summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2013-03-09Dual-quote arguments passed to su_monkeysphere_user() when possible.dualquoteJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when the wrapper demands unusually complex quoting. su_monkeysphere_user() expands arguments using "$*" which (unlike "$@") collapses all arguments into a single string, and therefore require "risky" arguments (e.g. ones containing variables that may contain space or other unusual characters) to be dual-quoted for them to not wreak havoc at the inside shell. This patch improves arguments passed to su_monkeysphere_user() by first single-quoting and then double-quoting arguments containing variables. NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe but effectively is a noop (quoting is lost at wrapper!).
2013-03-09Simplify arguments passed to su_monkeysphere_user() and gpg_sphereJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. This patch improves argument passing like this: a) Each argument is passed individually (not all as a single string) b) Arguments containing no variables are not quoted c) Dynamic arguments are double-quoted ( "$@" ) Due to su_monkeysphere_user() expanding arguments using "$*" (not "$@") arguments are mostly¹ coollapsed into single strings, and this change is therefore only cosmetic. It does improve clarity, however. Also, it eases switching to safer quoted arguments in the future. ¹As sole excepion ma/update_users line 82 has $STRICT_MODES dual-quoted.
2013-03-09Pass only single commands through su wrapperJonas Smedegaard
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when more than a single command is wrapped together. This patch simplifies convoluted shell calls to contain only one command each.
2013-02-07added keyid-format 0xlong to monkeysphere-authentication default gpg.conf ↵Daniel Kahn Gillmor
files (thanks, Jonas!)
2013-01-18enable openpgp2pem as well from keytransDaniel Kahn Gillmor
2012-09-11fetch all keys instead of the first 5 (and work better with gpg 2.0.19, ↵Daniel Kahn Gillmor
which apparently does not retrieve keys from gpg --search if the --batch argument is also present)
2012-03-20add --batch to gpg invocations, since gpg2 requires it to use --passphrase-* ↵Daniel Kahn Gillmor
arguments
2012-03-16use date somewhat more portablyDaniel Kahn Gillmor
2010-12-20keytrans: avoid confusing user IDs across different keys (closes MS # 2682)Daniel Kahn Gillmor
2010-11-13If for whatever reason the primary UID comes up empty, give the injected ↵Daniel Kahn Gillmor
subkey a reasonable name instead of the empty string
2010-11-13universalize and consolidate on --fixed-list-modeDaniel Kahn Gillmor
2010-10-30clean up ssh_proxycommand function (no functional change)Jameson Rollins
2010-10-30break out proxy command validation code into it's own function (no ↵Jameson Rollins
functional change)
2010-10-30improve debug outputJameson Rollins
2010-10-30fix variable declarations in update_known_hostsJameson Rollins
2010-10-30catch return for grep in remove_line, for case where grep -v returns nothing ↵Jameson Rollins
(e.g. only line in file is removed)
2010-10-29fix ssh_proxycommand marginal uiJameson Rollins
After the last big code cleanup, the bookkeeping of numbers of processed/valid keys was removed. This was done because most things don't use that info, and it was confusing return codes of top-level functions. The one thing that did use that, though, was the ssh_proxycommand. We fix this by using a global variable to keep track of the number of processed and valid keys. The proxy command can now easily determine when it should output it's marginal ui block.
2010-10-29fix variable declaration (leftover from break out of touch_key_file_or_fail)Jameson Rollins
2010-10-29consolidate and simplify printing of key lines in process_keys_for_fileJameson Rollins
also move hashing of known_hosts lines into ssh2known_hosts function
2010-10-25ensure that we only remove fully-matching lines once we have found themDaniel Kahn Gillmor
2010-10-24back to using grep fixed-string matching when removing key linesJameson Rollins
This method uses grep -F to find the full line to match, and then second call to grep -v -F to actually remove the line. For known_hosts, we use two piped grep -F calls. No rexexp are used, and only one extra call to grep is required for known_hosts line removal. There is still an issue here about sub-string matches, but there is at least no regression over early versions.
