| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-10-22 | tweak log levels and messages in ma/update_users | Jameson Rollins | |
| 2010-10-18 | fix process_keys_for_file so that it can accept '-' as a file, and send ↵ | Jameson Rollins | |
| output to stdout. | |||
| 2010-10-18 | Simplification/refactoring of key/file processing | Jameson Rollins | |
| This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing. | |||
| 2010-10-17 | remove unneccessary export of TMP_AUTHORIZED_USER_IDS | Jameson Rollins | |
| 2010-10-17 | fix keys-for-user | Jameson Rollins | |
| This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it. | |||
| 2010-10-15 | make sure authorized_keys options lines are skipped in keys-for-user | Jameson Rollins | |
| 2010-10-15 | attempt to fix apostroproblem in ma/keys-for-user | Jameson Rollins | |
| This is an attempt to fix #600304 by properly passing the string litteral in to be processed, instead of escaping problematic characters. | |||
| 2010-10-06 | Fix more calls to gpg_shere, finishing what was started in ↵ | Jameson Rollins | |
| 90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7 There were another calls to gpg_sphere that were packing everything into a single argument. Since we fixed the need to do that, we fix all these other calls that were fixed in the first round. | |||
| 2010-07-04 | add keys-for-user subcommand to monkeysphere-authentication | Jameson Rollins | |
| This subcommand will output all valid key for a given user. The user's authorized_user_ids file will be read for OpenPGP user IDs, one per line. The ssh-formated RSA keys will be output to stdout. Also included is a simple script that takes the user as it's one argument and exec's this command. This is something that would be suitable for the proposed sshd AuthorizedKeysCommand. | |||
| 2010-05-06 | support x509 anchors for monkeysphere-host, allow shared anchors between m-a ↵ | Daniel Kahn Gillmor | |
| and mh (closes MS #2288) | |||
| 2010-03-14 | enable use of hkps (closes: MS #1749) | Daniel Kahn Gillmor | |
| 2010-03-08 | fix my email address | Jameson Rollins | |
| 2010-01-18 | canonicalize prompting to prompt if MONKEYSPHERE_PROMPT != 'false' | Jameson Rollins | |
| 2010-01-10 | Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id. | Jameson Rollins | |
| Get rid of 'MODE' stuff, since it was not very clear and wasn't really being used. | |||
| 2009-12-12 | hush up m-a setup because the dd was making noise | Daniel Kahn Gillmor | |
| 2009-07-26 | ensuring that STRICT_MODES gets passed through to the monkeysphere subshell ↵ | Daniel Kahn Gillmor | |
| properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659 | |||
| 2009-07-11 | Merge commit 'mlcastle/master' | Jameson Graef Rollins | |
| 2009-07-11 | more replacement of read -p with printf; read (re #446) | mike castleman | |
| 2009-07-11 | explicitly set MONKEYSPHERE_GROUP | Jameson Graef Rollins | |
| The monkeysphere group is now determined from the system "groups" command, and then MONKEYSPHERE_GROUP is explicitly set from this, and then used when setting group ownership. | |||
| 2009-04-06 | Add two new compatibility functions: | Jameson Graef Rollins | |
| - list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems. | |||
| 2009-04-06 | replacing head -c with dd (for portability reasons, see #673) | Daniel Kahn Gillmor | |
| 2009-03-22 | some more pruning of unnecessary usage of cat for the gnupg scripts. | Jameson Graef Rollins | |
| 2009-03-03 | quieted down m-a add_certifier: there is no reason why the admin should be ↵ | Daniel Kahn Gillmor | |
| shown gpg noise. | |||
| 2009-03-02 | quieting down the transition script (and m-a setup). | Daniel Kahn Gillmor | |
| 2009-03-02 | get rid of FILE_OWNER variable, in favor of just using $(whoami) when | Jameson Graef Rollins | |
| running check_key_file_permissions in update_known_hosts, update_authorized_keys, and process_authorized_user_ids. this is fine, since the policy is just that a user is always updating their own files. closes monkeysphere bug #630. | |||
