From c4f049f6a8dfd1e0e301a6abffafb5c0012ccc0e Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:25:35 -0500 Subject: break out a bunch of common functions in monkeysphere-host: - create_*_*_file to create the key files - load_*fingerprint to load the host fingerprint into an exported variable (HOST_FINGERPRINT) - check_host_*key to check for the presence of a host key modified {import,gen}_key to use these new functions. --- src/monkeysphere-host | 128 +++++++++++++++++++++++++++++++++--------------- src/share/mh/gen_key | 28 +++-------- src/share/mh/import_key | 13 ++--- 3 files changed, 100 insertions(+), 69 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index be398b1..4aab995 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -32,6 +32,10 @@ MHSHAREDIR="${SYSSHAREDIR}/mh" # datadir for host functions MHDATADIR="${SYSDATADIR}/host" +# host pub key files +HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" +HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') @@ -93,22 +97,71 @@ gpg_host_export() { "0x${HOST_FINGERPRINT}!" } -# export the host key to the monkeysphere host file key -gpg_host_export_to_ssh_file() { - log debug "exporting openpgp public key..." +# export the host secret key to the monkeysphere ssh sec key file +# NOTE: assumes that the primary key is the proper key to use +create_ssh_sec_file() { + log debug "creating ssh secret key file..." + (umask 077 && \ + gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ + openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") + log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key" +} + +# export the host public key to the monkeysphere ssh pub key file +create_ssh_pub_file() { + log debug "creating ssh public key file..." + ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" + log info "SSH host public key file: $HOST_KEY_PUB" +} +# export the host public key to the monkeysphere gpg pub key file +create_gpg_pub_file() { + log debug "creating openpgp public key file..." gpg_host_export > "$HOST_KEY_PUB_GPG" - log info "SSH host public key in OpenPGP form: $HOST_KEY_PUB_GPG" + log info "GPG host public key file: $HOST_KEY_PUB_GPG" +} + +# load the host fingerprint into the fingerprint variable, using the +# export gpg pub key file +load_fingerprint() { + if [ -f "$HOST_KEY_PUB_GPG" ] ; then + HOST_FINGERPRINT=$( \ + (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ + && gpg --quiet --import \ + && gpg --quiet --list-keys --with-colons --with-fingerprint \ + && rm -rf "$FUBAR") <"$HOST_KEY_PUB_GPG" \ + | grep '^fpr:' | cut -d: -f10 ) + else + HOST_FINGERPRINT= + fi +} + +# load the host fingerprint into the fingerprint variable, using the +# gpg host secret key +load_fingerprint_secret() { + HOST_FINGERPRINT=$( \ + gpg_host --quiet --list-secret-key \ + --with-colons --with-fingerprint \ + | grep '^fpr:' | cut -d: -f10 ) } -# output just key fingerprint -# FIXME: should not have to be priviledged user to get host -# fingerprint. should be taken from publicly accessible key files, -# instead of the keyring. -get_host_fingerprint() { - gpg_host --list-secret-keys --fingerprint \ - --with-colons --fixed-list-mode 2> /dev/null | \ - grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null || true +# output host key ssh fingerprint +load_ssh_fingerprint() { + [ -f "$HOST_KEY_PUB" ] || return 0 + HOST_FINGERPRINT_SSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" \ + | awk '{ print $1, $2, $4 }') +} + +# fail if host key present +check_host_key() { + [ -z "$HOST_FINGERPRINT" ] \ + || failure "An OpenPGP host key already exists." +} + +# fail if host key not present +check_host_no_key() { + [ "$HOST_FINGERPRINT" ] \ + || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host expert import-key' first." } # output the index of a user ID on the host key @@ -135,27 +188,18 @@ find_host_userid() { fi } -# function to check for host secret key -check_host_fail() { - [ "$HOST_FINGERPRINT" ] || \ - failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host expert import-key' first." -} - # show info about the host key show_key() { - local fingerprintSSH - gpg_host --fingerprint --list-key --list-options show-unusable-uids \ "0x${HOST_FINGERPRINT}!" 2>/dev/null # FIXME: make sure expiration date is shown echo "OpenPGP fingerprint: $HOST_FINGERPRINT" - if [ -f "$HOST_KEY_PUB" ] ; then - fingerprintSSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" | \ - awk '{ print $1, $2, $4 }') + load_ssh_fingerprint - echo "ssh fingerprint: $fingerprintSSH" + if [ "$HOST_FINGERPRINT_SSH" ] ; then + echo "ssh fingerprint: $HOST_FINGERPRINT_SSH" else log error "SSH host key not found." fi @@ -186,13 +230,6 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} -# host key fingerprint -HOST_FINGERPRINT=$(get_host_fingerprint) - -# host pub key files -HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" -HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" - # export variables needed in su invocation export DATE export MODE @@ -201,52 +238,59 @@ export MONKEYSPHERE_USER export KEYSERVER export GNUPGHOME_HOST export GNUPGHOME -export HOST_FINGERPRINT +export HOST_FINGERPRINT= +export HOST_FINGERPRINT_SSH= # get subcommand COMMAND="$1" [ "$COMMAND" ] || failure "Type '$PGRM help' for usage." shift - case $COMMAND in 'show-key'|'show'|'s') - check_host_fail + load_fingerprint + check_host_no_key show_key ;; 'set-expire'|'extend-key'|'e') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/set_expire" set_expire "$@" ;; 'add-hostname'|'add-name'|'n+') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/add_hostname" add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/revoke_hostname" revoke_hostname "$@" ;; 'add-revoker'|'o') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/add_revoker" add_revoker "$@" ;; 'revoke-key'|'r') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/revoke_key" revoke_key "$@" ;; 'publish-key'|'publish'|'p') - check_host_fail + load_fingerprint + check_host_no_key source "${MHSHAREDIR}/publish_key" publish_key ;; @@ -269,11 +313,15 @@ EOF ;; 'import-key'|'i') + load_fingerprint + check_host_key source "${MHSHAREDIR}/import_key" import_key "$@" ;; 'gen-key'|'g') + load_fingerprint + check_host_key source "${MHSHAREDIR}/gen_key" gen_key "$@" ;; diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 7b427e4..873ed02 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -20,10 +20,6 @@ local keyUsage="auth" local keyExpire="0" local userID -# check for presense of a key -[ "$HOST_FINGERPRINT" ] && \ - failure "An OpenPGP host key already exists." - # get options while true ; do case "$1" in @@ -61,25 +57,17 @@ Expire-Date: $keyExpire EOF -# find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(get_host_fingerprint) -export HOST_FINGERPRINT +# load the new host fpr into the fpr variable +load_fingerprint_secret -# translate the private key to ssh format, and export to a file -# for sshs usage. -# NOTE: assumes that the primary key is the proper key to use -log debug "exporting ssh secret key..." -(umask 077 && \ - gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ - openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") -log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" +# export to ssh secret key file +create_ssh_sec_file -log debug "creating ssh public key..." -ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" -log info "SSH host public key output to file: $HOST_KEY_PUB" +# export to ssh public key file +create_ssh_pub_file -# export public key to file -gpg_host_export_to_ssh_file +# export to gpg public key to file +create_gpg_pub_file # show info about new key show_key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 99511a8..9be8dce 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -16,10 +16,6 @@ import_key() { local hostName local userID -# check for presense of a key -[ "$HOST_FINGERPRINT" ] && \ - failure "An OpenPGP host key already exists." - hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" @@ -33,12 +29,11 @@ log verbose "importing ssh key..." PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ gpg_host --import -# find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(get_host_fingerprint) -export HOST_FINGERPRINT +# load the new host fpr into the fpr variable +load_fingerprint_secret -# export public key to file -gpg_host_export_to_ssh_file +# export to gpg public key to file +create_gpg_pub_file # show info about new key show_key -- cgit v1.2.3 From 0cc9a8f041a9b9b97e7f5f24f71a92961e54c4f2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:29:30 -0500 Subject: clean up how trust level was check in ma/setup, with some debug output --- src/share/ma/setup | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 034f047..894db84 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -85,7 +85,10 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "check trust level of core key..." - if [ "1:3:1" != $(gpg_sphere --with-colons --fixed-list-mode --list-keys | head -n1 | grep ^tru: cut -f3,6,7 -d:) ] ; then + local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + | head -n1 | grep "^tru:" | cut -d: -f3,6,7) + log debug "trust level: $TRUST_LEVEL" + if [ "$TRUST_LEVEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." fi } -- cgit v1.2.3 From 904a1d633f71836b9e8a11f1656d535c3d7e0897 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:30:57 -0500 Subject: add ability to supress confirmation prompt in ma/add_certifier fix some logging output --- src/share/ma/add_certifier | 28 ++++++++++++++++++++-------- src/share/ma/remove_certifier | 3 ++- src/share/mh/add_revoker | 4 ++-- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index e9731cc..2e53455 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,6 +36,8 @@ local fingerprint local ltsignCommand local trustval +PROMPT=true + # get options while true ; do case "$1" in @@ -51,6 +53,10 @@ while true ; do depth="$2" shift 2 ;; + -y) + PROMPT=false + shift 1 + ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -90,26 +96,32 @@ if [ -f "$keyID" ] ; then fi else # get the key from the key server + log debug "retrieving key from keyserver..." gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi export keyID # get the full fingerprint of a key ID -fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \ - grep '^fpr:' | grep "$keyID" | cut -d: -f10) +log debug "getting fingerprint of certifier key..." +fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -log info -e "\nkey found:" +log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -echo "Are you sure you want to add the above key as a" -read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} -if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Identity certifier not added." +if [ "$PROMPT" = true ] ; then + echo "Are you sure you want to add the above key as a" + read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Identity certifier not added." + fi +else + log debug "adding key without prompting." fi # export the key to the