From 48cd196efb86f8661fbf77552ef6c26b11fe20c6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 10 Jun 2008 17:34:08 -0400 Subject: Add some skeletal debian packaging stuff and man pages, and moved conf files to etc directory. --- debian/control | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 debian/control (limited to 'debian/control') diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..bd53601 --- /dev/null +++ b/debian/control @@ -0,0 +1,13 @@ +Source: monkeysphere +Section: net +Priority: extra +Maintainer: Daniel Kahn Gillmor +Uploaders: Jameson Rollins +Build-Depends: debhelper (>= 5.0) +Standards-Version: 3.7.3 +XS-Dm-Upload-Allowed: yes + +Package: monkeysphere +Architecture: all +Depends: ssh, gnupg, gnupg2 +Description: use GNUPG for ssh connections -- cgit v1.2.3 From aab44f1575a6aff0417403160a83ec57930fa094 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Jun 2008 17:32:53 -0400 Subject: tweaking debian packaging instructions. Still far from done --- debian/compat | 2 +- debian/control | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'debian/control') diff --git a/debian/compat b/debian/compat index 7ed6ff8..7f8f011 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -5 +7 diff --git a/debian/control b/debian/control index bd53601..00c6aeb 100644 --- a/debian/control +++ b/debian/control @@ -3,11 +3,13 @@ Section: net Priority: extra Maintainer: Daniel Kahn Gillmor Uploaders: Jameson Rollins -Build-Depends: debhelper (>= 5.0) -Standards-Version: 3.7.3 -XS-Dm-Upload-Allowed: yes +Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.3.14) +Standards-Version: 3.8.0.1 +Homepage: http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH +Enhances: openssh-client, openssh-server +Dm-Upload-Allowed: yes Package: monkeysphere Architecture: all -Depends: ssh, gnupg, gnupg2 -Description: use GNUPG for ssh connections +Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6) +Description: use the OpenPGP web of trust to verify ssh connections -- cgit v1.2.3 From c998145c57c19e026e5f6c8f400fb66a3f52e8d4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 13 Jun 2008 10:32:09 -0400 Subject: further debianization work. (also, made src/common non-executable, since it is sourced, not executed). --- debian/control | 11 +++++++++-- debian/copyright | 16 ++++++++++++++++ debian/monkeysphere.dirs | 1 + debian/monkeysphere.docs | 2 ++ debian/monkeysphere.install | 5 +++++ debian/monkeysphere.manpages | 3 +++ debian/rules | 3 +++ src/common | 0 8 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 debian/copyright create mode 100644 debian/monkeysphere.dirs create mode 100644 debian/monkeysphere.docs create mode 100644 debian/monkeysphere.install create mode 100644 debian/monkeysphere.manpages create mode 100755 debian/rules mode change 100755 => 100644 src/common (limited to 'debian/control') diff --git a/debian/control b/debian/control index 00c6aeb..e190ae0 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Daniel Kahn Gillmor +Maintainer: Daniel Kahn Gillmor Uploaders: Jameson Rollins Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.3.14) Standards-Version: 3.8.0.1 @@ -10,6 +10,13 @@ Enhances: openssh-client, openssh-server Dm-Upload-Allowed: yes Package: monkeysphere -Architecture: all +Architecture: any Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6) +Recommends: netcat Description: use the OpenPGP web of trust to verify ssh connections + SSH key-based authentication is tried-and-true, but it lacks a true + Public Key Infrastructure for key certification, revocation and + expiration. MonkeySphere is a framework that uses the OpenPGP web of + trust for these PKI functions. It can be used in both directions: + for users to get validated host keys, and for hosts to manage user + permissions. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..413f60f --- /dev/null +++ b/debian/copyright @@ -0,0 +1,16 @@ +Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat +Debianized-By: Daniel Kahn Gillmor +Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 +Original-Source: http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git/ + +Files: * +Copyright: Jameson Rollins , + Daniel Kahn Gillmor +License: GPL-3+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + On Debian systems, the complete text of the GNU General Public License + can be found in file "/usr/share/common-licenses/GPL". diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs new file mode 100644 index 0000000..5089e73 --- /dev/null +++ b/debian/monkeysphere.dirs @@ -0,0 +1 @@ +usr/share/monkeysphere diff --git a/debian/monkeysphere.docs b/debian/monkeysphere.docs new file mode 100644 index 0000000..4b8144e --- /dev/null +++ b/debian/monkeysphere.docs @@ -0,0 +1,2 @@ +doc/README +doc/MonkeySpec diff --git a/debian/monkeysphere.install b/debian/monkeysphere.install new file mode 100644 index 0000000..a614937 --- /dev/null +++ b/debian/monkeysphere.install @@ -0,0 +1,5 @@ +src/keytrans/openpgp2ssh usr/bin +src/monkeysphere usr/bin +src/monkeysphere-server usr/sbin +src/monkeysphere-ssh-proxycommand usr/bin +src/common usr/share/monkeysphere diff --git a/debian/monkeysphere.manpages b/debian/monkeysphere.manpages new file mode 100644 index 0000000..6e2cb92 --- /dev/null +++ b/debian/monkeysphere.manpages @@ -0,0 +1,3 @@ +man/man1/monkeysphere.1 +man/man1/openpgp2ssh.1 +man/man8/monkeysphere-server.8 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..cbe925d --- /dev/null +++ b/debian/rules @@ -0,0 +1,3 @@ +#!/usr/bin/make -f +%: + dh $@ diff --git a/src/common b/src/common old mode 100755 new mode 100644 -- cgit v1.2.3 From 03cc847e6fc901ab4c1920324910126158655e37 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 13 Jun 2008 11:18:00 -0400 Subject: monkeysphere debianization. Package can now be cleanly built with minimal lintian warnings. --- COPYING | 6 +++--- Makefile | 5 ++++- debian/changelog | 5 +++-- debian/control | 6 +++--- debian/copyright | 9 +++++++-- man/man1/openpgp2ssh.1 | 54 ++++++++++++++++++++++++++++++-------------------- src/keytrans/Makefile | 2 +- test.key | 27 ------------------------- 8 files changed, 53 insertions(+), 61 deletions(-) delete mode 100644 test.key (limited to 'debian/control') diff --git a/COPYING b/COPYING index ab8788d..c920a0e 100644 --- a/COPYING +++ b/COPYING @@ -1,13 +1,13 @@ MonkeySphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. -It is free software, written by: +It is free software, developed by: Jameson Rollins - Daniel Kahn Gillmor -with much help from: + Daniel Kahn Gillmor Jamie McClelland Micah Anderson Matthew Goins + Mike Castleman MonkeySphere is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/Makefile b/Makefile index b28e54e..64e6cbe 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,10 @@ all: keytrans keytrans: $(MAKE) -C src/keytrans +release: clean + tar c COPYING doc etc Makefile man src | gzip -n > ../monkeysphere_`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`.orig.tar.gz + clean: $(MAKE) -C src/keytrans clean -.PHONY: all clean +.PHONY: all clean release diff --git a/debian/changelog b/debian/changelog index 2b68de6..ec744e1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ monkeysphere (0.1-1) unstable; urgency=low - * to be first release... + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! - -- Jameson Graef Rollins Tue, 10 Jun 2008 17:20:16 -0400 + -- Daniel Kahn Gillmor Fri, 13 Jun 2008 10:53:43 -0400 diff --git a/debian/control b/debian/control index e190ae0..afd5bfa 100644 --- a/debian/control +++ b/debian/control @@ -1,18 +1,18 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Daniel Kahn Gillmor +Maintainer: Daniel Kahn Gillmor Uploaders: Jameson