| 2009-03-01 | proposed fix for issue 630; since m-a u operates on a saved copy of the ↵ | Daniel Kahn Gillmor | |
| users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user. | |||
| 2009-03-01 | switched $USER to $FILE_OWNER; new name is more semantically clear and less ↵ | Daniel Kahn Gillmor | |
| likely to collide with other common uses of $USER. | |||
| 2009-03-01 | explicity set the USER variable, since it's needed for checking file ↵ | Jameson Graef Rollins | |
| permissions. add/modify some debug messages. | |||
| 2009-03-01 | break out default variables into their own file: defaultenv | Jameson Graef Rollins | |
| this allows the common file to be sourced without reseting variables to their defaults, which was causing a problem with su_monkeysphere_user. also added some more debug messages. | |||
| 2009-03-01 | removed base64 invocation in favor of perl to reduce dependency spread. | Daniel Kahn Gillmor | |
| 2009-02-22 | egrep -q terminates at the first match. m-a list-identity-certifiers chokes ↵ | Daniel Kahn Gillmor | |
| if it cannot write to stdout. Because we are setting pipefail, this causes the pipeline checking for any certifiers to return untrue. solution? do not use -q, and send the output to /dev/null | |||
| 2009-02-22 | really really fix m-a diagnostics checking of identity certifiers. | Daniel Kahn Gillmor | |
| 2009-02-22 | fix some return code setting stuf that was no longer being used, and change ↵ | Jameson Graef Rollins | |
| name of return code variable in update_users, since all-caps variables should be reserved for global vars. | |||
| 2009-02-21 | reverse sense of test for valid identity certifiers in m-a diagnostics. | Daniel Kahn Gillmor | |
| 2009-02-21 | fix syntax error in m-a diagnostics. | Daniel Kahn Gillmor | |
| 2009-02-21 | fix output formatting for cases where multiple fingerprints are found, in ↵ | Jameson Graef Rollins | |
| functions that are doing that sort of thing | |||
| 2009-02-21 | add tests to add_revoker and add_certifier that more than one key was not ↵ | Jameson Graef Rollins | |
| found when adding by using key ID. | |||
| 2009-02-21 | make sure we're explicitly capturing return codes in places where they are ↵ | Jameson Graef Rollins | |
| tested, in case things are being run set -e | |||
| 2009-02-20 | tweak/cleanup some of the prompts. | Jameson Graef Rollins | |
| 2009-02-20 | tuning some diagnostic text. | Daniel Kahn Gillmor | |
| 2009-02-20 | add_revoker fully working. also cleanup of add_certifier. | Jameson Graef Rollins | |
| add_revoker and add_certifier to many similar procedures, so I'm trying to keep them in sync as I figure out the right way to handle things. | |||
| 2009-02-19 | Merge commit 'jrollins/master' | Daniel Kahn Gillmor | |
| 2009-02-19 | clean up the diagnostics functions, check for ID-Certifiers in m-a d | Daniel Kahn Gillmor | |
| 2009-02-19 | diagnostics should now check for cruft from old versions of the monkeysphere. | Daniel Kahn Gillmor | |
| 2009-02-19 | fix arg parsing in add_certifier to allow of - for stdin read. | Jameson Graef Rollins | |
| 2009-02-19 | Modify/cleanup add_certifier and add_revoker, so that their code base | Jameson Graef Rollins | |
| is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key. | |||
| 2009-02-19 | more fix permissions and ownership on authentication directories. | Jameson Graef Rollins | |
| 2009-02-19 | fix permissions and ownership on authentication directories. | Jameson Graef Rollins | |
| 2009-02-19 | avoid chown -R, explicitly indicate the files we expect to be changed. | Daniel Kahn Gillmor | |
| 2009-02-19 | do not show uid validity for gpg authentication core, since the core has no ↵ | Daniel Kahn Gillmor | |
| ultimate ownertrust | |||
 |
index : monkeysphere | |
| Unnamed repository; edit this file 'description' to name the repository. | Jonas Smedegaard |
| summaryrefslogtreecommitdiff |