core keyring so that the core can sign the @@ -151,7 +163,7 @@ if echo "$ltsignCommand" | \ # update the sphere trustdb gpg_sphere "--check-trustdb" - log info -e "\nIdentity certifier added." + log info "Identity certifier added." else failure "Problem adding identify certifier." fi diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 1164162..c7aabea 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -41,7 +41,8 @@ if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # update the trustdb for the authentication keyring gpg_sphere "--check-trustdb" - log info -e "\nIdentity certifier removed." + log info "" + log info "Identity certifier removed." else failure "Problem removing identity certifier." fi diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 39dfaca..8d160a8 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -74,7 +74,7 @@ if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -log info -e "\nkey found:" +log info "key found:" gpg_host --fingerprint "0x${fingerprint}!" echo "Are you sure you want to add the above key as a" @@ -98,7 +98,7 @@ failure "not implemented yet!" if echo "$addrevokerCommand" | \ gpg_core_edit ; then - log info -e "\nRevoker added." + log info "Revoker added." else failure "Problem adding revoker." fi -- cgit v1.2.3 From 2be7543af6a883d1e08790a12ed3345f6519f15a Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:33:17 -0500 Subject: add some debug logging to some common functions --- src/share/common | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/share/common b/src/share/common index 2a20c1c..d60631e 100644 --- a/src/share/common +++ b/src/share/common @@ -136,6 +136,7 @@ lock() { else lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'" fi + log debug "lock created on '$file'." ;; touch) if [ -n "$use_lockfileprogs" ] ; then @@ -143,6 +144,7 @@ lock() { else : Nothing to do here fi + log debug "lock touched on '$file'." ;; remove) if [ -n "$use_lockfileprogs" ] ; then @@ -150,6 +152,7 @@ lock() { else rm -f "${file}.lock" fi + log debug "lock removed on '$file'." ;; *) failure "bad argument for lock subfunction '$action'" @@ -430,6 +433,8 @@ check_key_file_permissions() { uname="$1" path="$2" + log debug "checking path permission '$path'..." + # return 255 if cannot stat file if ! stat=$(ls -ld "$path" 2>/dev/null) ; then log error "could not stat path '$path'." @@ -1018,6 +1023,8 @@ update_authorized_keys() { # remove the lockfile and the trap lock remove "$AUTHORIZED_KEYS" + + # remove the trap trap - EXIT # note if the authorized_keys file was updated -- cgit v1.2.3 From 44ca5172d76fb84802c85057a3c0eaf0e6d8956d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:36:39 -0500 Subject: some clean up to tests/basic --- tests/basic | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/tests/basic b/tests/basic index d9399f0..bcade42 100755 --- a/tests/basic +++ b/tests/basic @@ -91,8 +91,12 @@ trap failed_cleanup EXIT ## the tests, not system-wide: # make temp dir -mkdir -p "$TESTDIR"/tmp -TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") +# FIXME: I believe that /tmp can not be used as the temp dir here, +# since the permissions on /tmp are usually such that they will not +# pass the monkeysphere/ssh path permission checking. at least this +# is my experience. +#TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") +TEMPDIR=$(mktemp -d "${TESTDIR}/tmp/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. @@ -121,10 +125,8 @@ export DISPLAY=monkeys # copy in admin and testuser home to tmp echo "##################################################" -echo "### copying admin and testuser homes..." -cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ +echo "### configuring testuser home..." cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ - # set up environment for testuser export TESTHOME="$TEMPDIR"/testuser export GNUPGHOME="$TESTHOME"/.gnupg @@ -141,6 +143,10 @@ KNOWN_HOSTS=$TESTHOME/.ssh/known_hosts EOF get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf +echo "##################################################" +echo "### configuring admin home..." +cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ + # set up sshd echo "##################################################" echo "### configuring sshd..." @@ -155,17 +161,6 @@ EOF ###################################################################### ### SERVER HOST SETUP -# create a new host key -echo "##################################################" -echo "### testing host key generation..." -mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/host -# add gpg.conf with quick-random -get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/host/gpg.conf -echo | monkeysphere-host expert gen-key --length 1024 testhost - -# remove the host home for the next test -rm -rf "$MONKEYSPHERE_SYSCONFIGDIR"/host - # import host key echo "##################################################" echo "### testing host key importing..." @@ -182,6 +177,7 @@ monkeysphere-host show-key echo "##################################################" echo "### getting host key fingerprint..." HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$HOSTKEYID" # certify host key with the "Admin's Key". # (this would normally be done via keyservers) @@ -214,7 +210,7 @@ get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf # add admin as identity certifier for testhost echo "##################################################" echo "### adding admin as certifier..." -echo y | monkeysphere-authentication add-id-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg +monkeysphere-authentication add-id-certifier -y "$TEMPDIR"/admin/.gnupg/pubkey.gpg # FIXME: should we run "diagnostics" here to test setup? @@ -241,6 +237,8 @@ gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) +# FIXME: NOT FAILING PROPERLY FOR: +# ms: improper group or other writability on path '/tmp'. ###################################################################### -- cgit v1.2.3 From 9c193c4dc749403030aeda0acc794a65d7593540 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 15:19:16 -0500 Subject: tests/basic: respect $TMPDIR variable for temporary directories set up during testing. --- tests/basic | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/basic b/tests/basic index bcade42..af8b5f1 100755 --- a/tests/basic +++ b/tests/basic @@ -90,13 +90,16 @@ trap failed_cleanup EXIT ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: -# make temp dir -# FIXME: I believe that /tmp can not be used as the temp dir here, -# since the permissions on /tmp are usually such that they will not -# pass the monkeysphere/ssh path permission checking. at least this -# is my experience. -#TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") -TEMPDIR=$(mktemp -d "${TESTDIR}/tmp/monkeyspheretest.XXXXXXX") +# set up temp dir + +# NOTE: /tmp can not be used as the temp dir here, since the +# permissions on /tmp are usually such that they will not pass the +# monkeysphere/ssh path permission checking. If you need to use a +# different location than the current source, please set $TMPDIR +# somewhere with tighter permissions. + +mkdir -p "$TESTDIR"/tmp +TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. -- cgit v1.2.3 From 07316c65eb5302a1d5385301876be7971e26fd1f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 16:17:00 -0500 Subject: fix reference to MONKEYSPHER_USER in ma/setup --- src/monkeysphere-host | 3 +++ src/share/ma/setup | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4aab995..f79c2bb 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -123,6 +123,9 @@ create_gpg_pub_file() { # load the host fingerprint into the fingerprint variable, using the # export gpg pub key file +# FIXME: this seems much less than ideal, with all this temp keyring +# stuff. is there a way we can do this without having to create temp +# files? load_fingerprint() { if [ -f "$HOST_KEY_PUB_GPG" ] ; then HOST_FINGERPRINT=$( \ diff --git a/src/share/ma/setup b/src/share/ma/setup index 894db84..0cd92e0 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -40,10 +40,10 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF - # make sure the monkeysphere user owns everything in th sphere + # make sure the monkeysphere user owns everything in the sphere # gnupghome - chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" - chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chown -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}" # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) -- cgit v1.2.3 From f54abea9da2be063b0d0ed974f6130b303b2a1c7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:19:35 -0500 Subject: Fix the ma/setup function: - fix reference to MONKEYSPHERE_USER for GNUPGHOME_SPHERE - break out core_fingerprint function - export core key to sphere keyring (necessary) - fix some logging (add more debug) and formatting --- src/monkeysphere-authentication | 19 ++++++++++++------- src/share/ma/setup | 35 ++++++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 6d2e72c..a33de1e 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -75,17 +75,12 @@ gpg_core() { GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME - # NOTE: we supress this warning because we need the monkeysphere - # user to be able to read the host pubring. we realize this might - # be problematic, but it's the simplest solution, without too much - # loss of security. gpg "$@" } # function to interact with the gpg sphere keyring -# FIXME: this function requires basically accepts only a single -# argument because of problems with quote expansion. this needs to be -# fixed/improved. +# FIXME: this function requires only a single argument because of +# problems with quote expansion. this needs to be fixed/improved. gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME @@ -93,8 +88,18 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# load the core fingerprint into the fingerprint variable, using the +# gpg host secret key +core_fingerprint() { + log debug "determining core key fingerprint..." + gpg_core --quiet --list-secret-key \ + --with-colons --fixed-list-mode --with-fingerprint \ + | grep ^fpr: | cut -d: -f10 +} + # export signatures from core to sphere gpg_core_sphere_sig_transfer() { + log debug "exporting core local sigs to sphere..." gpg_core --export-options export-local-sigs --export | \ gpg_sphere --import-options import-local-sigs --import } diff --git a/src/share/ma/setup b/src/share/ma/setup index 0cd92e0..5960ab4 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -23,6 +23,7 @@ setup() { # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? + log debug "write core gpg.conf..." cat >"${GNUPGHOME_CORE}"/gpg.conf <"${GNUPGHOME_SPHERE}"/gpg.conf < Date: Thu, 12 Feb 2009 18:23:05 -0500 Subject: fix some things in ma certifier functions: - fix left over bad invocations of gpg_sphere --list-keys - add some more debug log output --- src/share/ma/add_certifier | 5 ++++- src/share/ma/list_certifiers | 15 +++++++++++---- src/share/ma/remove_certifier | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 2e53455..28c229a 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -102,7 +102,7 @@ fi export keyID -# get the full fingerprint of a key ID +# get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) @@ -126,6 +126,7 @@ fi # export the key to the core keyring so that the core can sign the # new certifier key +log debug "exporting retrieved certifier key to core keyring..." gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import case "$trust" in @@ -154,6 +155,7 @@ EOF ) # core ltsigns the newly imported certifier key +log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then @@ -161,6 +163,7 @@ if echo "$ltsignCommand" | \ gpg_core_sphere_sig_transfer # update the sphere trustdb + log debug "updating sphere trustdb..." gpg_sphere "--check-trustdb" log info "Identity certifier added." diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index e37485e..d8b8f33 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -18,13 +18,20 @@ list_certifiers() { local keys local key -# find trusted keys in authentication keychain -keys=$(gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-keys --with-colons --fingerprint" | \ - grep ^pub: | cut -d: -f2,5 | egrep '^(u|f):' | cut -d: -f2) +# find trusted keys in sphere keychain +log debug "finding trusted keys..." + +# NOTE: looking for only 'f' keys here (used to be '(u|f)'), since the +# only key that should be 'u' is the core key, which is not +# technically a certifier in the sense we're worried about. Is this +# not correct? Should we be sorting out the certifier keys in a +# different way? +keys=$(gpg_sphere "--list-keys --with-colons --fingerprint" | \ + grep ^pub: | cut -d: -f2,5 | egrep '^f:' | cut -d: -f2) # output keys for key in $keys ; do - gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key --fingerprint $key" + gpg_sphere "--list-key --fingerprint 0x${key}!" done } diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index c7aabea..4e56264 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -23,7 +23,7 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to remove." fi -if gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key 0x${keyID}!" ; then +if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." -- cgit v1.2.3 From 9a92104113158b39de7c8b42bf883b3fd46ed006 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:24:34 -0500 Subject: add list-certifiers to the basic test --- tests/basic | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index af8b5f1..6ee4eea 100755 --- a/tests/basic +++ b/tests/basic @@ -215,8 +215,11 @@ echo "##################################################" echo "### adding admin as certifier..." monkeysphere-authentication add-id-certifier -y "$TEMPDIR"/admin/.gnupg/pubkey.gpg -# FIXME: should we run "diagnostics" here to test setup? +echo "##################################################" +echo "### list certifiers..." +monkeysphere-authentication list-certifiers +# FIXME: should we run "diagnostics" here to test setup? ###################################################################### ### TESTUSER SETUP -- cgit v1.2.3 From 58244d7d9e2d6aa2220bd2e692b2370de283cc23 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:30:38 -0500 Subject: fix typo --- src/share/ma/setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 5960ab4..533e6a1 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -44,7 +44,7 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome - log debuf "fix sphere gnupg home ownership..." + log debug "fix sphere gnupg home ownership..." chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" -- cgit v1.2.3 From 5d6d207f7c1ad3e4545484fbab84ce25ef756ea0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:32:32 -0500 Subject: no longer require the primary-keyring for the sphere gpg.conf now that we use a single keyring --- src/share/ma/setup | 1 - 1 file changed, 1 deletion(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 533e6a1..09c356c 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -38,7 +38,6 @@ EOF # This file is maintained by the Monkeysphere software. # Edits will be overwritten. no-greeting -primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF -- cgit v1.2.3 From 0dc13ca3b54ecd5ce311f88fed736aca1774b525 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:34:08 -0500 Subject: tests/common: enable a single subshell in the test environment before cleanup on failure; makes it easier to have $PATH, etc set up --- tests/common | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/common b/tests/common index adc96a2..0f90500 100644 --- a/tests/common +++ b/tests/common @@ -3,7 +3,10 @@ failed_cleanup() { # FIXME: can we be more verbose here? echo 'FAILED!' - read -p "press enter to cleanup and remove tmp:" + read -p "press enter to cleanup and remove tmp (or type bash for a subshell to examine): " XX + if [ "$XX" = bash ] ; then + bash + fi cleanup } -- cgit v1.2.3 From 65e8a49c924eac3c46c93cb4bb9be9c739a58983 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:39:38 -0500 Subject: tweak some of the log output inconsequentially --- src/share/ma/setup | 12 ++++++------ src/share/mh/set_expire | 3 +++ tests/basic | 1 - 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 5960ab4..e5109fd 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -23,7 +23,7 @@ setup() { # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? - log debug "write core gpg.conf..." + log debug "writing core gpg.conf..." cat >"${GNUPGHOME_CORE}"/gpg.conf <"${GNUPGHOME_SPHERE}"/gpg.conf < Date: Thu, 12 Feb 2009 18:53:17 -0500 Subject: su_monkeysphere_user now invokes a subshell even when already called by the monkeysphere user. --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/common b/src/share/common index d60631e..42df684 100644 --- a/src/share/common +++ b/src/share/common @@ -95,7 +95,7 @@ su_monkeysphere_user() { # if the current user is the monkeysphere user, then just eval # command if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - eval "$@" + bash -c "$@" # otherwise su command as monkeysphere user else -- cgit v1.2.3 From c27c0ad208919590a118d5f271d28b044beea9bb Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:59:01 -0500 Subject: fix the su_monkeysphere_user function so that it does 'bash -c' instead of 'eval', if the user already is the monkeysphere user, so that a proper subshell is invoked. --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/common b/src/share/common index d60631e..42df684 100644 --- a/src/share/common +++ b/src/share/common @@ -95,7 +95,7 @@ su_monkeysphere_user() { # if the current user is the monkeysphere user, then just eval # command if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - eval "$@" + bash -c "$@" # otherwise su command as monkeysphere user else -- cgit v1.2.3 From 472cb2447cded21c3279f314d6f9cf159d34f73f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 19:08:21 -0500 Subject: trust level != trust model --- src/share/ma/setup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 09c356c..8032023 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -96,11 +96,11 @@ EOF # ensure that we're using the extended trust model (1), and that # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. - log debug "checking trust level of core key..." - local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + log debug "checking trust model for authentication ..." + local TRUST_MODEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) - log debug "sphere trust level of core: $TRUST_LEVEL" - if [ "$TRUST_LEVEL" != '1:3:1' ] ; then + log debug "sphere trust model: $TRUST_MODEL" + if [ "$TRUST_MODEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." fi } -- cgit v1.2.3 From 387848dfa7081364094a71ff70f65bb1cbd83d8b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 19:10:12 -0500 Subject: fix some calls to gpg_sphere that where not putting all arguments into a single argument, as required by the strange su requirements. --- src/monkeysphere-authentication | 2 +- src/share/ma/setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index a33de1e..18057e5 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -101,7 +101,7 @@ core_fingerprint() { gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." gpg_core --export-options export-local-sigs --export | \ - gpg_sphere --import-options import-local-sigs --import + gpg_sphere "--import-options import-local-sigs --import" } ######################################################################## diff --git a/src/share/ma/setup b/src/share/ma/setup index e5109fd..216b0b9 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust level of core key..." - local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + local TRUST_LEVEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust level of core: $TRUST_LEVEL" if [ "$TRUST_LEVEL" != '1:3:1' ] ; then -- cgit v1.2.3 From 4b1b309608a55494cc94fee9bd9153d09fb3040a Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 19:13:19 -0500 Subject: fix something that was resolved improperly in the previous merge. --- src/share/ma/setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index f989db6..02fc069 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -97,7 +97,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_LEVEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then -- cgit v1.2.3 From ae4a8d669f21b6006a7902b3dd18f2b3a6a24938 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 15 Feb 2009 18:16:33 -0500 Subject: website: fix a small incorrect command line for apt-key import --- website/archive-key.