Rollins Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.3.14) Standards-Version: 3.8.0.1 Homepage: http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH -Enhances: openssh-client, openssh-server Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6) +Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), ${shlibs:Depends} Recommends: netcat +Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections SSH key-based authentication is tried-and-true, but it lacks a true Public Key Infrastructure for key certification, revocation and diff --git a/debian/copyright b/debian/copyright index 413f60f..11abe8b 100644 --- a/debian/copyright +++ b/debian/copyright @@ -4,8 +4,13 @@ Debianized-Date: Fri Jun 13 10:19:16 EDT 2008 Original-Source: http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git/ Files: * -Copyright: Jameson Rollins , - Daniel Kahn Gillmor +Copyright: 2008 Jameson Rollins , + Daniel Kahn Gillmor , + Jamie McClelland , + Micah Anderson , + Matthew Goins , + Mike Castleman + License: GPL-3+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 index 1a02b38..83b6154 100644 --- a/man/man1/openpgp2ssh.1 +++ b/man/man1/openpgp2ssh.1 @@ -7,31 +7,34 @@ openpgp2ssh .Nd translate OpenPGP keys to SSH keys .Sh SYNOPSIS .Nm openpgp2ssh < mykey.gpg - +.Pp .Nm gpg --export $KEYID | openpgp2ssh $KEYID - +.Pp .Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID .Sh DESCRIPTION -openpgp2ssh takes an OpenPGP-formatted primary key and associated +.Nm +takes an OpenPGP-formatted primary key and associated subkeys on standard input, and spits out the requested equivalent SSH-style key on standard output. - +.Pp If the data on standard input contains no subkeys, you can invoke -openpgp2ssh without arguments. If the data on standard input contains +.Nm +without arguments. If the data on standard input contains multiple keys (e.g. a primary key and associated subkeys), you must specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or fingerprint as the first argument to indicate which key to export. The keyid must be exactly 16 hex characters. - +.Pp If the input contains an OpenPGP RSA or DSA public key, it will be converted to the OpenSSH-style single-line keystring, prefixed with the key type. This format is suitable (with minor alterations) for insertion into known_hosts files and authorized_keys files. - +.Pp If the input contains an OpenPGP RSA or DSA secret key, it will be converted to the equivalent PEM-encoded private key. - -openpgp2ssh is part of the +.Pp +.Nm +is part of the .Xr monkeysphere 1 framework for providing a PKI for SSH. .Sh CAVEATS @@ -39,17 +42,20 @@ The keys produced by this process are stripped of all identifying information, including certifications, self-signatures, etc. This is intentional, since ssh attaches no inherent significance to these features. - -openpgp2ssh only works with RSA or DSA keys, because those are the +.Pp +.Nm +only works with RSA or DSA keys, because those are the only ones which work with ssh. - -Assuming a valid key type, though, openpgp2ssh will produce output for +.Pp +Assuming a valid key type, though, +.Nm +will produce output for any requested key. This means, among other things, that it will happily export revoked keys, unverifiable keys, expired keys, etc. Make sure you do your own key validation before using this tool! .Sh EXAMPLES .Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin - +.Pp This pushes the secret key into the active .Xr ssh-agent 1 . Tools such as @@ -58,21 +64,25 @@ which know how to talk to the .Xr ssh-agent 1 can now rely on the key. .Sh AUTHOR -openpgp2ssh and this man page were written by Daniel Kahn Gillmor +.Nm +and this man page were written by Daniel Kahn Gillmor . .Sh BUGS -openpgp2ssh currently only exports into formats used by the OpenSSH. +.Nm +currently only exports into formats used by the OpenSSH. It should support other key output formats, such as those used by lsh(1) and putty(1). - +.Pp Secret key output is currently not passphrase-protected. - -openpgp2ssh currently cannot handle passphrase-protected secret keys on input. - +.Pp +.Nm +currently cannot handle passphrase-protected secret keys on input. +.Pp It would be nice to be able to use keyids shorter or longer than 16 hex characters. - -openpgp2ssh only acts on keys associated with the first primary key +.Pp +.Nm +only acts on keys associated with the first primary key passed in. If you send it more than one primary key, it will silently ignore later ones. .Sh SEE ALSO diff --git a/src/keytrans/Makefile b/src/keytrans/Makefile index 53fa5dc..79602ef 100644 --- a/src/keytrans/Makefile +++ b/src/keytrans/Makefile @@ -1,7 +1,7 @@ all: openpgp2ssh openpgp2ssh: openpgp2ssh.c gnutls-helpers.o - gcc -g -Wall --pedantic -o openpgp2ssh openpgp2ssh.c `libgnutls-config --libs --cflags` -lgnutls-extra gnutls-helpers.o + gcc -g -Wall --pedantic -o openpgp2ssh openpgp2ssh.c `libgnutls-config --libs --cflags` gnutls-helpers.o %.o: %.c gcc -g -Wall --pedantic -o $@ -c $< diff --git a/test.key b/test.key deleted file mode 100644 index 4e05880..0000000 --- a/test.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAxMv33LvWBZnKtahorHGYdBZqVxrNUQcVNrgxp4bf/FvgvSLG -kBrw6wHFdVYvWWViD5efrJugqA4+pKp16LEWlc7JZICrou4vEJGkvoqBIJC/4cVN -xcwV1a8jo9ZOYjt0JIyuHrEDGW/edQYWI41XO/H+QdMDsdI+oOmfPV/V4eMyjGKH -vRJ+xDae5izhUb3Lb00YnxpP2n/zhvHpn7weu+bzvwb3pMMo9336Ft7m5ulGPJzN -+3l595LW+lUSDUlUJbACp4Nyn+i9ODPV6xzghzirsh7rnD8jD2kaqIVkcvEhusoB -JN3daPXt9t6m5cfsCWu31BXdbpTWiLIZRUxDzQIBIwKCAQEAl9CMAg0+s90KFxuD -8r4H5IZSCK5GnZe/6GI07vMEj3oTxRrTsP7XG7DoyDsr1z+UyjMjZ+XFE+27S9P0 -ju8Cy1Zg2ICEZ78OXT0nUSkEhtYQXbV2gqTAYwNzQ9/WEUPOn9o9LZ5+u9n0wKzs -gdNvLj5WbUsC2aIwUD8xswDJkP5cA4RfKo8Mz40aXbK6b+S/bOKEkXRFvOor46pl -A8GHxUVcUPUG7LAXCm1FWrDob6FTlv3yW8DeVTCYwt6HdrTmc9b+yOinwMR6ZvUz -R6AESGG7czCvA6rpkCcprfCPx0gfntuzLiGRtl54GvbYWWtPDlxnPwcw1zcSALvM -pJNpawKBgQD/zze04kYZBNDTxolBrZltpPXtPpOrG2Otp8CHreOKn0TifCFPDnCb -ewUhxuDRA+L9KPLT311DtHfIzXJ8/RD6K/QE72ny39h2X2Pn2hWSgb9+iysHBDNc -jb136QFoKQcpqUpLEfTvA71Yqvuk6gsYiuWnIN5KJwy/AhwFQnK/WQKBgQDE8X87 -C+0JSg2ybUopOQVSrvildJEa8CWbM1SAL1j3E24U2fPh+zVmIxqa2m4X/PxFBBTv -WVGayzFkmJK2Dgt7F7hBqi5HelP0B38dXtkPlK6idTALNHoS/7HCDXISgHmDOhcQ -LHGQUuQMkTq6H4cOMwTNO5aM2zc5E9uF/hptlQKBgEHHkftQIKdZAn+Zc8Bud+j+ -iGGTv5JmIPIj0mwIJJFcJ6f0CJCr8RIJsNzMvXeTSP9FCz3LuOWGLW4mM2H37mw3 -MB6GtNgNrLC5cXYiIs3m2XhPq/p9bEr/4ENnzSlposGR7ohVExjjtFig/uFDfzIy -WE+MG+cunOCoxWBwLCKTAoGBALQP/0vtpYTV/eT2NS0A7uyCt3Kzt94dZDYgTUH/ -Z0hMR2OFcUOj2Qzs5R/dpnxVA+dUMGXOAXeVNHk7CcsFhtbxHX3dbCQYEj4yvVyu -fVAS6M8MDqsoqh//uHbnuMB1dmlZrq+zmwecPjdgNbF76TGNuz9MbGOGmOO6Yk6f -LhsLAoGAJoK+yRDaEFDwrjdvGazEy/d1CtknkGY2r4vb8giEodFJcQQhtVtjnYPl -gDIpbcpeT0GDiZd0pxAxpibbKM63pYz8PKtlq0B/qXgArRgJnbku01Jc4iLVWPqK -qitRgsz1HdN2tIqa8oQE0iuvyoq+r6+pqcQJd7sc6lKlk0gO0Mo= ------END RSA PRIVATE KEY----- -- cgit v1.2.3 From 2ed952e2207d5278cfe96db2d7eeed40709f846b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 13 Jun 2008 17:47:34 -0400 Subject: Add 'remove_userid' function, inverse of 'update_userids'. Also, tweaked some of the output and man pages. --- debian/control | 2 +- man/man1/monkeysphere.1 | 15 +++++++++++---- man/man8/monkeysphere-server.8 | 17 +++++++++++++---- src/common | 32 +++++++++++++++++++++++++++----- src/monkeysphere | 18 ++++++++++++++++-- src/monkeysphere-server | 33 +++++++++++++++++++++++++++++++-- 6 files changed, 99 insertions(+), 18 deletions(-) (limited to 'debian/control') diff --git a/debian/control b/debian/control index afd5bfa..d4d25c6 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), ${shlibs:Depends} +Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, ${shlibs:Depends} Recommends: netcat Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index