From 0e16b71ee4b4fd47931ee592dd0a469e080fcfbb Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 18 Feb 2009 23:15:57 -0500 Subject: added MONKEYSPHERE_PROMPT to man pages. --- man/man8/monkeysphere-host.8 | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'man/man8/monkeysphere-host.8') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 330b610..6c97315 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -113,6 +113,10 @@ increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER OpenPGP keyserver to use (pool.sks-keyservers.net). +.TP +MONKEYSPHERE_PROMPT +If set to `false', never prompt the user for confirmation. (true) + .SH FILES -- cgit v1.2.3 From c073811aa573d0e3486c39ed9514c46e0a7a077f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 12:29:47 -0500 Subject: modify import_key to take the key file to import as an argument. can be '-' to import from stdin. modify man page and test accordingly. --- man/man8/monkeysphere-host.8 | 13 +++++++------ src/monkeysphere-host | 16 ++++++++-------- src/share/mh/import_key | 21 ++++++++++++++++----- tests/basic | 2 +- 4 files changed, 32 insertions(+), 20 deletions(-) (limited to 'man/man8/monkeysphere-host.8') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 6c97315..f33aea6 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,9 +23,10 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP -.B import-key [NAME[:PORT]] -Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is -used to specify the hostname (and port) used in the user ID of the new +.B import-key FILE [NAME[:PORT]] +Import a pem-encoded ssh secret host key from file FILE. If FILE +is '-', then the key will be imported from stdin. NAME[:PORT] is used +to specify the hostname (and port) used in the user ID of the new OpenPGP key. If NAME is not specified, then the system fully-qualified domain name will be used (ie. `hostname -f'). If PORT is not specified, the no port is added to the user ID, which means @@ -35,11 +36,11 @@ port 22 is assumed. `i' may be used in place of `import-key'. Output information about host's OpenPGP and SSH keys. `s' may be used in place of `show-key'. .TP -.B extend-key EXPIRE +.B extend-key [EXPIRE] Extend the validity of the OpenPGP key for the host until EXPIRE from the present. If EXPIRE is not specified, then the user will be -prompted for the extension term. Expiration is specified like GnuPG -does: +prompted for the extension term. Expiration is specified as with +GnuPG: .nf 0 = key does not expire = key expires in n days diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a67715f..9d703c2 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -54,9 +54,9 @@ usage: $PGRM [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg show-key (s) output all host key information - set-expire (e) EXPIRE set host key expiration + set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID add-revoker (o) FINGERPRINT add a revoker to the host key @@ -236,6 +236,12 @@ COMMAND="$1" shift case $COMMAND in + 'import-key'|'i') + check_host_key + source "${MHSHAREDIR}/import_key" + import_key "$@" + ;; + 'show-key'|'show'|'s') check_host_no_key show_key @@ -283,12 +289,6 @@ case $COMMAND in publish_key ;; - 'import-key'|'i') - check_host_key - source "${MHSHAREDIR}/import_key" - import_key "$@" - ;; - 'diagnostics'|'d') load_fingerprint source "${MHSHAREDIR}/diagnostics" diff --git a/src/share/mh/import_key b/src/share/mh/import_key index bca7319..6394ad7 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -13,11 +13,13 @@ import_key() { +local sshKeyFile local hostName local domain local userID -hostName="$1" +sshKeyFile="$1" +hostName="$2" # use the default hostname if not specified if [ -z "$hostName" ] ; then @@ -42,10 +44,19 @@ mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -log verbose "importing ssh key..." -# translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import +# import ssh key to a private key +if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." +elif [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_host --import +else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + <"$sshKeyFile" \ + | gpg_host --import +fi # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key diff --git a/tests/basic b/tests/basic index dea393f..0b91531 100755 --- a/tests/basic +++ b/tests/basic @@ -185,7 +185,7 @@ EOF echo "##################################################" echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key testhost echo "##################################################" echo "### getting host key fingerprint..." -- cgit v1.2.3 From 6c048ca2dc8ca4ae7708ce8ee5c578ab4ed73c8b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 18:14:13 -0500 Subject: Modify/cleanup add_certifier and add_revoker, so that their code base is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key. --- man/man8/monkeysphere-authentication.8 | 5 ++- man/man8/monkeysphere-host.8 | 7 ++-- src/monkeysphere-authentication | 2 +- src/monkeysphere-host | 2 +- src/share/common | 1 - src/share/ma/add_certifier | 39 ++++++++++++++------ src/share/mh/add_revoker | 65 ++++++++++++++++++++-------------- src/share/mh/publish_key | 2 ++ 8 files changed, 80 insertions(+), 43 deletions(-) (limited to 'man/man8/monkeysphere-host.8') diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 38df65d..361822d 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -37,8 +37,11 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP -.B add-id-certifier KEYID +.B add-id-certifier KEYID|FILE Instruct system to trust user identity certifications made by KEYID. +The key ID will be loaded from the keyserver. A file may be loaded +instead of pulling the key from the keyserver by specifying the path +to the file as the argument, or by specifying `-` to load from stdin. Using the `-n' or `--domain' option allows you to indicate that you only trust the given KEYID to make identifications within a specific domain (e.g. "trust KEYID to certify user identities within the diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index f33aea6..2b71807 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -58,8 +58,11 @@ place of `add-hostname'. Revoke a hostname user ID from the server host key. `n-' may be used in place of `revoke-hostname'. .TP -.B add-revoker FINGERPRINT -Add a revoker to the host's OpenPGP key. `o' may be be used in place +.B add-revoker KEYID|FILE +Add a revoker to the host's OpenPGP