From 0cc9a8f041a9b9b97e7f5f24f71a92961e54c4f2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:29:30 -0500 Subject: clean up how trust level was check in ma/setup, with some debug output --- src/share/ma/setup | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index 034f047..894db84 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -85,7 +85,10 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "check trust level of core key..." - if [ "1:3:1" != $(gpg_sphere --with-colons --fixed-list-mode --list-keys | head -n1 | grep ^tru: cut -f3,6,7 -d:) ] ; then + local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + | head -n1 | grep "^tru:" | cut -d: -f3,6,7) + log debug "trust level: $TRUST_LEVEL" + if [ "$TRUST_LEVEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." fi } -- cgit v1.2.3 From 904a1d633f71836b9e8a11f1656d535c3d7e0897 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 13:30:57 -0500 Subject: add ability to supress confirmation prompt in ma/add_certifier fix some logging output --- src/share/ma/add_certifier | 28 ++++++++++++++++++++-------- src/share/ma/remove_certifier | 3 ++- src/share/mh/add_revoker | 4 ++-- 3 files changed, 24 insertions(+), 11 deletions(-) (limited to 'src/share/ma') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index e9731cc..2e53455 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,6 +36,8 @@ local fingerprint local ltsignCommand local trustval +PROMPT=true + # get options while true ; do case "$1" in @@ -51,6 +53,10 @@ while true ; do depth="$2" shift 2 ;; + -y) + PROMPT=false + shift 1 + ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -90,26 +96,32 @@ if [ -f "$keyID" ] ; then fi else # get the key from the key server + log debug "retrieving key from keyserver..." gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi export keyID # get the full fingerprint of a key ID -fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \ - grep '^fpr:' | grep "$keyID" | cut -d: -f10) +log debug "getting fingerprint of certifier key..." +fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -log info -e "\nkey found:" +log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -echo "Are you sure you want to add the above key as a" -read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} -if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Identity certifier not added." +if [ "$PROMPT" = true ] ; then + echo "Are you sure you want to add the above key as a" + read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Identity certifier not added." + fi +else + log debug "adding key without prompting." fi # export the key to the core keyring so that the core can sign the @@ -151,7 +163,7 @@ if echo "$ltsignCommand" | \ # update the sphere trustdb gpg_sphere "--check-trustdb" - log info -e "\nIdentity certifier added." + log info "Identity certifier added." else failure "Problem adding identify certifier." fi diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 1164162..c7aabea 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -41,7 +41,8 @@ if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then # update the trustdb for the authentication keyring gpg_sphere "--check-trustdb" - log info -e "\nIdentity certifier removed." + log info "" + log info "Identity certifier removed." else failure "Problem removing identity certifier." fi diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 39dfaca..8d160a8 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -74,7 +74,7 @@ if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -log info -e "\nkey found:" +log info "key found:" gpg_host --fingerprint "0x${fingerprint}!" echo "Are you sure you want to add the above key as a" @@ -98,7 +98,7 @@ failure "not implemented yet!" if echo "$addrevokerCommand" | \ gpg_core_edit ; then - log info -e "\nRevoker added." + log info "Revoker added." else failure "Problem adding revoker." fi -- cgit v1.2.3 From 07316c65eb5302a1d5385301876be7971e26fd1f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 16:17:00 -0500 Subject: fix reference to MONKEYSPHER_USER in ma/setup --- src/monkeysphere-host | 3 +++ src/share/ma/setup | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src/share/ma') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 4aab995..f79c2bb 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -123,6 +123,9 @@ create_gpg_pub_file() { # load the host fingerprint into the fingerprint variable, using the # export gpg pub key file +# FIXME: this seems much less than ideal, with all this temp keyring +# stuff. is there a way we can do this without having to create temp +# files? load_fingerprint() { if [ -f "$HOST_KEY_PUB_GPG" ] ; then HOST_FINGERPRINT=$( \ diff --git a/src/share/ma/setup b/src/share/ma/setup index 894db84..0cd92e0 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -40,10 +40,10 @@ primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF - # make sure the monkeysphere user owns everything in th sphere + # make sure the monkeysphere user owns everything in the sphere # gnupghome - chown -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" - chgrp -R "$MONKEYPSHER_USER" "${GNUPGHOME_SPHERE}" + chown -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}" + chgrp -R "$MONKEYPSHERE_USER" "${GNUPGHOME_SPHERE}" # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) -- cgit v1.2.3 From f54abea9da2be063b0d0ed974f6130b303b2a1c7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:19:35 -0500 Subject: Fix the ma/setup function: - fix reference to MONKEYSPHERE_USER for GNUPGHOME_SPHERE - break out core_fingerprint function - export core key to sphere keyring (necessary) - fix some logging (add more debug) and formatting --- src/monkeysphere-authentication | 19 ++++++++++++------- src/share/ma/setup | 35 ++++++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 18 deletions(-) (limited to 'src/share/ma') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 6d2e72c..a33de1e 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -75,17 +75,12 @@ gpg_core() { GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME - # NOTE: we supress this warning because we need the monkeysphere - # user to be able to read the host pubring. we realize this might - # be problematic, but it's the simplest solution, without too much - # loss of security. gpg "$@" } # function to interact with the gpg sphere keyring -# FIXME: this function requires basically accepts only a single -# argument because of problems with quote expansion. this needs to be -# fixed/improved. +# FIXME: this function requires only a single argument because of +# problems with quote expansion. this needs to be fixed/improved. gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME @@ -93,8 +88,18 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# load the core fingerprint into the fingerprint variable, using the +# gpg host secret key +core_fingerprint() { + log debug "determining core key fingerprint..." + gpg_core --quiet --list-secret-key \ + --with-colons --fixed-list-mode --with-fingerprint \ + | grep ^fpr: | cut -d: -f10 +} + # export signatures from core to sphere gpg_core_sphere_sig_transfer() { + log debug "exporting core local sigs to sphere..." gpg_core --export-options export-local-sigs --export | \ gpg_sphere --import-options import-local-sigs --import } diff --git a/src/share/ma/setup b/src/share/ma/setup index 0cd92e0..5960ab4 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -23,6 +23,7 @@ setup() { # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? + log debug "write core gpg.conf..." cat >"${GNUPGHOME_CORE}"/gpg.conf <"${GNUPGHOME_SPHERE}"/gpg.conf < Date: Thu, 12 Feb 2009 18:23:05 -0500 Subject: fix some things in ma certifier functions: - fix left over bad invocations of gpg_sphere --list-keys - add some more debug log output --- src/share/ma/add_certifier | 5 ++++- src/share/ma/list_certifiers | 15 +++++++++++---- src/share/ma/remove_certifier | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) (limited to 'src/share/ma') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 2e53455..28c229a 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -102,7 +102,7 @@ fi export keyID -# get the full fingerprint of a key ID +# get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) @@ -126,6 +126,7 @@ fi # export the key to the core keyring so that the core can sign the # new certifier key +log debug "exporting retrieved certifier key to core keyring..." gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import case "$trust" in @@ -154,6 +155,7 @@ EOF ) # core ltsigns the newly imported certifier key +log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then @@ -161,6 +163,7 @@ if echo "$ltsignCommand" | \ gpg_core_sphere_sig_transfer # update the sphere trustdb + log debug "updating sphere trustdb..." gpg_sphere "--check-trustdb" log info "Identity certifier added." diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index e37485e..d8b8f33 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -18,13 +18,20 @@ list_certifiers() { local keys local key -# find trusted keys in authentication keychain -keys=$(gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-keys --with-colons --fingerprint" | \ - grep ^pub: | cut -d: -f2,5 | egrep '^(u|f):' | cut -d: -f2) +# find trusted keys in sphere keychain +log debug "finding trusted keys..." + +# NOTE: looking for only 'f' keys here (used to be '(u|f)'), since the +# only key that should be 'u' is the core key, which is not +# technically a certifier in the sense we're worried about. Is this +# not correct? Should we be sorting out the certifier keys in a +# different way? +keys=$(gpg_sphere "--list-keys --with-colons --fingerprint" | \ + grep ^pub: | cut -d: -f2,5 | egrep '^f:' | cut -d: -f2) # output keys for key in $keys ; do - gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key --fingerprint $key" + gpg_sphere "--list-key --fingerprint 0x${key}!" done } diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index c7aabea..4e56264 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -23,7 +23,7 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to remove." fi -if gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key 0x${keyID}!" ; then +if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." -- cgit v1.2.3 From 58244d7d9e2d6aa2220bd2e692b2370de283cc23 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:30:38 -0500 Subject: fix typo --- src/share/ma/setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index 5960ab4..533e6a1 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -44,7 +44,7 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome - log debuf "fix sphere gnupg home ownership..." + log debug "fix sphere gnupg home ownership..." chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" -- cgit v1.2.3 From 5d6d207f7c1ad3e4545484fbab84ce25ef756ea0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 12 Feb 2009 18:32:32 -0500 Subject: no longer require the primary-keyring for the sphere gpg.conf now that we use a single keyring --- src/share/ma/setup | 1 - 1 file changed, 1 deletion(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index 533e6a1..09c356c 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -38,7 +38,6 @@ EOF # This file is maintained by the Monkeysphere software. # Edits will be overwritten. no-greeting -primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg list-options show-uid-validity EOF -- cgit v1.2.3 From 65e8a49c924eac3c46c93cb4bb9be9c739a58983 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 18:39:38 -0500 Subject: tweak some of the log output inconsequentially --- src/share/ma/setup | 12 ++++++------ src/share/mh/set_expire | 3 +++ tests/basic | 1 - 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index 5960ab4..e5109fd 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -23,7 +23,7 @@ setup() { # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? - log debug "write core gpg.conf..." + log debug "writing core gpg.conf..." cat >"${GNUPGHOME_CORE}"/gpg.conf <"${GNUPGHOME_SPHERE}"/gpg.conf < Date: Thu, 12 Feb 2009 19:08:21 -0500 Subject: trust level != trust model --- src/share/ma/setup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index 09c356c..8032023 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -96,11 +96,11 @@ EOF # ensure that we're using the extended trust model (1), and that # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. - log debug "checking trust level of core key..." - local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + log debug "checking trust model for authentication ..." + local TRUST_MODEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) - log debug "sphere trust level of core: $TRUST_LEVEL" - if [ "$TRUST_LEVEL" != '1:3:1' ] ; then + log debug "sphere trust model: $TRUST_MODEL" + if [ "$TRUST_MODEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." fi } -- cgit v1.2.3 From 387848dfa7081364094a71ff70f65bb1cbd83d8b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 19:10:12 -0500 Subject: fix some calls to gpg_sphere that where not putting all arguments into a single argument, as required by the strange su requirements. --- src/monkeysphere-authentication | 2 +- src/share/ma/setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/share/ma') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index a33de1e..18057e5 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -101,7 +101,7 @@ core_fingerprint() { gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." gpg_core --export-options export-local-sigs --export | \ - gpg_sphere --import-options import-local-sigs --import + gpg_sphere "--import-options import-local-sigs --import" } ######################################################################## diff --git a/src/share/ma/setup b/src/share/ma/setup index e5109fd..216b0b9 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust level of core key..." - local TRUST_LEVEL=$(gpg_sphere --with-colons --fixed-list-mode --list-keys \ + local TRUST_LEVEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust level of core: $TRUST_LEVEL" if [ "$TRUST_LEVEL" != '1:3:1' ] ; then -- cgit v1.2.3 From 4b1b309608a55494cc94fee9bd9153d09fb3040a Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 12 Feb 2009 19:13:19 -0500 Subject: fix something that was resolved improperly in the previous merge. --- src/share/ma/setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share/ma') diff --git a/src/share/ma/setup b/src/share/ma/setup index f989db6..02fc069 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -97,7 +97,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_LEVEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then -- cgit v1.2.3 From 54e5dd2bd3d63238142c748c64fdf66135a47136 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 00:36:07 -0500 Subject: fix a couple of left over references to expert --- src/monkeysphere-authentication | 4 ++-- src/monkeysphere-host | 3 ++- src/share/ma/diagnostics | 2 +- src/share/mh/diagnostics | 2 +- tests/basic | 12 ++++++------ 5 files changed, 12 insertions(+), 11 deletions(-) (limited to 'src/share/ma') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 4a09527..465777d 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -86,8 +86,8 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } -# load the core