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/archive-key.mdwn b/website/archive-key.mdwn index 6658469..eec40d5 100644 --- a/website/archive-key.mdwn +++ b/website/archive-key.mdwn @@ -37,7 +37,7 @@ If you have properly verified this key, you can add it to your apt keyring for proper cryptographic verification of the archive and its packages by doing the following: - $ sudo gpg -a --export EB8AF314 | apt-key add - + $ gpg -a --export EB8AF314 | sudo apt-key add - OK $ aptitude update ... -- cgit v1.2.3 From d06d6df892ab42e184d22f9a6686ae6689a711a1 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 15 Feb 2009 22:50:35 -0500 Subject: have the import_key also create the ssh pub file, since it is needed to show full host key info. --- src/share/mh/import_key | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 9be8dce..9415b4d 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -32,6 +32,9 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ # load the new host fpr into the fpr variable load_fingerprint_secret +# export to ssh public key file +create_ssh_pub_file + # export to gpg public key to file create_gpg_pub_file -- cgit v1.2.3 From e5e41eb0651bf74398b449d81ede51086dd25167 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 15 Feb 2009 22:51:17 -0500 Subject: fix the publish_key function for new gpg_sphere. --- etc/monkeysphere-authentication.conf | 2 +- etc/monkeysphere.conf | 2 +- packaging/debian/changelog | 3 ++- src/share/mh/publish_key | 7 +------ 4 files changed, 5 insertions(+), 9 deletions(-) diff --git a/etc/monkeysphere-authentication.conf b/etc/monkeysphere-authentication.conf index ea40966..0a28c4d 100644 --- a/etc/monkeysphere-authentication.conf +++ b/etc/monkeysphere-authentication.conf @@ -28,4 +28,4 @@ # by the home directory of the user, and '%u' will by replaced by the # username of the user. Setting this variable to 'none' prevents the # inclusion of user controlled authorized_keys file. -# RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" +#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index 2f0b877..20df62b 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -14,7 +14,7 @@ # MONKEYSPHERE_GNUPGHOME environment variable, then the value of the # GNUPGHOME environment variable will be used. If GNUPGHOME is not # set either, then the default value is listed below. -# GNUPGHOME=~/.gnupg +#GNUPGHOME=~/.gnupg # GPG keyserver to search for keys. #KEYSERVER=pool.sks-keyservers.net diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 6b31e16..c825b64 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -7,6 +7,7 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low - replace monkeysphere-server with monkeysphere-{authentication,host} - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere + * new ability to import existing ssh key into monkeysphere * simplify adding a host to the monkeysphere, automate the process during debian installation * provide pem2openpgp for translating unencrypted PEM-encoded raw key @@ -18,7 +19,7 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low * check that existing authentication keys are valid in gen_key function. - -- Daniel Kahn Gillmor Sat, 31 Jan 2009 17:32:58 -0500 + -- Jameson Graef Rollins Thu, 12 Feb 2009 21:50:54 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 988b450..600dfcf 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -20,12 +20,7 @@ if [ ${OK/y/Y} != 'Y' ] ; then failure "key not published." fi -# find the key fingerprint -fingerprint=$(fingerprint_host_key) - # publish host key -# FIXME: need to define how to do this -#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'" -echo "not published!!!" +gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" } -- cgit v1.2.3 From 9f033ac0c9a96acbbc583327026adb37e4d5a8a9 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 15 Feb 2009 23:25:51 -0500 Subject: Change import_key to take the path to the file to import as an argument. dkg won't like this, but I think it's necessary so that we can generate the ssh pub key file, which is needed for subsequenty works. --- src/share/mh/import_key | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 9415b4d..cab2cf5 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -13,11 +13,14 @@ import_key() { +local keyFile local hostName local userID -hostName=${1:-$(hostname -f)} +keyFile="$1" +[ -f "$keyFile" ] +hostName=${2:-$(hostname -f)} userID="ssh://${hostName}" # create host home @@ -26,14 +29,16 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ - gpg_host --import +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$keyFile" \ + | gpg_host --import # load the new host fpr into the fpr variable load_fingerprint_secret -# export to ssh public key file -create_ssh_pub_file +# export the host public key to the monkeysphere ssh pub key file +log debug "creating ssh public key file..." +ssh-keygen -y -f "$keyFile" > "$HOST_KEY_PUB" +log info "SSH host public key file: $HOST_KEY_PUB" # export to gpg public key to file create_gpg_pub_file -- cgit v1.2.3 From ea4d25a641c19dc66c6066f46070065e22d46d91 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 15 Feb 2009 23:27:12 -0500 Subject: unbreakout some functions that were broken out earlier for handling creating ssh key files, since they are actually done in different ways under different circumstances. --- src/monkeysphere-host | 21 ++------------------- src/share/mh/gen_key | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 25 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index f79c2bb..32d843b 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -97,23 +97,6 @@ gpg_host_export() { "0x${HOST_FINGERPRINT}!" } -# export the host secret key to the monkeysphere ssh sec key file -# NOTE: assumes that the primary key is the proper key to use -create_ssh_sec_file() { - log debug "creating ssh secret key file..." - (umask 077 && \ - gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ - openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") - log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key" -} - -# export the host public key to the monkeysphere ssh pub key file -create_ssh_pub_file() { - log debug "creating ssh public key file..." - ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" - log info "SSH host public key file: $HOST_KEY_PUB" -} - # export the host public key to the monkeysphere gpg pub key file create_gpg_pub_file() { log debug "creating openpgp public key file..." @@ -194,7 +177,7 @@ find_host_userid() { # show info about the host key show_key() { gpg_host --fingerprint --list-key --list-options show-unusable-uids \ - "0x${HOST_FINGERPRINT}!" 2>/dev/null + "0x${HOST_FINGERPRINT}!" 2>/dev/null || true # FIXME: make sure expiration date is shown echo "OpenPGP fingerprint: $HOST_FINGERPRINT" @@ -307,7 +290,7 @@ case $COMMAND in usage: $PGRM expert [options] [args] expert subcommands: - import-key (i) [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg gen-key (g) [NAME[:PORT]] generate gpg key for the host --length (-l) BITS key length in bits (2048) diagnostics (d) monkeysphere host status diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 873ed02..3b9a269 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -13,7 +13,7 @@ gen_key() { -local hostName=$(hostname -f) +local hostName local keyType="RSA" local keyLength="2048" local keyUsage="auth" @@ -37,7 +37,7 @@ Type '$PGRM help' for usage." esac done -hostName="$1" +hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" # create host home @@ -60,11 +60,18 @@ EOF # load the new host fpr into the fpr variable load_fingerprint_secret -# export to ssh secret key file -create_ssh_sec_file +# export the host secret key to the monkeysphere ssh sec key file +# NOTE: assumes that the primary key is the proper key to use +log debug "creating ssh secret key file..." +(umask 077 && \ + gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ + openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") +log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key" -# export to ssh public key file -create_ssh_pub_file +# export the host public key to the monkeysphere ssh pub key file +log debug "creating ssh public key file..." +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" +log info "SSH host public key file: $HOST_KEY_PUB" # export to gpg public key to file create_gpg_pub_file -- cgit v1.2.3 From 3a421784e75e8e720290b3cb3eef8a83746b0855 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 01:07:04 -0500 Subject: fix a bad reference to MATMPDIR --- src/monkeysphere-authentication | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 18057e5..2d6079f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -31,7 +31,7 @@ MADATADIR="${SYSDATADIR}/authentication" # temp directory to enable atomic moves of authorized_keys files MATMPDIR="${MADATADIR}/tmp" -export MSTMPDIR +export MATMPDIR # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') -- cgit v1.2.3 From b55981fb8aa689aede58ed7ab4d8692c52b5c472 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 01:08:28 -0500 Subject: make sure MHTMPDIR is defined and created --- src/monkeysphere-host | 4 ++++ src/share/mh/add_revoker | 2 +- src/share/mh/gen_key | 6 ++++-- src/share/mh/import_key | 6 ++++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 32d843b..d6e4c68 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -32,6 +32,10 @@ MHSHAREDIR="${SYSSHAREDIR}/mh" # datadir for host functions MHDATADIR="${SYSDATADIR}/host" +# temp directory for temp gnupghome directories for add_revoker +MHTMPDIR="${MHDATADIR}/tmp" +export MHTMPDIR + # host pub key files HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 8d160a8..5b637a5 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -53,7 +53,7 @@ if [ -f "$keyID" ] ; then fi else # create a temporary directory for storing the downloaded key - TMPLOC=$(mktemp -d ${MHTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + TMPLOC=$(mktemp -d "${MHTMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" # download the key from the keyserver as the monkeysphere user su_monkeysphere_user \ diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 3b9a269..96053bc 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -41,8 +41,10 @@ hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" # create host home -mkdir -p "$GNUPGHOME_HOST" -chmod 700 "$GNUPGHOME_HOST" +mkdir -p "${MHDATADIR}" +mkdir -p "${MHTMPDIR}" +mkdir -p "${GNUPGHOME_HOST}" +chmod 700 "${GNUPGHOME_HOST}" log debug "generating host key..." gpg_host --batch --gen-key < Date: Mon, 16 Feb 2009 01:10:02 -0500 Subject: start script to do a 0.22 -> 0.23 transition. still needs work (UNTESTED). --- src/transition_0.22_0.23 | 69 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100755 src/transition_0.22_0.23 diff --git a/src/transition_0.22_0.23 b/src/transition_0.22_0.23 new file mode 100755 index 0000000..3328e8c --- /dev/null +++ b/src/transition_0.22_0.23 @@ -0,0 +1,69 @@ +#!