key. The key ID will be loaded +from the keyserver. A file may be loaded instead of pulling the key +from the keyserver by specifying the path to the file as the argument, +or by specifying `-` to load from stdin. `o' may be be used in place of `add-revoker'. .TP .B revoke-key diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 22cd018..497470d 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -57,7 +57,7 @@ Monkeysphere authentication admin tool. subcommands: update-users (u) [USER]... update user authorized_keys files - add-id-certifier (c+) KEYID import and tsign a certification key + add-id-certifier (c+) [KEYID|FILE] import and tsign a certification key --domain (-n) DOMAIN limit ID certifications to DOMAIN --trust (-t) TRUST trust level of certifier (full) --depth (-d) DEPTH trust depth for certifier (1) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 9d703c2..4c7df88 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -59,7 +59,7 @@ subcommands: set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (o) FINGERPRINT add a revoker to the host key + add-revoker (o) [KEYID|FILE] add a revoker to the host key revoke-key (r) revoke host key publish-key (p) publish host key to keyserver diff --git a/src/share/common b/src/share/common index bfe73a3..745a861 100644 --- a/src/share/common +++ b/src/share/common @@ -1153,7 +1153,6 @@ process_authorized_user_ids() { # takes a gpg key or keys on stdin, and outputs a list of # fingerprints, one per line: list_primary_fingerprints() { - local file="$1" local fake=$(msmktempdir) GNUPGHOME="$fake" gpg --no-tty --quiet --import GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index bd41f23..024255f 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -62,30 +62,47 @@ Type '$PGRM help' for usage." done keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - fingerprints=$(su_monkeysphere_user \ +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") - if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi - gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + # load the key + gpg_sphere "--import" <"$keyID" \ + || failure "could not read key from '$keyID'" - keyID="$fingerprints" + keyID="$fingerprint" + +# else, get the key from the keyserver else - # get the key from the key server - log debug "retrieving key from keyserver..." - gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi -export keyID - # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 21dc0bb..c6f9a58 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -25,48 +25,61 @@ local ltsignCommand local trustval keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a revoker key, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - importinfo=$(gpg_host --import < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + fingerprint=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + # load the key + gpg_host --import <"$keyID" \ + || failure "could not read key from '$keyID'" + + keyID="$fingerprint" + +# else, get the key from the keyserver else # create a temporary directory for storing the downloaded key - TMPLOC=$(msmktempdir) || failure "Could not create temporary directory!" + local TMPLOC=$(msmktempdir) + chmod 0700 "$GNUPGHOME" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # download the key from the keyserver as the monkeysphere user + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" + "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." # export the new key to the host keyring + log verbose "loading key $keyID..." su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ | gpg_host --import fi -export keyID - -# get the full fingerprint of the revoker key ID +# get the full fingerprint of new revoker key +log debug "getting fingerprint of revoker key..." fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 05faa0b..b0ffd93 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -28,6 +28,8 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) +chmod 0700 "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT -- cgit v1.2.3 From 9b47ae89c3840eb2af9a57a885e19ccbe36957d5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 01:39:29 -0500 Subject: trivial implementation of monkeysphere-host revoke-key: just prints ascii-armored revocation certificate to stdout, and admin is expected to know what to do with it. --- man/man8/monkeysphere-host.8 | 7 +++++-- src/share/mh/revoke_key | 28 ++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 4 deletions(-) (limited to 'man/man8/monkeysphere-host.8') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 2b71807..2ccaaec 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -66,8 +66,11 @@ or by specifying `-` to load from stdin. `o' may be be used in place of `add-revoker'. .TP .B revoke-key -Revoke the host's OpenPGP key. `r' may be used in place of -`revoke-key'. +Revoke the host's OpenPGP key. This will ask you a series of +questions, and then generate a key revocation certificate on standard +out. If you publish this revocation certificate to the public +keyservers, your host key will be permanently revoked. `r' may be +used in place of `revoke-key'. .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index cccdc22..380236b 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -15,7 +15,31 @@ revoke_key() { -# FIXME: implement! -failure "not implemented yet!" +# Coming in here, we expect $HOST_FINGERPRINT to be set, and we +# believe that there is in fact a key. + # our current implementation is very simple: we just want to + # generate the revocation certificate on stdout. This provides + # for the two most likely (but hopefully not common) scenarios: + + # an admin wants a revocation certificate for the host which they + # can store securely offline. In this case, the admin can + # redirect stdout to a file, or can simply copy/paste or + # transcribe from the terminal. + + # Alternately, an admin might want to publish the revocation + # certificate immediately. here's a quick way to do this: + + + # tmp=$(mktemp -d) + # export GNUPGHOME="$tmp" + # gpg --import < /var/lib/monkeysphere/ssh_host_rsa_key.pub.gpg + # monkeysphere-host revoke-key | gpg --import + # gpg --keyserver pool.sks-keyservers.net --send $(hostname -f) + + + # note: we're not using the gpg_host function because we actually + # want to use gpg's UI in this case, so we want to omit --no-tty + + GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!" } -- cgit v1.2.3