2010-10-24don't fail if authorized_keys file not presentJameson Rollins
we create a new function here, touch_key_file_or_fail, which will touch a new key file if there isn't one already present. This is now used in the update_authorized_keys and update_known_hosts functions when looking for authorized_keys and known_hosts respectively. Closes Debian 600644
2010-10-22tweak log levels and messages in ma/update_usersJameson Rollins
2010-10-19fix remove_line function to not use fixed string checking, and to mv -f the ↵Jameson Rollins
tmp file into place
2010-10-18fix remove_monkeysphere_lines function to just read from stdin and write to ↵Jameson Rollins
stdout
2010-10-18fix update_known_hosts to create proper initial temp fileJameson Rollins
2010-10-18fix back to integer indexing in process_authorized_user_idsJameson Rollins
2010-10-18cleanup update_known_hostsJameson Rollins
* don't update if unchanged * proper trap setting * cleanup comments
2010-10-18fix up update_authorized_keysJameson Rollins
* better trap handling * don't update file if unchanged * clean up comments
2010-10-18fix process_keys_for_file so that it can accept '-' as a file, and send ↵Jameson Rollins
output to stdout.
2010-10-18Simplification/refactoring of key/file processingJameson Rollins
This is a fairly major overhaul to greatly reduce the number of redundant code paths. We here created a new process_keys_for_file function that processes key from a userid for a given key file. All the main top elevel functions now call this one function. The main top level monkeysphere functions for updating the user's authorized_keys and known_hosts files are now moved to their own sourced files, which greatly reduces the amount of code sourced with common. monkeysphere now updates authorized_keys and known_hosts in temporary files that are then atomically moved into place upon completion. Finally, removed the confusing return codes in the key/file processing functions that were based on number of valid/invalid keys processed. It was confusing in the presence of actual errors that stopped processing.
2010-10-18add check for argument in keys-for-userJameson Rollins
2010-10-17fixed bug in remove_monkeysphere_lines functionJameson Rollins
it was matching MonkeySphere strings as full lines and therefore not actually removing monkeysphere lines. I'm not sure exactly why, upon further consideration, why we actually need to be removing all monkeysphere lines in update_authorized_keys.
2010-10-17remove unneccessary export of TMP_AUTHORIZED_USER_IDSJameson Rollins
2010-10-17fix keys-for-userJameson Rollins
This function now properly outputs to stdout exactly what would have been written to the monkeysphere-controlled authorized_keys file, but without actually touching it.
2010-10-17add 'k' as shortcut for keys-for-userJameson Rollins
2010-10-17fix typo in monkeysphere usageJameson Rollins
2010-10-15make sure authorized_keys options lines are skipped in keys-for-userJameson Rollins
2010-10-15attempt to fix apostroproblem in ma/keys-for-userJameson Rollins
This is an attempt to fix #600304 by properly passing the string litteral in to be processed, instead of escaping problematic characters.
2010-10-08default HASH_KNOWN_HOSTS to false (closes MS #2483)Daniel Kahn Gillmor
2010-10-06Fix more calls to gpg_shere, finishing what was started in ↵Jameson Rollins
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7 There were another calls to gpg_sphere that were packing everything into a single argument. Since we fixed the need to do that, we fix all these other calls that were fixed in the first round.
2010-10-04use LC_ALL=C for all gpg callsJameson Rollins
This should help with internationalization differences in gpg that could cause problems. Works in tests as is, but haven't tested with odd locales.
2010-10-04fix need for only single argument to gpg_sphereJameson Rollins
The use of $* instead of $@ in the call to su_monkeysphere_user is what we want to not split the input to the bash subcalls into separate words.
2010-10-03Merge remote branch 'jrollins/master'Daniel Kahn Gillmor
2010-10-02fix formatting of b3f0bbedbf242d2640d3bc56cce62ae726081400 to conform to ↵Jameson Rollins
standard
2010-10-02add debugging to monkeysphere-host publish-key, closes: #2289Micah Anderson
2010-10-02Assume that space- or tab-prefixed lines contain ssh authorized_keys options ↵Clint Adams
applicable to the preceding user ID.
2010-10-01fix revoke_key typo in creating temporary directoryMicah Anderson
fix variable specifying which key to revoke monkeysphere-host revoke-key <key-id> would produce the following errors, this commit fixes that: Really publish this cert to zimmermann.mayfirst.org ? (Y/n) y /usr/share/monkeysphere/mh/revoke_key: line 96: mkmstempdir: command not found gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: "0x!" not a key ID: skipping
2010-09-21Merge remote branch 'jamie/master'Daniel Kahn Gillmor
2010-09-21change log level for outputting message: "! primary key could not beJamie McClelland
translated (not RSA?)." from "error" to "verbose"