d00a9db..762f008 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -31,25 +31,32 @@ listed in the known_hosts file will be processed. `k' may be used in place of `update-known_hosts'. .TP .B update-userids [USERID]... -Add/update a userid in the authorized_user_ids file. The user IDs +Add/update a user ID to the authorized_user_ids file. The user IDs specified should be exact matches to OpenPGP user IDs. For each specified user ID, gpg will be queried for a key associated with that user ID, querying a keyserver if none is found in the user's keychain. If a key is found, it will be added to the user_keys cache (see KEY CACHES) and the user ID will be added to the user's -authorized_user_ids file (if it wasn't already present). +authorized_user_ids file (if it wasn't already present). `u' may be +used in place of `update-userids'. +.TP +.B remove-userids [USERID]... +Remove a user ID from the authorized_user_ids file. The user IDs +specified should be exact matches to OpenPGP user IDs. `r' may be +used in place of `remove-userids'. .TP .B update-authorized_keys Update the monkeysphere authorized_keys file. The monkeysphere authorized_keys file will be regenerated from the valid keys in the user_key cache, and the user's independently controlled -authorized_keys file (usually ~/.ssh/authorized_keys). +authorized_keys file (usually ~/.ssh/authorized_keys). `a' may be +used in place of `update-authorized_keys'. .TP .B gen-ae-subkey KEYID Generate an `ae` capable subkey. For the primary key with the specified key ID, generate a subkey with "authentication" and "encryption" capability that can be used for MonkeySphere -transactions. +transactions. `g' may be used in place of `gen-ae-subkey'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index cc07077..8f62610 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -19,18 +19,27 @@ be used for authentication and encryption of ssh connection. Update the admin-controlled authorized_keys files for user. For each user specified, update the user's authorized_keys file in /var/cache/monkeysphere/USER. See `man monkeysphere' for more info. +`k' may be used in place of `update-known_hosts'. .TP .B gen-key -Generate a gpg key for the host. +Generate a gpg key for the host. `g' may be used in place of +`gen-key'. .TP .B publish-key -Publish the host's gpg key to a keyserver. +Publish the host's gpg key to a keyserver. `p' may be used in place +of `publish-key' .TP .B trust-keys KEYID... -Mark key specified with KEYID with full owner trust. +Mark key specified with KEYID with full owner trust. `t' may be used +in place of `trust-keys'. .TP .B update-user-userids USER USERID... -Add/update a userid in the authorized_user_ids file for USER. +Add/update a user ID to the authorized_user_ids file for USER. `u' may +be used in place of `update-user-userids'. +.TP +.B remove-user-userids USER USERID... +Remove a user ID from the authorized_user_ids file for USER. `r' may +be used in place of `remove-user-userids'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of diff --git a/src/common b/src/common index d56028f..01e6f32 100644 --- a/src/common +++ b/src/common @@ -240,6 +240,9 @@ process_user_id() { # hash userid for cache file name userIDHash=$(echo "$userID" | sha1sum | awk '{ print $1 }') + # make sure the cache directory exists + mkdir -p "$cacheDir" + # touch/clear key cache file # (will be left empty if there are noacceptable keys) > "$cacheDir"/"$userIDHash"."