From e71c7bb4dff26178f714cd0fcdbb3058effa4066 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 22 Feb 2009 12:07:34 -0500 Subject: Fix how version number is saved/retrieved. Version is now stored in VERSION file, which is created in the tarball target. This is then installed at /usr/share/monkeysphere/VERSION, and cat'ed when the version number is requested by the front-end ui. No more manual setting of version number required (to avoid future problems, aka "0.23.1"). This system is also more flexible, as the VERSION file could potentially hold more info than just the release number. --- src/monkeysphere-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 1b0de0c..c454354 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -315,7 +315,7 @@ case $COMMAND in ;; 'version'|'v') - echo "$VERSION" + version ;; '--help'|'help'|'-h'|'h'|'?') -- cgit v1.2.3 From be6cca8523345c6a3a3e8cddce7d8954a2bf5a54 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 22 Feb 2009 12:16:32 -0500 Subject: fix some return code setting stuf that was no longer being used, and change name of return code variable in update_users, since all-caps variables should be reserved for global vars. --- src/monkeysphere-authentication | 5 ----- src/monkeysphere-host | 5 ----- src/share/ma/update_users | 9 ++++----- 3 files changed, 4 insertions(+), 15 deletions(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index c009653..c5c48d5 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -42,9 +42,6 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up unset GREP_OPTIONS -# default return code -RETURN=0 - ######################################################################## # FUNCTIONS ######################################################################## @@ -211,5 +208,3 @@ case $COMMAND in Type '$PGRM help' for usage." ;; esac - -exit "$RETURN" diff --git a/src/monkeysphere-host b/src/monkeysphere-host index c454354..5e7a931 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -41,9 +41,6 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up unset GREP_OPTIONS -# default return code -RETURN=0 - ######################################################################## # FUNCTIONS ######################################################################## @@ -327,5 +324,3 @@ case $COMMAND in Type '$PGRM help' for usage." ;; esac - -exit "$RETURN" diff --git a/src/share/ma/update_users b/src/share/ma/update_users index bfefc31..c180b56 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -13,6 +13,7 @@ update_users() { +local returnCode=0 local unames local uname local authorizedKeysDir @@ -26,8 +27,6 @@ else unames=$(getent passwd | cut -d: -f1) fi -RETURN=0 - # set mode MODE="authorized_keys" @@ -94,7 +93,7 @@ for uname in $unames ; do # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \ - || RETURN="$?" + || returnCode="$?" else log debug "not processing authorized_user_ids." fi @@ -141,7 +140,7 @@ for uname in $unames ; do log error "Failed to install authorized_keys for '$uname'!" rm -f "${authorizedKeysDir}/${uname}" # indicate that there has been a failure: - RETURN=1 + returnCode=1 } else rm -f "${authorizedKeysDir}/${uname}" @@ -154,5 +153,5 @@ for uname in $unames ; do rm -rf "$TMPLOC" done -return $RETURN +return $returnCode } -- cgit v1.2.3 From 620e3d1021993760ef7572ed9e5d6bf9f033b91e Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 28 Feb 2009 20:56:18 -0500 Subject: openpgp2ssh in ms-host show-key function takes the host gpg key from the temporary gpghome, instead of from the saved ssh_host_key_rsa.pub.gpg key file. --- src/monkeysphere-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 5e7a931..9e4a8c4 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -174,7 +174,7 @@ show_key() { # create the ssh key TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub - openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null >"$TMPSSH" + gpg --export | openpgp2ssh 2>/dev/null >"$TMPSSH" # get the gpg fingerprint HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ -- cgit v1.2.3 From ebd776722e0fd6dfacc79146c368d148f0e266cb Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Mar 2009 14:53:37 -0500 Subject: break out default variables into their own file: defaultenv this allows the common file to be sourced without reseting variables to their defaults, which was causing a problem with su_monkeysphere_user. also added some more debug messages. --- Makefile | 1 + src/monkeysphere | 3 ++- src/monkeysphere-authentication | 3 ++- src/monkeysphere-host | 3 ++- src/share/common | 34 +++++++++------------------------- src/share/ma/update_users | 1 + tests/basic | 1 - 7 files changed, 17 insertions(+), 29 deletions(-) (limited to 'src/monkeysphere-host') diff --git a/Makefile b/Makefile index 07e8fb9..9873d32 100755 --- a/Makefile +++ b/Makefile @@ -52,6 +52,7 @@ install: all installman install src/monkeysphere $(DESTDIR)$(PREFIX)/bin install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh diff --git a/src/monkeysphere b/src/monkeysphere index 2d54376..8d59d08 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -18,7 +18,8 @@ PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR -. "${SYSSHAREDIR}/common" || exit 1 +. "${SYSSHAREDIR}/defaultenv" +. "${SYSSHAREDIR}/common" # sharedir