/bin/bash + +# This is a post-install script for monkeysphere, to transition an old +# (<=0.22) setup to the new (>0.22) setup + +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} + +MADATADIR="${SYSDATADIR}/authentication" +MHDATADIR="${SYSDATADIR}/host" + +############################################################ +### transfer host setup + +if [ -d "$SYSDATADIR"/gnupg-host ] ; then + + if [ -s "$SYSDATADIR"/ssh_host_rsa_key ] ; then + + # This would be simple, but it would generate a new pgp key, + #and we don't want that, right? + #monkeysphere-host expert import_key "$SYSDATADIR"/ssh_host_rsa_key + + # create host home + mkdir -p "${MHDATADIR}" + mkdir -p "${MHTMPDIR}" + mkdir -p "${GNUPGHOME_HOST}" + chmod 700 "${GNUPGHOME_HOST}" + + # transfer the host secret key from the old home to the new + GNUPGHOME="$SYSDATADIR"/gnupg-host gpg --export-secret-keys \ + GNUPGHOME="$MHDATADIR" gpg --import + + # make sure the ssh_host_rsa_key.pub and ssh_host_rsa_key.pub.gpg + # files exist + + # anything else? + + fi + + #rm -rf "$SYSDATADIR"/gnupg-host + +fi + +############################################################ +### transfer authentication setup + +# should we test for something else/better than the existence of this +# directory to know that we should go through the setup? +if [ -d "$SYSDATADIR"/gnupg-authentication ] ; then + + # run the authentication setup + monkeysphere-authentication setup + + # transfer certifiers + # FIXME: how? + # i think we'll need to run something like + # gpg_core_sphere_sig_transfer after transfering certifiers ltsigs + + # do we need to do some sort of transfer of ownertrust? + + # move the authorized_keys directory + mv "$SYSDATADIR"/authorized_keys "$MADATADIR"/ + + # do we need to transfer anything else? running update-users will + # regenerate everything else in the sphere keyring, right? + + #rm -rf "$SYSDATADIR"/gnupg-authentication + +fi + -- cgit v1.2.3 From 0c874fdd6abfa4b74d7805f2d2d121f08211b4aa Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 20:15:58 -0500 Subject: Stop all creation of a ssh_host_rsa_key.pub. Use openpgp2ssh to get the fingerprint from the host pgp public key. Prevents us from having to maintain the ssh pub key file, and generally makes things simpler. Also allows us to go back to having import_key take the key on stdin (which dkg will like). --- src/monkeysphere-host | 40 ++++++++++++---------------------------- src/share/mh/import_key | 18 ++++++------------ 2 files changed, 18 insertions(+), 40 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index d6e4c68..64023e0 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -37,8 +37,7 @@ MHTMPDIR="${MHDATADIR}/tmp" export MHTMPDIR # host pub key files -HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" -HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') @@ -95,17 +94,12 @@ gpg_host_edit() { "0x${HOST_FINGERPRINT}!" "$@" } -# export the host key to stdout -gpg_host_export() { - gpg_host --export --armor --export-options export-minimal \ - "0x${HOST_FINGERPRINT}!" -} - # export the host public key to the monkeysphere gpg pub key file create_gpg_pub_file() { log debug "creating openpgp public key file..." - gpg_host_export > "$HOST_KEY_PUB_GPG" - log info "GPG host public key file: $HOST_KEY_PUB_GPG" + gpg_host --export --armor --export-options export-minimal \ + "0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE" + log info "GPG host public key file: $HOST_KEY_FILE" } # load the host fingerprint into the fingerprint variable, using the @@ -114,12 +108,12 @@ create_gpg_pub_file() { # stuff. is there a way we can do this without having to create temp # files? load_fingerprint() { - if [ -f "$HOST_KEY_PUB_GPG" ] ; then + if [ -f "$HOST_KEY_FILE" ] ; then HOST_FINGERPRINT=$( \ (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ && gpg --quiet --import \ && gpg --quiet --list-keys --with-colons --with-fingerprint \ - && rm -rf "$FUBAR") <"$HOST_KEY_PUB_GPG" \ + && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ | grep '^fpr:' | cut -d: -f10 ) else HOST_FINGERPRINT= @@ -135,13 +129,6 @@ load_fingerprint_secret() { | grep '^fpr:' | cut -d: -f10 ) } -# output host key ssh fingerprint -load_ssh_fingerprint() { - [ -f "$HOST_KEY_PUB" ] || return 0 - HOST_FINGERPRINT_SSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" \ - | awk '{ print $1, $2, $4 }') -} - # fail if host key present check_host_key() { [ -z "$HOST_FINGERPRINT" ] \ @@ -186,13 +173,11 @@ show_key() { echo "OpenPGP fingerprint: $HOST_FINGERPRINT" - load_ssh_fingerprint - - if [ "$HOST_FINGERPRINT_SSH" ] ; then - echo "ssh fingerprint: $HOST_FINGERPRINT_SSH" - else - log error "SSH host key not found." - fi + echo -n "ssh fingerprint: " + ssh-keygen -l -f /dev/stdin \ + <<<$( gpg_host --export FEE16FA3 2>/dev/null \ + | openpgp2ssh 8445B5203A8443B4B04F637DD4DE66B2FEE16FA3 2>/dev/null) \ + | awk '{ print $1, $2, $4 }' # FIXME: other relevant key parameters? } @@ -229,7 +214,6 @@ export KEYSERVER export GNUPGHOME_HOST export GNUPGHOME export HOST_FINGERPRINT= -export HOST_FINGERPRINT_SSH= # get subcommand COMMAND="$1" @@ -294,7 +278,7 @@ case $COMMAND in usage: $PGRM expert [options] [args] expert subcommands: - import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg + import-key (i) [NAME[:PORT]] import existing ssh key to gpg gen-key (g) [NAME[:PORT]] generate gpg key for the host --length (-l) BITS key length in bits (2048) diagnostics (d) monkeysphere host status diff --git a/src/share/mh/import_key b/src/share/mh/import_key index e5982ca..74dc0b3 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -13,14 +13,10 @@ import_key() { -local keyFile local hostName local userID -keyFile="$1" -[ -f "$keyFile" ] - -hostName=${2:-$(hostname -f)} +hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" # create host home @@ -31,17 +27,15 @@ chmod 700 "${GNUPGHOME_HOST}" log verbose "importing ssh key..." # translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$keyFile" \ +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ | gpg_host --import -# load the new host fpr into the fpr variable +# load the new host fpr into the fpr variable. this is so we can +# create the gpg pub key file. we have to do this from the secret key +# ring since we obviously don't have the gpg pub key file yet, since +# that's what we're trying to produce (see below). load_fingerprint_secret -# export the host public key to the monkeysphere ssh pub key file -log debug "creating ssh public key file..." -ssh-keygen -y -f "$keyFile" > "$HOST_KEY_PUB" -log info "SSH host public key file: $HOST_KEY_PUB" - # export to gpg public key to file create_gpg_pub_file -- cgit v1.2.3 From e93a298ec6f9abd80e30a933b0dd84c764d11bff Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 21:28:32 -0500 Subject: REMOVE GEN_KEY. The gen_key function is entirely removed. Decided this was OK now that import_key works, and we can't really see a reason to keep it around. We can resurect it down the line if need be. Also, removed "expert" subcommand, after promting import_key, since it may be need semi-regularly. The other "expert" commands are now just not listed in the usage. --- man/man8/monkeysphere-authentication.8 | 27 +++++------ man/man8/monkeysphere-host.8 | 46 ++++++------------- src/monkeysphere-authentication | 38 +++------------ src/monkeysphere-host | 53 +++++---------------- src/share/mh/gen_key | 84 ---------------------------------- 5 files changed, 43 insertions(+), 205 deletions(-) delete mode 100644 src/share/mh/gen_key diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 2b0091e..4187c70 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -60,6 +60,17 @@ Instruct system to ignore user identity certifications made by KEYID. List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-id-certifiers'. .TP +.B diagnostics +Review the state of the server with respect to authentication. `d' +may be used in place of `diagnostics'. +.TP +.B gpg-cmd +Execute a gpg command, as the monkeysphere user, on the monkeysphere +authentication "sphere" keyring. This takes a single argument +(multiple gpg arguments need to be quoted). Use this command with +caution, as modifying the authentication sphere keyring can affect ssh +user authentication. +.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. @@ -67,22 +78,6 @@ Output a brief usage summary. `h' or `?' may be used in place of .B version show version number -.SH "EXPERT" SUBCOMMANDS - -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. -.TP -.B diagnostics -Review the state of the server with respect to authentication. `d' -may be used in place of `diagnostics'. -.TP -.B gpg-cmd -Execute a gpg command on the gnupg-authentication keyring as the -monkeysphere user. This takes a single command (multiple gpg -arguments need to be quoted). Use this command with caution, as -modifying the gnupg-authentication keyring can affect ssh user -authentication. - .SH SETUP USER AUTHENTICATION If the server will handle user authentication through diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 78b6b4a..062f0aa 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -61,33 +61,13 @@ Revoke the host's OpenPGP key. `r' may be used in place of Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. .TP -.B help -Output a brief usage summary. `h' or `?' may be used in place of -`help'. -.TP -.B version -show version number - -.SH "EXPERT" SUBCOMMANDS - -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. -.TP -.B gen-key [HOSTNAME] -Generate a OpenPGP key for the host. If HOSTNAME is not specified, -then the system fully-qualified domain name will be user. An -alternate key bit length can be specified with the `-l' or `--length' -option (default 2048). An expiration length can be specified with the -`-e' or `--expire' option (prompt otherwise). The expiration format -is the same as that of \fBextend-key\fP, below. `g' may be used in -place of `gen-key'. -.TP -.B import-key -FIXME: - import-key (i) import existing ssh key to gpg - --hostname (-h) NAME[:PORT] hostname for key user ID - --keyfile (-f) FILE key file to import - --expire (-e) EXPIRE date to expire +.B import-key [NAME[:PORT]] +Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is +used to specify the hostname (and port) used in the user ID of the new +OpenPGP key. If NAME is not specified, then the system +fully-qualified domain name will be used (ie. `hostname -f'). If PORT +is not specified, the no port is added to the user ID, which means +port 22 is assumed. `i' may be used in place of `import-key'. .TP .B diagnostics Review the state of the monkeysphere server host key and report on @@ -95,6 +75,13 @@ suggested changes. Among other checks, this includes making sure there is a valid host key, that the key is published, that the sshd configuration points to the right place, etc. `d' may be used in place of `diagnostics'. +.TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. +.TP +.B version +show version number .SH SETUP HOST AUTHENTICATION @@ -104,11 +91,6 @@ publish the host key to the keyservers, run the following command: $ monkeysphere-host publish-key -You must also modify the sshd_config on the server to tell sshd where -the new server host key is located: - -HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key - In order for users logging into the system to be able to identify the host via the monkeysphere, at least one person (e.g. a server admin) will need to sign the host's key. This is done using standard OpenPGP diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 2d6079f..4a09527 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -61,12 +61,10 @@ subcommands: remove-id-certifier (c-) KEYID remove a certification key list-id-certifiers (c) list certification keys - expert run expert command - expert help expert command help - version (v) show version number help (h,?) this help +See ${PGRM}(8) for more info. EOF } @@ -176,35 +174,13 @@ case $COMMAND in list_certifiers "$@" ;; - 'expert') - SUBCOMMAND="$1" - shift - case "$SUBCOMMAND" in - 'help'|'h'|'?') - cat < [options] [args] - -expert subcommands: - diagnostics (d) monkeysphere authentication status - gpg-cmd CMD execute gpg command - -EOF - ;; - - 'diagnostics'|'d') - source "${MASHAREDIR}/diagnostics" - diagnostics - ;; - - 'gpg-cmd') - gpg_sphere "$@" - ;; + 'diagnostics'|'d') + source "${MASHAREDIR}/diagnostics" + diagnostics + ;; - *) - failure "Unknown expert subcommand: '$COMMAND' -Type '$PGRM help' for usage." - ;; - esac + 'gpg-cmd') + gpg_sphere "$@" ;; 'version'|'v') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 64023e0..2e69d41 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -66,12 +66,12 @@ subcommands: revoke-key (r) revoke host key publish-key (p) publish host key to keyserver - expert run expert command - expert help expert command help + import-key (i) [NAME[:PORT]] import existing ssh key to gpg version (v) show version number help (h,?) this help +See ${PGRM}(8) for more info. EOF } @@ -269,47 +269,16 @@ case $COMMAND in publish_key ;; - 'expert') - SUBCOMMAND="$1" - shift - case "$SUBCOMMAND" in - 'help'|'h'|'?') - cat < [options] [args] - -expert subcommands: - import-key (i) [NAME[:PORT]] import existing ssh key to gpg - gen-key (g) [NAME[:PORT]] generate gpg key for the host - --length (-l) BITS key length in bits (2048) - diagnostics (d) monkeysphere host status + 'import-key'|'i') + load_fingerprint + check_host_key + source "${MHSHAREDIR}/import_key" + import_key "$@" + ;; -EOF - ;; - - 'import-key'|'i') - load_fingerprint - check_host_key - source "${MHSHAREDIR}/import_key" - import_key "$@" - ;; - - 'gen-key'|'g') - load_fingerprint - check_host_key - source "${MHSHAREDIR}/gen_key" - gen_key "$@" - ;; - - 'diagnostics'|'d') - source "${MHSHAREDIR}/diagnostics" - diagnostics - ;; - - *) - failure "Unknown expert subcommand: '$COMMAND' -Type '$PGRM help' for usage." - ;; - esac + 'diagnostics'|'d') + source "${MHSHAREDIR}/diagnostics" + diagnostics ;; 'version'|'v') diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key deleted file mode 100644 index 96053bc..0000000 --- a/src/share/mh/gen_key +++ /dev/null @@ -1,84 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host gen-key subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -gen_key() { - -local hostName -local keyType="RSA" -local keyLength="2048" -local keyUsage="auth" -local keyExpire="0" -local userID - -# get options -while true ; do - case "$1" in - -l|--length) - keyLength="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - break - ;; - esac -done - -hostName=${1:-$(hostname -f)} -userID="ssh://${hostName}" - -# create host home -mkdir -p "${MHDATADIR}" -mkdir -p "${MHTMPDIR}" -mkdir -p "${GNUPGHOME_HOST}" -chmod 700 "${GNUPGHOME_HOST}" - -log debug "generating host key..." -gpg_host --batch --gen-key < "${MHDATADIR}/ssh_host_rsa_key") -log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key" - -# export the host public key to the monkeysphere ssh pub key file -log debug "creating ssh public key file..." -ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" -log info "SSH host public key file: $HOST_KEY_PUB" - -# export to gpg public key to file -create_gpg_pub_file - -# show info about new key -show_key - -} -- cgit v1.2.3 From cc26b64f9d83de2d9e567f9a1c223233fe0bb860 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 21:39:17 -0500 Subject: fix reference to HOST_FINGERPRINT in show-key, and fix some references to "expert" in test. --- src/monkeysphere-host | 4 ++-- tests/basic | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 2e69d41..bd956e0 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -175,8 +175,8 @@ show_key() { echo -n "ssh fingerprint: " ssh-keygen -l -f /dev/stdin \ - <<<$( gpg_host --export FEE16FA3 2>/dev/null \ - | openpgp2ssh 8445B5203A8443B4B04F637DD4DE66B2FEE16FA3 2>/dev/null) \ + <<<$( gpg_host --export "$HOST_FINGERPRINT" 2>/dev/null \ + | openpgp2ssh "$HOST_FINGERPRINT" 2>/dev/null) \ | awk '{ print $1, $2, $4 }' # FIXME: other relevant key parameters? diff --git a/tests/basic b/tests/basic index 9844454..4c19a85 100755 --- a/tests/basic +++ b/tests/basic @@ -166,9 +166,9 @@ EOF # import host key echo "##################################################" -echo "### testing host key importing..." +echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host expert import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key # change host key expiration echo "##################################################" -- cgit v1.2.3 From f109b94f07ff55cf99976dc3cfe23b54b3797ad8 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 23:45:28 -0500 Subject: add some minimal checks to import_key that the default hostname is legitimate. --- src/share/mh/import_key | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 74dc0b3..ac31133 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -14,9 +14,27 @@ import_key() { local hostName +local domain local userID -hostName=${1:-$(hostname -f)} +hostName="$1" + +# use the default hostname if not specified +if [ -z "$hostName" ] ; then + hostName=$(hostname -f) + # test that the domain is not obviously illegitimate + domain=${foo##*.} + case $domain in + 'local'|'localdomain') + failure "Host domain '$domain' is not legitimate. Aborting key import." + ;; + esac + # test that there are at least two parts + if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then + failure "Host name '$hostName' is not legitimate. Aborting key import." + fi +fi + userID="ssh://${hostName}" # create host home -- cgit v1.2.3 From 26ff353050a173bea139cce630d47b91ee2b95b6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 16 Feb 2009 23:57:55 -0500 Subject: make host show_key use just the pgp pub key file to get the ssh fingerprint, as it should have been doing before --- src/monkeysphere-host | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index bd956e0..ff28486 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -175,8 +175,7 @@ show_key() { echo -n "ssh fingerprint: " ssh-keygen -l -f /dev/stdin \ - <<<$( gpg_host --export "$HOST_FINGERPRINT" 2>/dev/null \ - | openpgp2ssh "$HOST_FINGERPRINT" 2>/dev/null) \ + <<<$(openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null) \ | awk '{ print $1, $2, $4 }' # FIXME: other relevant key parameters? -- cgit v1.2.3 From 650969a09be64ceda9a9773b1ba1803584ca9ada Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 00:26:09 -0500 Subject: check host for gpg pub key file instead of fingerprint, and modify show_key to be able to show full key info to all users. --- src/monkeysphere-host | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index ff28486..6220760 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -131,14 +131,14 @@ load_fingerprint_secret() { # fail if host key present check_host_key() { - [ -z "$HOST_FINGERPRINT" ] \ + [ ! -s "$HOST_KEY_FILE" ] \ || failure "An OpenPGP host key already exists." } # fail if host key not present check_host_no_key() { - [ "$HOST_FINGERPRINT" ] \ - || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host expert import-key' first." + [ -s "$HOST_KEY_FILE" ] \ + || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host import-key' first." } # output the index of a user ID on the host key @@ -167,18 +167,34 @@ find_host_userid() { # show info about the host key show_key() { - gpg_host --fingerprint --list-key --list-options show-unusable-uids \ - "0x${HOST_FINGERPRINT}!" 2>/dev/null || true - # FIXME: make sure expiration date is shown + local GNUPGHOME + # tmp gpghome dir + export GNUPGHOME=$(mktemp -d) + + # trap to remove tmp dir if break + trap "rm -rf $GNUPGHOME" EXIT + + gpg --quiet --import <"$HOST_KEY_FILE" + + HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ + | grep '^fpr:' | cut -d: -f10 ) + + # list the host key info + gpg --list-key --fingerprint --list-options show-unusable-uids 2>/dev/null + + # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" + # list the ssh fingerprint echo -n "ssh fingerprint: " ssh-keygen -l -f /dev/stdin \ <<<$(openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null) \ | awk '{ print $1, $2, $4 }' - # FIXME: other relevant key parameters? + # remove the tmp file + trap - EXIT + rm -rf "$GNUPGHOME" } ######################################################################## @@ -221,61 +237,60 @@ shift case $COMMAND in 'show-key'|'show'|'s') - load_fingerprint check_host_no_key show_key ;; 'set-expire'|'extend-key'|'e') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/set_expire" set_expire "$@" ;; 'add-hostname'|'add-name'|'n+') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/add_hostname" add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/revoke_hostname" revoke_hostname "$@" ;; 'add-revoker'|'o') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/add_revoker" add_revoker "$@" ;; 'revoke-key'|'r') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/revoke_key" revoke_key "$@" ;; 'publish-key'|'publish'|'p') - load_fingerprint check_host_no_key + load_fingerprint source "${MHSHAREDIR}/publish_key" publish_key ;; 'import-key'|'i') - load_fingerprint check_host_key source "${MHSHAREDIR}/import_key" import_key "$@" ;; 'diagnostics'|'d') + load_fingerprint source "${MHSHAREDIR}/diagnostics" diagnostics ;; -- cgit v1.2.3 From 54e5dd2bd3d63238142c748c64fdf66135a47136 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 00:36:07 -0500 Subject: fix a couple of left over references to expert --- src/monkeysphere-authentication | 4 ++-- src/monkeysphere-host | 3 ++- src/share/ma/diagnostics | 2 +- src/share/mh/diagnostics | 2 +- tests/basic | 12 ++++++------ 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 4a09527..465777d 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -86,8 +86,8 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } -# load the core fingerprint into the fingerprint variable, using the -# gpg host secret key +# output to stdout the core fingerprint from the gpg core secret +# keyring core_fingerprint() { log debug "determining core key fingerprint..." gpg_core --quiet --list-secret-key \ diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 6220760..8562ec6 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -181,7 +181,8 @@ show_key() { | grep '^fpr:' | cut -d: -f10 ) # list the host key info - gpg --list-key --fingerprint --list-options show-unusable-uids 2>/dev/null + gpg --list-keys --fingerprint \ + --list-options show-unusable-uids 2>/dev/null # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 45a8ce2..0411080 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -120,7 +120,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-authentication expert diagnostics" + echo " monkeysphere-authentication diagnostics" else echo "Everything seems to be in order!" fi diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 96065e6..d774723 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -152,7 +152,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-host expert diagnostics" + echo " monkeysphere-host diagnostics" else echo "Everything seems to be in order!" fi diff --git a/tests/basic b/tests/basic index 4c19a85..d78a594 100755 --- a/tests/basic +++ b/tests/basic @@ -170,17 +170,17 @@ echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +echo "##################################################" +echo "### getting host key fingerprint..." +HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$HOSTKEYID" + # change host key expiration echo "##################################################" echo "### setting host key expiration..." monkeysphere-host set-expire 1 # FIXME: how do we check that the expiration has really been set? -echo "##################################################" -echo "### getting host key fingerprint..." -HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) -echo "$HOSTKEYID" - # certify host key with the "Admin's Key". # (this would normally be done via keyservers) echo "##################################################" @@ -236,7 +236,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "##################################################" echo "### export testuser key to server..." -gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import +gpg --export testuser | monkeysphere-authentication gpg-cmd --import # update authorized_keys for user echo "##################################################" -- cgit v1.2.3 From 440ee625fb6bd21ccb21f458a3d2474b19a174fe Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 17 Feb 2009 00:56:34 -0500 Subject: update m-a list-identity-certifiers: output is not yet human-readable, but it should be more accurate. --- src/share/ma/list_certifiers | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index d8b8f33..5a0388e 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -17,21 +17,42 @@ list_certifiers() { local keys local key +local authfpr # find trusted keys in sphere keychain log debug "finding trusted keys..." -# NOTE: looking for only 'f' keys here (used to be '(u|f)'), since the -# only key that should be 'u' is the core key, which is not -# technically a certifier in the sense we're worried about. Is this -# not correct? Should we be sorting out the certifier keys in a -# different way? -keys=$(gpg_sphere "--list-keys --with-colons --fingerprint" | \ - grep ^pub: | cut -d: -f2,5 | egrep '^f:' | cut -d: -f2) - -# output keys -for key in $keys ; do - gpg_sphere "--list-key --fingerprint 0x${key}!" +# FIXME: this assumes that the keygrip (16 hex chars) is unique; we're +# only searching by keygrip at the moment. + +authgrip=$(core_fingerprint | cut -b 25-40) + +# We're walking the list of known signatures, and extracting all trust +# signatures made by the core fingerprint and known to the sphere +# keyring. + +# for each one of these, we're printing (colon-delimited): the +# fingerprint, the trust depth, the trust level (60 == marginal, 120 +# == full), and the domain regex (if any): + +gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ + cut -f 1,2,5,8,9,10 -d: | \ + egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ + while IFS=: read -r type validity grip trustparams trustdomain fpr ; do + case $type in + 'fpr') # this is a new key + keyfpr=$fpr + ;; + 'sig') # print all trust signatures, including regexes if present + trustdepth=${trustparams%% *} + trustlevel=${trustparams##* } + + # FIXME: this is clumsy and not human-friendly. we should + # print out more human-readable information, if possible. + printf "%s:%d:%d:%s\n" "$keyfpr" "$trustdepth" "$trustlevel" "$trustdomain" + ;; + esac done + } -- cgit v1.2.3 From c28fa7681093d282acad7f14ecad99b6e209c056 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 02:02:23 -0500 Subject: set ultimate ownertrust on hostkey after import --- src/share/mh/import_key | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index ac31133..ed6ee4f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -54,6 +54,12 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ # that's what we're trying to produce (see below). load_fingerprint_secret +# set ultimate owner trust on the newly imported key +printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust + +# update trustdb +gpg_host --check-trustdb + # export to gpg public key to file create_gpg_pub_file -- cgit v1.2.3 From 13ff1e0198424833a9fd110a4373c3511dbb7614 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 02:02:58 -0500 Subject: tweak the show-key output, and fix some comments. --- src/monkeysphere-host | 10 ++++++++-- src/share/mh/add_revoker | 1 - src/share/mh/revoke_hostname | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 8562ec6..9d3ccb1 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -89,6 +89,8 @@ gpg_host_list() { } # command for edit key scripts, takes scripts on stdin +# FIXME: should we supress all the edit script spew? or pipe it +# through log debug? gpg_host_edit() { gpg_host --quiet --command-fd 0 --edit-key \ "0x${HOST_FINGERPRINT}!" "$@" @@ -106,7 +108,7 @@ create_gpg_pub_file() { # export gpg pub key file # FIXME: this seems much less than ideal, with all this temp keyring # stuff. is there a way we can do this without having to create temp -# files? +# files? what if we stored the fingerprint in MHDATADIR/fingerprint? load_fingerprint() { if [ -f "$HOST_KEY_FILE" ] ; then HOST_FINGERPRINT=$( \ @@ -181,8 +183,12 @@ show_key() { | grep '^fpr:' | cut -d: -f10 ) # list the host key info + # FIXME: make no-show-keyring work so we don't have to do the grep'ing + # FIXME: why is this not showing key expiration? gpg --list-keys --fingerprint \ - --list-options show-unusable-uids 2>/dev/null + --list-options show-unusable-uids 2>/dev/null \ + | grep -v "^${GNUPGHOME}/pubring.gpg$" \ + | egrep -v '^-+$' # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 5b637a5..b6affbb 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -84,7 +84,6 @@ if [ "${OK/y/Y}" != 'Y' ] ; then fi # edit-key script to add revoker -# NOTE: *all* user IDs will be ltsigned addrevokerCommand=$(cat < Date: Tue, 17 Feb 2009 02:23:17 -0500 Subject: rename create_gpg_pub_file to be update_gpg_pub_file, and add it to every function that alters the host keyring, so that all changes will show up in exported pub key file, and in show-key. --- src/monkeysphere-host | 10 +++++----- src/share/mh/add_hostname | 2 ++ src/share/mh/add_revoker | 2 ++ src/share/mh/import_key | 2 +- src/share/mh/revoke_hostname | 2 ++ src/share/mh/set_expire | 2 ++ 6 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 9d3ccb1..a7b9697 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -97,11 +97,10 @@ gpg_host_edit() { } # export the host public key to the monkeysphere gpg pub key file -create_gpg_pub_file() { - log debug "creating openpgp public key file..." +update_gpg_pub_file() { + log debug "updating openpgp public key file '$HOST_KEY_FILE'..." gpg_host --export --armor --export-options export-minimal \ "0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE" - log info "GPG host public key file: $HOST_KEY_FILE" } # load the host fingerprint into the fingerprint variable, using the @@ -140,7 +139,8 @@ check_host_key() { # fail if host key not present check_host_no_key() { [ -s "$HOST_KEY_FILE" ] \ - || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host import-key' first." + || failure "You don't appear to have a Monkeysphere host key on this server. +Please run 'monkeysphere-host import-key' first." } # output the index of a user ID on the host key @@ -184,7 +184,7 @@ show_key() { # list the host key info # FIXME: make no-show-keyring work so we don't have to do the grep'ing - # FIXME: why is this not showing key expiration? + # FIXME: can we show uid validity somehow? gpg --list-keys --fingerprint \ --list-options show-unusable-uids 2>/dev/null \ | grep -v "^${GNUPGHOME}/pubring.gpg$" \ diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 46326bb..910faf6 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -51,6 +51,8 @@ EOF # execute edit-key script if echo "$adduidCommand" | gpg_host_edit ; then + update_gpg_pub_file + show_key echo diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index b6affbb..1464ae8 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -97,6 +97,8 @@ failure "not implemented yet!" if echo "$addrevokerCommand" | \ gpg_core_edit ; then + update_gpg_pub_file + log info "Revoker added." else failure "Problem adding revoker." diff --git a/src/share/mh/import_key b/src/share/mh/import_key index ed6ee4f..6f12b7f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -61,7 +61,7 @@ printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust gpg_host --check-trustdb # export to gpg public key to file -create_gpg_pub_file +update_gpg_pub_file # show info about new key show_key diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 3addf90..99ba603 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -65,6 +65,8 @@ EOF # execute edit-key script if echo "$revuidCommand" | gpg_host_edit ; then + update_gpg_pub_file + show_key echo diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index b03e0d0..0b581d9 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -29,6 +29,8 @@ $extendTo save EOF +update_gpg_pub_file + cat < Date: Tue, 17 Feb 2009 15:19:40 -0500 Subject: add some checks about setup to authentication --- man/man8/monkeysphere-authentication.8 | 6 ++++-- src/monkeysphere-authentication | 13 +++++++++++++ src/share/ma/setup | 4 +++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 4187c70..9b8baa9 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -24,8 +24,10 @@ authentication. \fBmonkeysphere-authentication\fP takes various subcommands. .TP .B setup -Setup the server for Monkeysphere user authentication. `s' may be -used in place of `setup'. +Setup the server for Monkeysphere user authentication. This command +is idempotent, which means it can be run multiple times to make sure +the setup is correct, without adversely affecting existing setups. +`s' may be used in place of `setup'. .TP .B update-users [ACCOUNT]... Rebuild the monkeysphere-controlled authorized_keys files. For each diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 465777d..60cb5f2 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -95,6 +95,14 @@ core_fingerprint() { | grep ^fpr: | cut -d: -f10 } +# fail if authentication has not been setup +check_no_setup() { + # FIXME: what is the right test to do here? + [ -d "$MADATADIR" ] \ + || failure "This host appears to have not yet been set up for Monkeysphere authentication. +Please run 'monkeysphere-authentication setup' first." +} + # export signatures from core to sphere gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." @@ -155,21 +163,25 @@ case $COMMAND in ;; 'update-users'|'update-user'|'u') + check_no_setup source "${MASHAREDIR}/update_users" update_users "$@" ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_no_setup source "${MASHAREDIR}/add_certifier" add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_no_setup source "${MASHAREDIR}/remove_certifier" remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_no_setup source "${MASHAREDIR}/list_certifiers" list_certifiers "$@" ;; @@ -180,6 +192,7 @@ case $COMMAND in ;; 'gpg-cmd') + check_no_setup gpg_sphere "$@" ;; diff --git a/src/share/ma/setup b/src/share/ma/setup index 02fc069..f59187b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -70,7 +70,7 @@ EOF fi else - log verbose "This system has already set up the Monkeysphere authentication trust core." + log