$pubKeyID" @@ -285,16 +288,16 @@ update_userid() { cacheDir="$2" log "processing userid: '$userID'" + userIDKeyCache=$(process_user_id "$userID" "$cacheDir") + if [ -z "$userIDKeyCache" ] ; then return 1 fi if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then - echo "the following userid is not in the authorized_user_ids file:" - echo " $userID" - read -p "would you like to add it? [Y|n]: " OK; OK=${OK:=Y} + read -p "user ID not currently authorized. authorize? [Y|n]: " OK; OK=${OK:=Y} if [ ${OK/y/Y} = 'Y' ] ; then - log -n "adding userid to authorized_user_ids file... " + log -n "adding user ID to authorized_user_ids file... " echo "$userID" >> "$AUTHORIZED_USER_IDS" echo "done." else @@ -303,6 +306,24 @@ update_userid() { fi } +# remove a userid from the authorized_user_ids file +remove_userid() { + local userID + + userID="$1" + + log "processing userid: '$userID'" + + if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then + log "user ID not currently authorized." + return 1 + fi + + log -n "removing user ID '$userID'... " + grep -v "$userID" "$AUTHORIZED_USER_IDS" | sponge "$AUTHORIZED_USER_IDS" + echo "done." +} + # process a host for addition to a known_host file process_host() { local host @@ -373,7 +394,8 @@ update_authorized_keys() { cat "$userAuthorizedKeys" >> "$msAuthorizedKeys" echo "done." fi - log "monkeysphere authorized_keys file generated: $msAuthorizedKeys" + log "monkeysphere authorized_keys file generated:" + log "$msAuthorizedKeys" } # process an authorized_*_ids file diff --git a/src/monkeysphere b/src/monkeysphere index 997ca58..1ba51d7 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -35,7 +35,8 @@ MonkeySphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file - update-userids (u) [USERID]... add/update userid + update-userids (u) [USERID]... add/update user IDs + remove-userids (r) [USERID]... remove user IDs update-authorized_keys (a) update authorized_keys file gen-ae-subkey (g) KEYID generate an 'ae' capable subkey help (h,?) this help @@ -164,13 +165,26 @@ case $COMMAND in fi ;; - 'update-userids'|'u') + 'update-userids'|'update-userid'|'u') if [ -z "$1" ] ; then failure "you must specify at least one userid." fi for userID ; do update_userid "$userID" "$userKeysCacheDir" done + log "run the following to update your monkeysphere authorized_keys file:" + log "$PGRM update-authorized_keys" + ;; + + 'remove-userids'|'remove-userid'|'r') + if [ -z "$1" ] ; then + failure "you must specify at least one userid." + fi + for userID ; do + remove_userid "$userID" + done + log "run the following to update your monkeysphere authorized_keys file:" + log "$PGRM update-authorized_keys" ;; 'update-authorized_keys'|'update-authorized-keys'|'a') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 922aad3..13221c5 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -35,7 +35,8 @@ subcommands: gen-key (g) generate gpg key for the server publish-key (p) publish server key to keyserver trust-keys (t) KEYID... mark keyids as trusted - update-user-userids (u) USER UID... add/update userids for a user + update-user-userids (u) USER UID... add/update user IDs for a user + remove-user-userids (r) USER UID... remove user IDs for a user help (h,?) this help EOF @@ -179,7 +180,7 @@ case $COMMAND in done ;; - 'update-user-userids'|'u') + 'update-user-userids'|'update-user-userid'|'u') uname="$1" shift if [ -z "$uname" ] ; then @@ -200,6 +201,34 @@ case $COMMAND in for userID ; do update_userid "$userID" "$cacheDir" done + + log "run the following to update user's authorized_keys file:" + log "$PGRM update-users $uname" + ;; + + 'remove-user-userids'|'remove-user-userid'|'r') + uname="$1" + shift + if [ -z "$uname" ] ; then + failure "you must specify user." + fi + if [ -z "$1" ] ; then + failure "you must specify at least one userid." + fi + + # set variables for the user + AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" + + # make sure user's authorized_user_ids file exists + touch "$AUTHORIZED_USER_IDS" + + # process the user IDs + for userID ; do + remove_userid "$userID" + done + + log "run the following to update user's authorized_keys file:" + log "$PGRM update-users $uname" ;; 'help'|'h'|'?') -- cgit v1.2.3