summaryrefslogtreecommitdiff
path: root/src/share/ma
AgeCommit message (Collapse)Author
2013-03-13Simplify arguments passed to su_monkeysphere_user() and gpg_sphereJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. This patch improves argument passing like this: a) Each argument is passed individually (not all as a single string) b) Arguments containing no variables are not quoted c) Dynamic arguments are double-quoted ( "$@" ) Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@") arguments are collapsed into single strings, and this change is therefore mostly¹ cosmetic. It does improve clarity, however. Also, it eases switching to safer quoted arguments in the future. ¹ma/update_users had $STRICT_MODES properly dual-quoted line 82 which is dropped with this change (to keep patches simple). Next patch will restore proper quoting generally (i.e. including this one now relaxed).
2013-03-13Pass only single commands through su wrapperJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when more than a single command is wrapped together. This patch simplifies convoluted shell calls to contain only one command each. Example: before: bash -c ". .../common; process_authorized_user_ids -" after: bash -c ".../common process_authorized_user_ids -"
2013-02-07added keyid-format 0xlong to monkeysphere-authentication default gpg.conf ↵Daniel Kahn Gillmor
files (thanks, Jonas!)
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-10-22tweak log levels and messages in ma/update_usersJameson Rollins
2010-10-18fix process_keys_for_file so that it can accept '-' as a file, and send ↵Jameson Rollins
output to stdout.
2010-10-18Simplification/refactoring of key/file processingJameson Rollins
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing.
2010-10-17remove unneccessary export of TMP_AUTHORIZED_USER_IDSJameson Rollins
2010-10-17fix keys-for-userJameson Rollins
This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it.
2010-10-15make sure authorized_keys options lines are skipped in keys-for-userJameson Rollins
2010-10-15attempt to fix apostroproblem in ma/keys-for-userJameson Rollins
This is an attempt to fix #600304 by properly passing the string litteral in to be processed, instead of escaping problematic characters.
2010-10-06Fix more calls to gpg_shere, finishing what was started in ↵Jameson Rollins
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7 There were another calls to gpg_sphere that were packing everything into a single argument. Since we fixed the need to do that, we fix all these other calls that were fixed in the first round.
2010-07-04add keys-for-user subcommand to monkeysphere-authenticationJameson Rollins
This subcommand will output all valid key for a given user. The user's authorized_user_ids file will be read for OpenPGP user IDs, one per line. The ssh-formated RSA keys will be output to stdout. Also included is a simple script that takes the user as it's one argument and exec's this command. This is something that would be suitable for the proposed sshd AuthorizedKeysCommand.
2010-05-06support x509 anchors for monkeysphere-host, allow shared anchors between m-a ↵Daniel Kahn Gillmor
and mh (closes MS #2288)
2010-03-14enable use of hkps (closes: MS #1749)Daniel Kahn Gillmor
2010-03-08fix my email addressJameson Rollins
2010-01-18canonicalize prompting to prompt if MONKEYSPHERE_PROMPT != 'false'Jameson Rollins
2010-01-10Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id.Jameson Rollins
Get rid of 'MODE' stuff, since it was not very clear and wasn't really being used.
2009-12-12hush up m-a setup because the dd was making noiseDaniel Kahn Gillmor
2009-07-26ensuring that STRICT_MODES gets passed through to the monkeysphere subshell ↵Daniel Kahn Gillmor
properly, and that we set it to a literal "false" in the tests. This should resolve the FTBFS associated with MS #659
2009-07-11Merge commit 'mlcastle/master'Jameson Graef Rollins
2009-07-11more replacement of read -p with printf; read (re #446)mike castleman
2009-07-11explicitly set MONKEYSPHERE_GROUPJameson Graef Rollins
The monkeysphere group is now determined from the system "groups" command, and then MONKEYSPHERE_GROUP is explicitly set from this, and then used when setting group ownership.
2009-04-06Add two new compatibility functions:Jameson Graef Rollins
- list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems.
2009-04-06replacing head -c with dd (for portability reasons, see #673)Daniel Kahn Gillmor
2009-03-22some more pruning of unnecessary usage of cat for the gnupg scripts.Jameson Graef Rollins
2009-03-03quieted down m-a add_certifier: there is no reason why the admin should be ↵Daniel Kahn Gillmor
shown gpg noise.
2009-03-02quieting down the transition script (and m-a setup).Daniel Kahn Gillmor
2009-03-02get rid of FILE_OWNER variable, in favor of just using $(whoami) whenJameson Graef Rollins
running check_key_file_permissions in update_known_hosts, update_authorized_keys, and process_authorized_user_ids. this is fine, since the policy is just that a user is always updating their own files. closes monkeysphere bug #630.
2009-03-01proposed fix for issue 630; since m-a u operates on a saved copy of the ↵Daniel Kahn Gillmor
users authorized_user_ids file, we should only check filesystem permissions against the monkeysphere user, not the target user.
2009-03-01switched $USER to $FILE_OWNER; new name is more semantically clear and less ↵Daniel Kahn Gillmor
likely to collide with other common uses of $USER.
2009-03-01explicity set the USER variable, since it's needed for checking file ↵Jameson Graef Rollins
permissions. add/modify some debug messages.
2009-03-01break out default variables into their own file: defaultenvJameson Graef Rollins
this allows the common file to be sourced without reseting variables to their defaults, which was causing a problem with su_monkeysphere_user. also added some more debug messages.
2009-03-01removed base64 invocation in favor of perl to reduce dependency spread.Daniel Kahn Gillmor
2009-02-22egrep -q terminates at the first match. m-a list-identity-certifiers chokes ↵Daniel Kahn Gillmor
if it cannot write to stdout. Because we are setting pipefail, this causes the pipeline checking for any certifiers to return untrue. solution? do not use -q, and send the output to /dev/null
2009-02-22really really fix m-a diagnostics checking of identity certifiers.Daniel Kahn Gillmor
2009-02-22fix some return code setting stuf that was no longer being used, and change ↵Jameson Graef Rollins
name of return code variable in update_users, since all-caps variables should be reserved for global vars.
2009-02-21reverse sense of test for valid identity certifiers in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix syntax error in m-a diagnostics.Daniel Kahn Gillmor
2009-02-21fix output formatting for cases where multiple fingerprints are found, in ↵Jameson Graef Rollins
functions that are doing that sort of thing
2009-02-21add tests to add_revoker and add_certifier that more than one key was not ↵Jameson Graef Rollins
found when adding by using key ID.
2009-02-21make sure we're explicitly capturing return codes in places where they are ↵Jameson Graef Rollins
tested, in case things are being run set -e
2009-02-20tweak/cleanup some of the prompts.Jameson Graef Rollins
2009-02-20tuning some diagnostic text.Daniel Kahn Gillmor
2009-02-20add_revoker fully working. also cleanup of add_certifier.Jameson Graef Rollins
add_revoker and add_certifier to many similar procedures, so I'm trying to keep them in sync as I figure out the right way to handle things.
2009-02-19Merge commit 'jrollins/master'Daniel Kahn Gillmor
2009-02-19clean up the diagnostics functions, check for ID-Certifiers in m-a dDaniel Kahn Gillmor
2009-02-19diagnostics should now check for cruft from old versions of the monkeysphere.Daniel Kahn Gillmor
2009-02-19fix arg parsing in add_certifier to allow of - for stdin read.Jameson Graef Rollins
2009-02-19Modify/cleanup add_certifier and add_revoker, so that their code baseJameson Graef Rollins
is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key.