for host functions MSHAREDIR="${SYSSHAREDIR}/m" diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index c5c48d5..3344f38 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -21,7 +21,8 @@ PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR -. "${SYSSHAREDIR}/common" || exit 1 +. "${SYSSHAREDIR}/defaultenv" +. "${SYSSHAREDIR}/common" SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} export SYSDATADIR diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 9e4a8c4..b9a15ae 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -21,7 +21,8 @@ PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR -. "${SYSSHAREDIR}/common" || exit 1 +. "${SYSSHAREDIR}/defaultenv" +. "${SYSSHAREDIR}/common" SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} export SYSDATADIR diff --git a/src/share/common b/src/share/common index a9d23b2..1cdd549 100644 --- a/src/share/common +++ b/src/share/common @@ -13,28 +13,6 @@ # all-caps variables are meant to be user supplied (ie. from config # file) and are considered global -######################################################################## -### COMMON VARIABLES - -# managed directories -SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} -export SYSCONFIGDIR - -# default log level -LOG_LEVEL="INFO" - -# default keyserver -KEYSERVER="pool.sks-keyservers.net" - -# whether or not to check keyservers by defaul -CHECK_KEYSERVER="true" - -# default monkeysphere user -MONKEYSPHERE_USER="monkeysphere" - -# default about whether or not to prompt -PROMPT="true" - ######################################################################## ### UTILITY FUNCTIONS @@ -461,6 +439,7 @@ check_key_file_permissions() { # return zero if all clear, or go to next path if [ "$path" = '/' ] ; then + log debug "path ok." return 0 else check_key_file_permissions "$uname" $(dirname "$path") @@ -926,7 +905,8 @@ process_known_hosts() { failure "known_hosts file '$KNOWN_HOSTS' does not exist." fi - log debug "processing known_hosts file..." + log debug "processing known_hosts file:" + log debug " $KNOWN_HOSTS" hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -1014,6 +994,9 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 + log debug "updating authorized_keys file:" + log debug " $AUTHORIZED_KEYS" + # check permissions on the authorized_keys file path check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure @@ -1087,11 +1070,12 @@ process_authorized_user_ids() { failure "authorized_user_ids file '$authorizedUserIDs' does not exist." fi + log debug "processing authorized_user_ids file:" + log debug " $authorizedUserIDs" + # check permissions on the authorized_user_ids file path check_key_file_permissions "$USER" "$authorizedUserIDs" || failure - log debug "processing authorized_user_ids file..." - if ! meat "$authorizedUserIDs" > /dev/null ; then log debug " no user IDs to process." return diff --git a/src/share/ma/update_users b/src/share/ma/update_users index c180b56..3a5c006 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -80,6 +80,7 @@ for uname in $unames ; do # translating ssh-style path variables authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") if [ -s "$authorizedUserIDs" ] ; then + log debug "authorized_user_ids file found." # check permissions on the authorized_user_ids file path if check_key_file_permissions "$uname" "$authorizedUserIDs" ; then # copy user authorized_user_ids file to temporary diff --git a/tests/basic b/tests/basic index f6d1f3b..7277168 100755 --- a/tests/basic +++ b/tests/basic @@ -275,7 +275,6 @@ monkeysphere-authentication update-users $(whoami) # FIXME: this is maybe not failing properly for: # ms: improper group or other writability on path '/tmp'. - ###################################################################### ### TESTS -- cgit v1.2.3 From 8cabd14f454708cdb0310d77e4897e860fc87ecc Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 2 Mar 2009 12:42:48 -0500 Subject: very small tweaks to usages. --- src/monkeysphere-authentication | 2 +- src/monkeysphere-host | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 3344f38..db658ae 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -56,7 +56,7 @@ subcommands: update-users (u) [USER]... update user authorized_keys files add-id-certifier (c+) [KEYID|FILE] import and tsign a certification key - --domain (-n) DOMAIN limit ID certifications to DOMAIN + --domain (-n) DOMAIN limit ID certifications to DOMAIN (*) --trust (-t) TRUST trust level of certifier (full) --depth (-d) DEPTH trust depth for certifier (1) remove-id-certifier (c-) KEYID remove a certification key diff --git a/src/monkeysphere-host b/src/monkeysphere-host index b9a15ae..c03fb27 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -58,7 +58,7 @@ subcommands: set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (r+) [KEYID|FILE] add a revoker to the host key + add-revoker (r+) [KEYID|FILE] add a revoker to the host key revoke-key generate and/or publish revocation certificate for host key -- cgit v1.2.3 From 05c96da9d1774a1b9ca6782384a4317671bcd622 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 2 Mar 2009 13:02:35 -0500 Subject: usage review/tweaks for m-a and m-h --- src/monkeysphere-authentication | 18 +++++++++--------- src/monkeysphere-host | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index db658ae..ae4f3f4 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -53,17 +53,17 @@ usage: $PGRM [options] [args] Monkeysphere authentication admin tool. subcommands: - update-users (u) [USER]... update user authorized_keys files + update-users (u) [USER]... update user authorized_keys files - add-id-certifier (c+) [KEYID|FILE] import and tsign a certification key - --domain (-n) DOMAIN limit ID certifications to DOMAIN (*) - --trust (-t) TRUST trust level of certifier (full) - --depth (-d) DEPTH trust depth for certifier (1) - remove-id-certifier (c-) KEYID remove a certification key - list-id-certifiers (c) list certification keys + add-id-certifier (c+) KEYID|FILE import and tsign a certification key + [--domain (-n) DOMAIN] limit ID certifications to DOMAIN + [--trust (-t) TRUST] trust level of certifier (default: full) + [--depth (-d) DEPTH] trust depth for certifier (default: 1) + remove-id-certifier (c-) KEYID remove a certification key + list-id-certifiers (c) list certification keys - version (v) show version number - help (h,?) this help + version (v) show version number + help (h,?) this help See ${PGRM}(8) for more info. EOF diff --git a/src/monkeysphere-host b/src/monkeysphere-host index c03fb27..7fb3980 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -58,7 +58,7 @@ subcommands: set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (r+) [KEYID|FILE] add a revoker to the host key + add-revoker (r+) KEYID|FILE add a revoker to the host key revoke-key generate and/or publish revocation certificate for host key -- cgit v1.2.3 From 91fee4b8616ce94be3b18f58b8d361d784ce92a6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 3 Mar 2009 11:56:00 -0500 Subject: fix to logging to prefix all log output with log prefix, and allow changing of log prefix. --- src/monkeysphere | 1 + src/monkeysphere-authentication | 1 + src/monkeysphere-host | 1 + src/share/common | 7 +++---- 4 files changed, 6 insertions(+), 4 deletions(-) (limited to 'src/monkeysphere-host') diff --git a/src/monkeysphere b/src/monkeysphere index 8d59d08..f721108 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -182,6 +182,7 @@ AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"} REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} +LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '} # export GNUPGHOME and make sure gpg home exists with proper # permissions diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index b0dcc88..85ff04f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -129,6 +129,7 @@ REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"} GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"} CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} +LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '} # export variables needed in su invocation export DATE diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 7fb3980..b052ca1 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -230,6 +230,7 @@ PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} # other variables GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} +LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '} # export variables needed in su invocation export DATE diff --git a/src/share/common b/src/share/common index 83120d1..ea872ba 100644 --- a/src/share/common +++ b/src/share/common @@ -76,11 +76,10 @@ log() { fi if [ "$priority" = "$level" -a "$output" = 'true' ] ; then if [ "$1" ] ; then - echo -n "ms: " >&2 - echo "$@" >&2 + echo "$@" else - cat >&2 - fi + cat + fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2 fi done } -- cgit v1.2.3 From db21b3340c2b7ade19eaecb306814fc0e54666f1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 10 Mar 2009 02:06:25 -0400 Subject: cleaning up a lingering non-portable mktemp invocation. --- .../security/monkeysphere/files/patch-src_monkeysphere-host | 11 +++++++++++ src/monkeysphere-host | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host (limited to 'src/monkeysphere-host') diff --git a/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host new file mode 100644 index 0000000..9414c73 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-src_monkeysphere-host @@ -0,0 +1,11 @@ +--- src/monkeysphere-host ++++ src/monkeysphere-host +@@ -103,7 +103,7 @@ update_gpg_pub_file() { + load_fingerprint() { + if [ -f "$HOST_KEY_FILE" ] ; then + HOST_FINGERPRINT=$( \ +- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ ++ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \ + && gpg --quiet --import \ + && gpg --quiet --list-keys --with-colons --with-fingerprint \ + && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ diff --git a/src/monkeysphere-host b/src/monkeysphere-host index b052ca1..6136399 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -103,7 +103,7 @@ update_gpg_pub_file() { load_fingerprint() { if [ -f "$HOST_KEY_FILE" ] ; then HOST_FINGERPRINT=$( \ - (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \ + (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \ && gpg --quiet --import \ && gpg --quiet --list-keys --with-colons --with-fingerprint \ && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ -- cgit v1.2.3