verbose "Monkeysphere authentication trust core already exists." fi # export the core key to the sphere keyring @@ -91,6 +91,7 @@ EOF fi else failure "Could not get monkeysphere-authentication trust guidelines." + # FIXME: what does this mean? should we suggest how to fix? fi # ensure that we're using the extended trust model (1), and that @@ -102,5 +103,6 @@ EOF log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." + # FIXME: what does this mean? should we suggest how to fix? fi } -- cgit v1.2.3 From f85639e234d72429a2d848b1b875d615a47bf120 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:07:24 -0500 Subject: add test to su_monkeysphere_user to check that the user is monkeysphere user or root, and fail otherwise. this is so that there is no password prompt for unpriviledged users (see bug #519). --- src/share/common | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/share/common b/src/share/common index 42df684..773c11f 100644 --- a/src/share/common +++ b/src/share/common @@ -92,15 +92,22 @@ log() { # run command as monkeysphere user su_monkeysphere_user() { - # if the current user is the monkeysphere user, then just eval - # command - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - bash -c "$@" + case $(id -un) in + # if monkeysphere user, run the command under bash + "$MONKEYSPHERE_USER") + bash -c "$@" + ;; - # otherwise su command as monkeysphere user - else - su "$MONKEYSPHERE_USER" -c "$@" - fi + # if root, su command as monkeysphere user + 'root') + su "$MONKEYSPHERE_USER" -c "$@" + ;; + + # otherwise, fail + *) + log error "non-privileged user." + ;; + esac } # cut out all comments(#) and blank lines from standard input -- cgit v1.2.3 From d2874b94fedbe6d043d44ca3562879251e6ea10f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:09:44 -0500 Subject: add ability to bypass prompting with a MONKEYSPHERE_PROMPT variable, for functions that prompt for confirmation. Also fix publish_key function (NOT TESTED). --- src/monkeysphere-authentication | 9 +++++++-- src/monkeysphere-host | 13 +++++++++---- src/share/ma/add_certifier | 8 +------- src/share/ma/remove_certifier | 7 +++++-- src/share/mh/add_hostname | 14 +++++++++----- src/share/mh/add_revoker | 12 ++++++++---- src/share/mh/publish_key | 29 +++++++++++++++++++++++++---- src/share/mh/revoke_hostname | 14 +++++++++----- src/share/mh/set_expire | 9 +++++++++ tests/basic | 2 +- 10 files changed, 83 insertions(+), 34 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 60cb5f2..c349e6f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -114,11 +114,14 @@ gpg_core_sphere_sig_transfer() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset AUTHORIZED_USER_IDS unset RAW_AUTHORIZED_KEYS unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG" @@ -130,6 +133,7 @@ KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -142,8 +146,9 @@ CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY export GNUPGHOME_CORE diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a7b9697..2dc6003 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -177,6 +177,7 @@ show_key() { # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT + # import the host key into the tmp dir gpg --quiet --import <"$HOST_KEY_FILE" HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ @@ -208,9 +209,12 @@ show_key() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG" @@ -219,9 +223,8 @@ unset MONKEYSPHERE_USER # defaults LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} -AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} -RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -231,8 +234,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT +export CHECK_KEYSERVER export GNUPGHOME_HOST export GNUPGHOME export HOST_FINGERPRINT= diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 28c229a..54ea673 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,8 +36,6 @@ local fingerprint local ltsignCommand local trustval -PROMPT=true - # get options while true ; do case "$1" in @@ -53,10 +51,6 @@ while true ; do depth="$2" shift 2 ;; - -y) - PROMPT=false - shift 1 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -114,7 +108,7 @@ fi log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -if [ "$PROMPT" = true ] ; then +if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 4e56264..8271ae0 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -23,13 +23,16 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to remove." fi -if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then +# FIXME: should we be doing a fancier list_certifier output here? +gpg_core --list-key --fingerprint "0x${keyID}!" || failure + +if [ "$PROMPT" = "true" ] ; then read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi else - failure + log debug "certifier removed without prompting." fi # delete the requested key from the sphere keyring diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 910faf6..70bbec3 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -31,11 +31,15 @@ userID="ssh://${1}" find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." -echo "The following user ID will be added to the host key:" -echo " $userID" -read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not added." +if [ "$PROMPT" = "true" ] ; then + echo "The following user ID will be added to the host key:" + echo " $userID" + read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not added." + fi +else + log debug "adding user ID without prompting." fi # edit-key script command to add user ID diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 1464ae8..b4113df 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -77,10 +77,14 @@ fi log info "key found:" gpg_host --fingerprint "0x${fingerprint}!" -echo "Are you sure you want to add the above key as a" -read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} -if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Revoker not added." +if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "revoker not added." + fi +else + log debug "adding revoker without prompting." fi # edit-key script to add revoker diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 600dfcf..b433ad7 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -15,12 +15,33 @@ publish_key() { -read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "key not published." +local GNUPGHOME + +if [ "$PROMPT" = "true" ] ; then + read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "key not published." + fi +else + log debug "publishing key without prompting." fi +# create a temporary gnupg directory from which to publish the key +export GNUPGHOME=$(mktemp -d) + +# trap to remove tmp dir if break +trap "rm -rf $GNUPGHOME" EXIT + +# import the host key into the tmp dir +su_monkeysphere_user \ + "gpg --quiet --import" <"$HOST_KEY_FILE" + # publish host key -gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" +su_monkeysphere_user \ + "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" + +# remove the tmp file +trap - EXIT +rm -rf "$GNUPGHOME" } diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 99ba603..77f1f0d 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -42,11 +42,15 @@ userID="ssh://${1}" uidIndex=$(find_host_userid) || \ failure "No non-revoked user ID found matching '$userID'." -echo "The following host key user ID will be revoked:" -echo " $userID" -read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not revoked." +if [ "$PROMPT" = "true" ] ; then + echo "The following host key user ID will be revoked:" + echo " $userID" + read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." + fi +else + log debug "revoking user ID without prompting." fi # edit-key script command to revoke user ID diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 0b581d9..14d2501 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -21,6 +21,15 @@ local extendTo # get the new expiration date extendTo=$(get_gpg_expiration "$1") +if [ "$PROMPT" = "true" ] ; then + read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "expiration not set." + fi +else + log debug "extending without prompting." +fi + log info "setting host key expiration to ${extendTo}:" log debug "executing host expire script..." diff --git a/tests/basic b/tests/basic index d78a594..9114f32 100755 --- a/tests/basic +++ b/tests/basic @@ -242,7 +242,7 @@ gpg --export testuser | monkeysphere-authentication gpg-cmd --import echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) -# FIXME: NOT FAILING PROPERLY FOR: +# FIXME: this is maybe not failing properly for: # ms: improper group or other writability on path '/tmp'. -- cgit v1.2.3 From 72f145629c3c626a30aa08e6100f298cd31a30c2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:16:58 -0500 Subject: add README to tests/ directory --- tests/README | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 tests/README diff --git a/tests/README b/tests/README new file mode 100644 index 0000000..2bc981c --- /dev/null +++ b/tests/README @@ -0,0 +1,31 @@ +Monkeysphere test infrastructure +================================ + +These are scripts to test various aspects of the Monkeysphere system. + +Some notes about getting started working on the monkeysphere test +infrastructure: + +- the tests can and should be run as a non-privileged user. since the + tests do potentially destructive things (like wiping out and + recreating gpg keyrings) they should definitely *not* be run as + root. it may even be advisable to run them as a different, + dedicated user, so that any goofs you make while updating the test + infrastructure don't compromise your main account. + +- you do not need the monkeysphere package installed locally, though + you will need the monkeysphere dependencies installed locally. + +- the idea with this script is to do the following: + + - set up test server infrastructure + - test the server setup + - set up test user + - test an ssh connection between test user and test server + - modify server/user setup and rerun ssh_test to make sure it + suceeds/fails as expected + +- there are various FIXMEs in the script that outline some of the + further testing that should be undertaken. + +- good documentation in the code in the form of comments are needed. -- cgit v1.2.3 From 25e870d1d7109f9e37460c26de4a05a05adfc760 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:43:20 -0500 Subject: remove setting of ultimate owner trust on imported host key, since we probably don't want the host keyring to be accepting any certifications for anything. --- src/share/mh/import_key | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 6f12b7f..d14fc13 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -54,12 +54,6 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ # that's what we're trying to produce (see below). load_fingerprint_secret -# set ultimate owner trust on the newly imported key -printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust - -# update trustdb -gpg_host --check-trustdb - # export to gpg public key to file update_gpg_pub_file -- cgit v1.2.3