From 0655d5cbf24a29da4aff7e272e82bfa258b2ceed Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 21:14:22 -0500 Subject: new function to export signatures from core to sphere keyrings. this is so that the sphere does not have to read the core pubring to get the certifier ltsigs, and we can therefore keep tighter permissions on the core keyring files. updated some comments/documentation as well. --- src/share/ma/setup | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/share/ma/setup') diff --git a/src/share/ma/setup b/src/share/ma/setup index 672a960..229166b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -34,12 +34,10 @@ EOF # Edits will be overwritten. no-greeting primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg -keyring ${GNUPGHOME_CORE}/pubring.gpg - list-options show-uid-validity EOF - # fingerprint of core key. this should be empty on unconfigured systems. + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then @@ -57,7 +55,7 @@ EOF # date. < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" - gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key + # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then failure "Failed to create Monkeysphere authentication trust core!" -- cgit v1.2.3 From 44a499dd669cc20e77e35c2f7ffcbc2a8f08ec29 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 22:48:36 -0500 Subject: Fix a bug in setup where gpg was called instead of gpg_core. This could have caused serious data loss for the running user. Should note to be carefull with this in the future. Also fix ownership on sphere gnupghome. --- src/share/ma/setup | 12 ++++++++++-- tests/basic | 1 - 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'src/share/ma/setup') diff --git a/src/share/ma/setup b/src/share/ma/setup index 229166b..263e5ca 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,8 +15,11 @@ setup() { # make all needed directories mkdir -p "${MADATADIR}" mkdir -p "${MATMPDIR}" - mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" + chmod 700 "${GNUPGHOME_CORE}" + mkdir -p "${GNUPGHOME_SPHERE}" + chmod 700 "${GNUPGHOME_SPHERE}" + mkdir -p "${MADATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? @@ -37,6 +40,11 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF + # make sure the monkeysphere user owns everything in th sphere + # gnupghome + chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) @@ -53,7 +61,7 @@ EOF # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) diff --git a/tests/basic b/tests/basic index 99a881b..4d2266e 100755 --- a/tests/basic +++ b/tests/basic @@ -220,7 +220,6 @@ echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # set up monkeysphere authentication echo "##################################################" echo "### setup monkeysphere authentication..." -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ cat <> "$TEMPDIR"/monkeysphere-authentication.conf AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" -- cgit v1.2.3 From c1900d82be5fe3607bac4248033fe92b56dca597 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 23:05:31 -0500 Subject: add some log debug output to ma-setup --- src/share/ma/setup | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src/share/ma/setup') diff --git a/src/share/ma/setup b/src/share/ma/setup index 263e5ca..90f748e 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -49,34 +49,39 @@ EOF local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then - log info "Setting up Monkeysphere authentication trust core" + log info "Setting up Monkeysphere authentication trust core..." local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 Date: Mon, 2 Feb 2009 11:34:26 -0500 Subject: add ability to specify key length of core secret key, so the test scripts can specify something smaller than the default. --- src/monkeysphere-authentication | 2 ++ src/share/ma/setup | 6 +++--- tests/basic | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src/share/ma/setup') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 2316183..4485bd4 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -138,6 +138,7 @@ CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"} GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"} +CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} # export variables needed in su invocation export DATE @@ -150,6 +151,7 @@ export REQUIRED_USER_KEY_CAPABILITY export GNUPGHOME_CORE export GNUPGHOME_SPHERE export GNUPGHOME +export CORE_KEYLENGTH # get subcommand COMMAND="$1" diff --git a/src/share/ma/setup b/src/share/ma/setup index 90f748e..422cfd3 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -56,13 +56,13 @@ EOF local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" # generate the key with ssh-keygen... - log debug "generating ssh key..." - ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" + log debug "generating ssh key ($CORE_KEYLENGTH bits)..." + ssh-keygen -q -b "$CORE_KEYLENGTH" -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" # and then translate to openpgp encoding and import # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. - log debug "converting ssh key to pgp key and importing into core..." + log debug "converting ssh key to openpgp key and importing into core..." < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point diff --git a/tests/basic b/tests/basic index 4d2266e..5e233aa 100755 --- a/tests/basic +++ b/tests/basic @@ -132,6 +132,7 @@ export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) export MONKEYSPHERE_CHECK_KEYSERVER=false export MONKEYSPHERE_LOG_LEVEL=DEBUG +export MONKEYSPHERE_CORE_KEYLENGTH=1024 export SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket -- cgit v1.2.3