kahn Gillmor
2009-07-24only touch the known_hosts file if it does not exist, and create the parent ↵Daniel Kahn Gillmor
directory if it does not exist. if more than one level of enclosing directory does not exist, this will fail cryptically.
2009-07-11Merge commit 'mlcastle/master'Jameson Graef Rollins
2009-07-11improve function to get primary group to make it more portableJameson Graef Rollins
2009-07-11more replacement of read -p with printf; read (re #446)mike castleman
2009-06-29resolve symlinks when checking path permissionsJameson Graef Rollins
Thanks to Silvio Rhatto for the patch. This should close MS bug #917
2009-04-06add else failure to list_users functionJameson Graef Rollins
2009-04-06Add two new compatibility functions:Jameson Graef Rollins
- list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems.
2009-04-06actually check for md5 in the path within file_hash()Daniel Kahn Gillmor
2009-04-05fix typo in check_key_file_permissions functionJameson Graef Rollins
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 04:15:10 +0000