summaryrefslogtreecommitdiff
path: root/src/share/ma
AgeCommit message (Collapse)Author
2010-07-04add keys-for-user subcommand to monkeysphere-authenticationJameson Rollins
This subcommand will output all valid key for a given user. The user's authorized_user_ids file will be read for OpenPGP user IDs, one per line. The ssh-formated RSA keys will be output to stdout. Also included is a simple script that takes the user as it's one argument and exec's this command. This is something that would be suitable for the proposed sshd AuthorizedKeysCommand.
2010-05-06support x509 anchors for monkeysphere-host, allow shared anchors between m-a ↵Daniel Kahn Gillmor
and mh (closes MS #2288)
2010-03-14enable use of hkps (closes: MS #1749)Daniel Kahn Gillmor
2010-03-08fix my email addressJameson Rollins
2010-01-18canonicalize prompting to prompt if MONKEYSPHERE_PROMPT != 'false'Jameson Rollins
2010-01-10Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id.Jameson Rollins
Get rid of 'MODE' stuff, since it was not very clear and wasn't really being used.
2009-12-12hush up m-a setup because the dd was making noiseDaniel Kahn Gillmor
2009-07-26ensuring that STRICT_MODES gets passed through to the monkeysphere subshell ↵Daniel Kahn Gillmor
properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659
2009-07-11Merge commit 'mlcastle/master'Jameson Graef Rollins
2009-07-11more replacement of read -p with printf; read (re #446)mike castleman
2009-07-11explicitly set MONKEYSPHERE_GROUPJameson Graef Rollins
The monkeysphere group is now determined from the system "groups" command, and then MONKEYSPHERE_GROUP is explicitly set from this, and then used when setting group ownership.
2009-04-06Add two new compatibility functions:Jameson Graef Rollins
- list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems.
2009-04-06replacing head -c with dd (for portability reasons, see #673)Daniel Kahn Gillmor
2009-03-22some more pruning of unnecessary usage of cat for the gnupg scripts.Jameson Graef Rollins
2009-03-03quieted down m-a add_certifier: there is no reason why the admin should be ↵Daniel Kahn Gillmor
shown gpg noise.
2009-03-02quieting down the transition script (and m-a setup).Daniel Kahn Gillmor
2009-03-02get rid of FILE_OWNER variable, in favor of just using $(whoami) whenJameson Graef Rollins
running check_key_file_permissions in update_known_hosts, update_authorized_keys, and process_authorized_user_ids. this is fine, since the policy is just that a user is always updating their own files. closes monkeysphere bug #630.
2009-03-01proposed fix for issue 630; since m-a u operates on a saved copy of the ↵Daniel Kahn Gillmor
users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user.
2009-03-01switched $USER to $FILE_OWNER; new name is more semantically clear and less ↵Daniel Kahn Gillmor
likely to collide with other common uses of $USER.
2009-03-01explicity set the USER variable, since it's needed for checking file ↵Jameson Graef Rollins
permissions. add/modify some debug messages.
2009-03-01break out default variables into their own file: defaultenvJameson Graef Rollins
this allows the common file to be sourced without reseting variables to their defaults, which was causing a problem with su_monkeysphere_user. also added some more debug messages.
2009-03-01removed base64 invocation in favor of perl to reduce dependency spread.Daniel Kahn Gillmor
2009-02-22egrep -q terminates at the first match. m-a list-identity-certifiers chokes ↵Daniel Kahn Gillmor
if it cannot write to stdout. Because we are setting pipefail, this causes the pipeline checking for any certifiers to return untrue. solution? do not use -q, and send the output to /dev/null
2009-02-22really really fix m-a diagnostics checking of identity certifiers.Daniel Kahn Gillmor
2009-02-22fix some return code setting stuf that was no longer being used, and change ↵Jameson Graef Rollins
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
2009-02-21reverse sense of test for valid identity certifiers in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix syntax error in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix output formatting for cases where multiple fingerprints are found, in ↵Jameson Graef Rollins
functions that are doing that sort of thing
2009-02-21add tests to add_revoker and add_certifier that more than one key was not ↵Jameson Graef Rollins
found when adding by using key ID.
2009-02-21make sure we're explicitly capturing return codes in places where they are ↵Jameson Graef Rollins
tested, in case things are being run set -e
2009-02-20tweak/cleanup some of the prompts.Jameson Graef Rollins
2009-02-20tuning some diagnostic text.Daniel Kahn Gillmor
2009-02-20add_revoker fully working. also cleanup of add_certifier.Jameson Graef Rollins
add_revoker and add_certifier to many similar procedures, so I'm trying to keep them in sync as I figure out the right way to handle things.
2009-02-19Merge commit 'jrollins/master'Daniel Kahn Gillmor
2009-02-19clean up the diagnostics functions, check for ID-Certifiers in m-a dDaniel Kahn Gillmor
2009-02-19diagnostics should now check for cruft from old versions of the monkeysphere.Daniel Kahn Gillmor
2009-02-19fix arg parsing in add_certifier to allow of - for stdin read.Jameson Graef Rollins
2009-02-19Modify/cleanup add_certifier and add_revoker, so that their code baseJameson Graef Rollins
is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key.
2009-02-19more fix permissions and ownership on authentication directories.Jameson Graef Rollins
2009-02-19fix permissions and ownership on authentication directories.Jameson Graef Rollins
2009-02-19avoid chown -R, explicitly indicate the files we expect to be changed.Daniel Kahn Gillmor
2009-02-19do not show uid validity for gpg authentication core, since the core has no ↵Daniel Kahn Gillmor
ultimate ownertrust
2009-02-19add some log debug redirectsJameson Graef Rollins
2009-02-19Merge commit 'dkg/master'Jameson Graef Rollins
2009-02-19tweak some of the prompting, to change defaults, and add PROMPT usage where ↵Jameson Graef Rollins
missing
2009-02-19made gpg_sphere use --quiet again, and now doing more explicit extraction of ↵Daniel Kahn Gillmor
key fingerprint during add-certifier from file.
2009-02-19clean up failure messageDaniel Kahn Gillmor
2009-02-19catch pipe failures more cleanly during key importDaniel Kahn Gillmor
2009-02-19moved directory for monkeysphere-generated authorized_keys files back to its ↵Daniel Kahn Gillmor
old location at /var/lib/monkeysphere/authorized_keys
2009-02-18add no-tty, quiet, and no-greeting to gpg wrapper invocations to supress as ↵Jameson Graef Rollins
much gpg output as possible. then cleanup gpg invocations.