fingerprint into the fingerprint variable, using the -# gpg host secret key +# output to stdout the core fingerprint from the gpg core secret +# keyring core_fingerprint() { log debug "determining core key fingerprint..." gpg_core --quiet --list-secret-key \ diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 6220760..8562ec6 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -181,7 +181,8 @@ show_key() { | grep '^fpr:' | cut -d: -f10 ) # list the host key info - gpg --list-key --fingerprint --list-options show-unusable-uids 2>/dev/null + gpg --list-keys --fingerprint \ + --list-options show-unusable-uids 2>/dev/null # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 45a8ce2..0411080 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -120,7 +120,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-authentication expert diagnostics" + echo " monkeysphere-authentication diagnostics" else echo "Everything seems to be in order!" fi diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 96065e6..d774723 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -152,7 +152,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-host expert diagnostics" + echo " monkeysphere-host diagnostics" else echo "Everything seems to be in order!" fi diff --git a/tests/basic b/tests/basic index 4c19a85..d78a594 100755 --- a/tests/basic +++ b/tests/basic @@ -170,17 +170,17 @@ echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +echo "##################################################" +echo "### getting host key fingerprint..." +HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$HOSTKEYID" + # change host key expiration echo "##################################################" echo "### setting host key expiration..." monkeysphere-host set-expire 1 # FIXME: how do we check that the expiration has really been set? -echo "##################################################" -echo "### getting host key fingerprint..." -HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) -echo "$HOSTKEYID" - # certify host key with the "Admin's Key". # (this would normally be done via keyservers) echo "##################################################" @@ -236,7 +236,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "##################################################" echo "### export testuser key to server..." -gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import +gpg --export testuser | monkeysphere-authentication gpg-cmd --import # update authorized_keys for user echo "##################################################" -- cgit v1.2.3 From 440ee625fb6bd21ccb21f458a3d2474b19a174fe Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 17 Feb 2009 00:56:34 -0500 Subject: update m-a list-identity-certifiers: output is not yet human-readable, but it should be more accurate. --- src/share/ma/list_certifiers | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) (limited to 'src/share/ma') diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index d8b8f33..5a0388e 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -17,21 +17,42 @@ list_certifiers() { local keys local key +local authfpr # find trusted keys in sphere keychain log debug "finding trusted keys..." -# NOTE: looking for only 'f' keys here (used to be '(u|f)'), since the -# only key that should be 'u' is the core key, which is not -# technically a certifier in the sense we're worried about. Is this -# not correct? Should we be sorting out the certifier keys in a -# different way? -keys=$(gpg_sphere "--list-keys --with-colons --fingerprint" | \ - grep ^pub: | cut -d: -f2,5 | egrep '^f:' | cut -d: -f2) - -# output keys -for key in $keys ; do - gpg_sphere "--list-key --fingerprint 0x${key}!" +# FIXME: this assumes that the keygrip (16 hex chars) is unique; we're +# only searching by keygrip at the moment. + +authgrip=$(core_fingerprint | cut -b 25-40) + +# We're walking the list of known signatures, and extracting all trust +# signatures made by the core fingerprint and known to the sphere +# keyring. + +# for each one of these, we're printing (colon-delimited): the +# fingerprint, the trust depth, the trust level (60 == marginal, 120 +# == full), and the domain regex (if any): + +gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ + cut -f 1,2,5,8,9,10 -d: | \ + egrep '^(fpr:::::|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ + while IFS=: read -r type validity grip trustparams trustdomain fpr ; do + case $type in + 'fpr') # this is a new key + keyfpr=$fpr + ;; + 'sig') # print all trust signatures, including regexes if present + trustdepth=${trustparams%% *} + trustlevel=${trustparams##* } + + # FIXME: this is clumsy and not human-friendly. we should + # print out more human-readable information, if possible. + printf "%s:%d:%d:%s\n" "$keyfpr" "$trustdepth" "$trustlevel" "$trustdomain" + ;; + esac done + } -- cgit v1.2.3 From a2a3d02d1aaf2d3dae3afea90c85cd6ca9f7ce4d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 15:19:40 -0500 Subject: add some checks about setup to authentication --- man/man8/monkeysphere-authentication.8 | 6 ++++-- src/monkeysphere-authentication | 13 +++++++++++++ src/share/ma/setup | 4 +++- 3 files changed, 20 insertions(+), 3 deletions(-) (limited to 'src/share/ma') diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 4187c70..9b8baa9 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -24,8 +24,10 @@ authentication. \fBmonkeysphere-authentication\fP takes various subcommands. .TP .B setup -Setup the server for Monkeysphere user authentication. `s' may be -used in place of `setup'. +Setup the server for Monkeysphere user authentication. This command +is idempotent, which means it can be run multiple times to make sure +the setup is correct, without adversely affecting existing setups. +`s' may be used in place of `setup'. .TP .B update-users [ACCOUNT]... Rebuild the monkeysphere-controlled authorized_keys files. For each diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 465777d..60cb5f2 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -95,6 +95,14 @@ core_fingerprint() { | grep ^fpr: | cut -d: -f10 } +# fail if authentication has not been setup +check_no_setup() { + # FIXME: what is the right test to do here? + [ -d "$MADATADIR" ] \ + || failure "This host appears to have not yet been set up for Monkeysphere authentication. +Please run 'monkeysphere-authentication setup' first." +} + # export signatures from core to sphere gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." @@ -155,21 +163,25 @@ case $COMMAND in ;; 'update-users'|'update-user'|'u') + check_no_setup source "${MASHAREDIR}/update_users" update_users "$@" ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_no_setup source "${MASHAREDIR}/add_certifier" add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_no_setup source "${MASHAREDIR}/remove_certifier" remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_no_setup source "${MASHAREDIR}/list_certifiers" list_certifiers "$@" ;; @@ -180,6 +192,7 @@ case $COMMAND in ;; 'gpg-cmd') + check_no_setup gpg_sphere "$@" ;; diff --git a/src/share/ma/setup b/src/share/ma/setup index 02fc069..f59187b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -70,7 +70,7 @@ EOF fi else - log verbose "This system has already set up the Monkeysphere authentication trust core." + log verbose "Monkeysphere authentication trust core already exists." fi # export the core key to the sphere keyring @@ -91,6 +91,7 @@ EOF fi else failure "Could not get monkeysphere-authentication trust guidelines." + # FIXME: what does this mean? should we suggest how to fix? fi # ensure that we're using the extended trust model (1), and that @@ -102,5 +103,6 @@ EOF log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." + # FIXME: what does this mean? should we suggest how to fix? fi } -- cgit v1.2.3 From d2874b94fedbe6d043d44ca3562879251e6ea10f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 19:09:44 -0500 Subject: add ability to bypass prompting with a MONKEYSPHERE_PROMPT variable, for functions that prompt for confirmation. Also fix publish_key function (NOT TESTED). --- src/monkeysphere-authentication | 9 +++++++-- src/monkeysphere-host | 13 +++++++++---- src/share/ma/add_certifier | 8 +------- src/share/ma/remove_certifier | 7 +++++-- src/share/mh/add_hostname | 14 +++++++++----- src/share/mh/add_revoker | 12 ++++++++---- src/share/mh/publish_key | 29 +++++++++++++++++++++++++---- src/share/mh/revoke_hostname | 14 +++++++++----- src/share/mh/set_expire | 9 +++++++++ tests/basic | 2 +- 10 files changed, 83 insertions(+), 34 deletions(-) (limited to 'src/share/ma') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 60cb5f2..c349e6f 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -114,11 +114,14 @@ gpg_core_sphere_sig_transfer() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset AUTHORIZED_USER_IDS unset RAW_AUTHORIZED_KEYS unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG" @@ -130,6 +133,7 @@ KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -142,8 +146,9 @@ CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT export CHECK_KEYSERVER export REQUIRED_USER_KEY_CAPABILITY export GNUPGHOME_CORE diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a7b9697..2dc6003 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -177,6 +177,7 @@ show_key() { # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT + # import the host key into the tmp dir gpg --quiet --import <"$HOST_KEY_FILE" HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ @@ -208,9 +209,12 @@ show_key() { # MAIN ######################################################################## -# unset variables that should be defined only in config file +# unset variables that should be defined only in config file of in +# MONKEYSPHERE_ variables +unset LOG_LEVEL unset KEYSERVER unset MONKEYSPHERE_USER +unset PROMPT # load configuration file [ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG" @@ -219,9 +223,8 @@ unset MONKEYSPHERE_USER # defaults LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} -AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} -RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} +PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} @@ -231,8 +234,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} export DATE export MODE export LOG_LEVEL -export MONKEYSPHERE_USER export KEYSERVER +export MONKEYSPHERE_USER +export PROMPT +export CHECK_KEYSERVER export GNUPGHOME_HOST export GNUPGHOME export HOST_FINGERPRINT= diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 28c229a..54ea673 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -36,8 +36,6 @@ local fingerprint local ltsignCommand local trustval -PROMPT=true - # get options while true ; do case "$1" in @@ -53,10 +51,6 @@ while true ; do depth="$2" shift 2 ;; - -y) - PROMPT=false - shift 1 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -114,7 +108,7 @@ fi log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" -if [ "$PROMPT" = true ] ; then +if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 4e56264..8271ae0 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -23,13 +23,16 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to remove." fi -if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then +# FIXME: should we be doing a fancier list_certifier output here? +gpg_core --list-key --fingerprint "0x${keyID}!" || failure + +if [ "$PROMPT" = "true" ] ; then read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi else - failure + log debug "certifier removed without prompting." fi # delete the requested key from the sphere keyring diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 910faf6..70bbec3 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -31,11 +31,15 @@ userID="ssh://${1}" find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." -echo "The following user ID will be added to the host key:" -echo " $userID" -read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not added." +if [ "$PROMPT" = "true" ] ; then + echo "The following user ID will be added to the host key:" + echo " $userID" + read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not added." + fi +else + log debug "adding user ID without prompting." fi # edit-key script command to add user ID diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 1464ae8..b4113df 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -77,10 +77,14 @@ fi log info "key found:" gpg_host --fingerprint "0x${fingerprint}!" -echo "Are you sure you want to add the above key as a" -read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} -if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Revoker not added." +if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "revoker not added." + fi +else + log debug "adding revoker without prompting." fi # edit-key script to add revoker diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 600dfcf..b433ad7 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -15,12 +15,33 @@ publish_key() { -read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "key not published." +local GNUPGHOME + +if [ "$PROMPT" = "true" ] ; then + read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "key not published." + fi +else + log debug "publishing key without prompting." fi +# create a temporary gnupg directory from which to publish the key +export GNUPGHOME=$(mktemp -d) + +# trap to remove tmp dir if break +trap "rm -rf $GNUPGHOME" EXIT + +# import the host key into the tmp dir +su_monkeysphere_user \ + "gpg --quiet --import" <"$HOST_KEY_FILE" + # publish host key -gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" +su_monkeysphere_user \ + "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" + +# remove the tmp file +trap - EXIT +rm -rf "$GNUPGHOME" } diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 99ba603..77f1f0d 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -42,11 +42,15 @@ userID="ssh://${1}" uidIndex=$(find_host_userid) || \ failure "No non-revoked user ID found matching '$userID'." -echo "The following host key user ID will be revoked:" -echo " $userID" -read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not revoked." +if [ "$PROMPT" = "true" ] ; then + echo "The following host key user ID will be revoked:" + echo " $userID" + read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." + fi +else + log debug "revoking user ID without prompting." fi # edit-key script command to revoke user ID diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 0b581d9..14d2501 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -21,6 +21,15 @@ local extendTo # get the new expiration date extendTo=$(get_gpg_expiration "$1") +if [ "$PROMPT" = "true" ] ; then + read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "expiration not set." + fi +else + log debug "extending without prompting." +fi + log info "setting host key expiration to ${extendTo}:" log debug "executing host expire script..." diff --git a/tests/basic b/tests/basic index d78a594..9114f32 100755 --- a/tests/basic +++ b/tests/basic @@ -242,7 +242,7 @@ gpg --export testuser | monkeysphere-authentication gpg-cmd --import echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) -# FIXME: NOT FAILING PROPERLY FOR: +# FIXME: this is maybe not failing properly for: # ms: improper group or other writability on path '/tmp'. -- cgit v1.2.3