summaryrefslogtreecommitdiff
path: root/src/share/ma
AgeCommit message (Collapse)Author
2013-02-07added keyid-format 0xlong to monkeysphere-authentication default gpg.conf ↵Daniel Kahn Gillmor
files (thanks, Jonas!)
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-10-22tweak log levels and messages in ma/update_usersJameson Rollins
2010-10-18fix process_keys_for_file so that it can accept '-' as a file, and send ↵Jameson Rollins
output to stdout.
2010-10-18Simplification/refactoring of key/file processingJameson Rollins
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing.
2010-10-17remove unneccessary export of TMP_AUTHORIZED_USER_IDSJameson Rollins
2010-10-17fix keys-for-userJameson Rollins
This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it.
2010-10-15make sure authorized_keys options lines are skipped in keys-for-userJameson Rollins
2010-10-15attempt to fix apostroproblem in ma/keys-for-userJameson Rollins
This is an attempt to fix #600304 by properly passing the string litteral in to be processed, instead of escaping problematic characters.
2010-10-06Fix more calls to gpg_shere, finishing what was started in ↵Jameson Rollins
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7 There were another calls to gpg_sphere that were packing everything into a single argument. Since we fixed the need to do that, we fix all these other calls that were fixed in the first round.
2010-07-04add keys-for-user subcommand to monkeysphere-authenticationJameson Rollins
This subcommand will output all valid key for a given user. The user's authorized_user_ids file will be read for OpenPGP user IDs, one per line. The ssh-formated RSA keys will be output to stdout. Also included is a simple script that takes the user as it's one argument and exec's this command. This is something that would be suitable for the proposed sshd AuthorizedKeysCommand.
2010-05-06support x509 anchors for monkeysphere-host, allow shared anchors between m-a ↵Daniel Kahn Gillmor
and mh (closes MS #2288)
2010-03-14enable use of hkps (closes: MS #1749)Daniel Kahn Gillmor
2010-03-08fix my email addressJameson Rollins
2010-01-18canonicalize prompting to prompt if MONKEYSPHERE_PROMPT != 'false'Jameson Rollins
2010-01-10Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id.Jameson Rollins
Get rid of 'MODE' stuff, since it was not very clear and wasn't really being used.
2009-12-12hush up m-a setup because the dd was making noiseDaniel Kahn Gillmor
2009-07-26ensuring that STRICT_MODES gets passed through to the monkeysphere subshell ↵Daniel Kahn Gillmor
properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659
2009-07-11Merge commit 'mlcastle/master'Jameson Graef Rollins
2009-07-11more replacement of read -p with printf; read (re #446)mike castleman
2009-07-11explicitly set MONKEYSPHERE_GROUPJameson Graef Rollins
The monkeysphere group is now determined from the system "groups" command, and then MONKEYSPHERE_GROUP is explicitly set from this, and then used when setting group ownership.
2009-04-06Add two new compatibility functions:Jameson Graef Rollins
- list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems.
2009-04-06replacing head -c with dd (for portability reasons, see #673)Daniel Kahn Gillmor
2009-03-22some more pruning of unnecessary usage of cat for the gnupg scripts.Jameson Graef Rollins
2009-03-03quieted down m-a add_certifier: there is no reason why the admin should be ↵Daniel Kahn Gillmor
shown gpg noise.
2009-03-02quieting down the transition script (and m-a setup).Daniel Kahn Gillmor
2009-03-02get rid of FILE_OWNER variable, in favor of just using $(whoami) whenJameson Graef Rollins
running check_key_file_permissions in update_known_hosts, update_authorized_keys, and process_authorized_user_ids. this is fine, since the policy is just that a user is always updating their own files. closes monkeysphere bug #630.
2009-03-01proposed fix for issue 630; since m-a u operates on a saved copy of the ↵Daniel Kahn Gillmor
users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user.
2009-03-01switched $USER to $FILE_OWNER; new name is more semantically clear and less ↵Daniel Kahn Gillmor
likely to collide with other common uses of $USER.
2009-03-01explicity set the USER variable, since it's needed for checking file ↵Jameson Graef Rollins
permissions. add/modify some debug messages.
2009-03-01break out default variables into their own file: defaultenvJameson Graef Rollins
this allows the common file to be sourced without reseting variables to their defaults, which was causing a problem with su_monkeysphere_user. also added some more debug messages.
2009-03-01removed base64 invocation in favor of perl to reduce dependency spread.Daniel Kahn Gillmor
2009-02-22egrep -q terminates at the first match. m-a list-identity-certifiers chokes ↵Daniel Kahn Gillmor
if it cannot write to stdout. Because we are setting pipefail, this causes the pipeline checking for any certifiers to return untrue. solution? do not use -q, and send the output to /dev/null
2009-02-22really really fix m-a diagnostics checking of identity certifiers.Daniel Kahn Gillmor
2009-02-22fix some return code setting stuf that was no longer being used, and change ↵Jameson Graef Rollins
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
2009-02-21reverse sense of test for valid identity certifiers in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix syntax error in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix output formatting for cases where multiple fingerprints are found, in ↵Jameson Graef Rollins
functions that are doing that sort of thing
2009-02-21add tests to add_revoker and add_certifier that more than one key was not ↵Jameson Graef Rollins
found when adding by using key ID.
2009-02-21make sure we're explicitly capturing return codes in places where they are ↵Jameson Graef Rollins
tested, in case things are being run set -e
2009-02-20tweak/cleanup some of the prompts.Jameson Graef Rollins
2009-02-20tuning some diagnostic text.Daniel Kahn Gillmor
2009-02-20add_revoker fully working. also cleanup of add_certifier.Jameson Graef Rollins
add_revoker and add_certifier to many similar procedures, so I'm trying to keep them in sync as I figure out the right way to handle things.
2009-02-19Merge commit 'jrollins/master'Daniel Kahn Gillmor
2009-02-19clean up the diagnostics functions, check for ID-Certifiers in m-a dDaniel Kahn Gillmor
2009-02-19diagnostics should now check for cruft from old versions of the monkeysphere.Daniel Kahn Gillmor
2009-02-19fix arg parsing in add_certifier to allow of - for stdin read.Jameson Graef Rollins
2009-02-19Modify/cleanup add_certifier and add_revoker, so that their code baseJameson Graef Rollins
is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key.
2009-02-19more fix permissions and ownership on authentication directories.Jameson Graef Rollins
2009-02-19fix permissions and ownership on authentication directories.Jameson Graef Rollins