From 677afe2dcae7ea83adfadc42eac93f5301aa0476 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 23 Jun 2008 17:55:56 -0400 Subject: unless a problem comes up, monkeysphere-server should return an error code of 0. --- src/monkeysphere-server | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/monkeysphere-server') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index f68f391..b989816 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -21,6 +21,9 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up GREP_OPTIONS= +# assuming other problems don't crop up, we'll return 0 as success +ERR=0 + ######################################################################## # FUNCTIONS ######################################################################## -- cgit v1.2.3 From 438d1fa8881a1f8359b5e91932bf42addefbffca Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 23 Jun 2008 19:02:58 -0400 Subject: switched shortcut for monkeysphere-server update-users to "u", added some FIXMEs to monkeysphere-server. --- man/man8/monkeysphere-server.8 | 4 ++-- src/common | 4 ++-- src/monkeysphere-server | 9 ++++++++- 3 files changed, 12 insertions(+), 5 deletions(-) (limited to 'src/monkeysphere-server') diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index e821e63..f808eff 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -28,8 +28,8 @@ file are processed, and the user's authorized_keys file in /var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is set, then a user-controlled authorized_keys file (usually -~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k' -may be used in place of `update-known_hosts'. +~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u' +may be used in place of `update-users. .TP .B gen-key Generate a gpg key for the host. `g' may be used in place of diff --git a/src/common b/src/common index 9dcc5e8..9fd156b 100644 --- a/src/common +++ b/src/common @@ -109,7 +109,7 @@ translate_ssh_variables() { echo "$path" } -### CONVERTION UTILITIES +### CONVERSION UTILITIES # output the ssh key for a given key ID gpg2ssh() { @@ -263,7 +263,7 @@ process_user_id() { fi requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") - # if CHECK_KEYSERVER variable set, check the keyserver + # if CHECK_KEYSERVER variable set to true, check the keyserver # for the user ID if [ "$CHECK_KEYSERVER" = "true" ] ; then gpg_fetch_userid "$userID" diff --git a/src/monkeysphere-server b/src/monkeysphere-server index b989816..11e593b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -171,7 +171,7 @@ mkdir -p -m 0700 "$GNUPGHOME" mkdir -p "${CACHE}/authorized_keys" case $COMMAND in - 'update-users'|'update-user'|'s') + 'update-users'|'update-user'|'u') if [ "$1" ] ; then # get users from command line unames="$@" @@ -196,6 +196,9 @@ case $COMMAND in # skip user if authorized_user_ids file does not exist if [ ! -f "$authorizedUserIDs" ] ; then + #FIXME: what about a user with no authorized_user_ids + # file, but with an authorized_keys file when + # USER_CONTROLLED_AUTHORIZED_KEYS is set? continue fi @@ -207,6 +210,10 @@ case $COMMAND in # skip if the user's authorized_user_ids file is empty if [ ! -s "$authorizedUserIDs" ] ; then log "authorized_user_ids file '$authorizedUserIDs' is empty." + #FIXME: what about a user with an empty + # authorized_user_ids file, but with an + # authorized_keys file when + # USER_CONTROLLED_AUTHORIZED_KEYS is set? continue fi -- cgit v1.2.3 From 0fac6a0db5524d6b9824ef205bdd809ad762fd32 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 23 Jun 2008 19:09:25 -0400 Subject: authorized_keys files appear to need to be readable by the user logging in. --- src/monkeysphere-server | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/monkeysphere-server') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 11e593b..35e0096 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -231,6 +231,13 @@ case $COMMAND in fi fi + # openssh appears to check the contents of the + # authorized_keys file as the user in question, so the file + # must be readable by that user at least. + # FIXME: is there a better way to do this? + chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" + chmod g+r "$AUTHORIZED_KEYS" + # move the temp authorized_keys file into place mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}" -- cgit v1.2.3 From abedea11eca1cf2294196cb6cd39d40f4877f7d4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 23 Jun 2008 19:15:09 -0400 Subject: updating monkeysphere-server usage to reflect new shortcut for update-users. --- src/monkeysphere-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/monkeysphere-server') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 35e0096..e099a74 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -34,7 +34,7 @@ usage: $PGRM [args] MonkeySphere server admin tool. subcommands: - update-users (s) [USER]... update users authorized_keys files + update-users (u) [USER]... update users authorized_keys files gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver -- cgit v1.2.3