From 88b19565bced6d9ec9b035d1f9fe51ce6567923b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 18 Feb 2009 20:38:23 -0500 Subject: add no-tty, quiet, and no-greeting to gpg wrapper invocations to supress as much gpg output as possible. then cleanup gpg invocations. --- src/share/ma/add_certifier | 5 ++--- src/share/ma/list_certifiers | 1 - src/share/ma/setup | 12 ++++++------ src/share/mh/add_revoker | 4 ++-- src/share/mh/import_key | 2 +- 5 files changed, 11 insertions(+), 13 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index d34f0de..2f29759 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -151,15 +151,14 @@ EOF # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ - gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \ - 2>&1 | log debug ; then + gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer # update the sphere trustdb log debug "updating sphere trustdb..." - gpg_sphere "--check-trustdb" 2>&1 | log debug + gpg_sphere "--check-trustdb" log info "Identity certifier added." else diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers index a02487d..38a3222 100644 --- a/src/share/ma/list_certifiers +++ b/src/share/ma/list_certifiers @@ -86,5 +86,4 @@ gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \ esac done - } diff --git a/src/share/ma/setup b/src/share/ma/setup index a17e4f2..6969d71 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -59,7 +59,7 @@ EOF log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." PEM2OPENPGP_USAGE_FLAGS=certify \ PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \ - | gpg_core --import 2>&1 | log debug \ + | gpg_core --import \ || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point @@ -75,17 +75,17 @@ EOF # export the core key to the sphere keyring log debug "exporting core pub key to sphere keyring..." - gpg_core --quiet --export | gpg_sphere "--quiet --import" + gpg_core --export | gpg_sphere "--import" # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." - printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust" - gpg_sphere "--export-ownertrust" 2>&1 | log debug + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust" + gpg_sphere "--export-ownertrust" # check the owner trust log debug "checking gpg_sphere owner trust set properly..." local ORIG_TRUST - if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then + if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." fi @@ -98,7 +98,7 @@ EOF # our preferences are reasonable (i.e. 3 marginal OR 1 fully # trusted certifications are sufficient to grant full validity. log debug "checking trust model for authentication ..." - local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \ + local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \ | head -n1 | grep "^tru:" | cut -d: -f3,6,7) log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index b4113df..dfce4e1 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -57,10 +57,10 @@ else # download the key from the keyserver as the monkeysphere user su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!" + "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" # export the new key to the host keyring - su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \ + su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ | gpg_host --import fi diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 557bb7f..266bf05 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -46,7 +46,7 @@ chmod 700 "${GNUPGHOME_HOST}" log verbose "importing ssh key..." # translate ssh key to a private key PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import 2>&1 | log debug + | gpg_host --import # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key -- cgit v1.2.3 From 62374dd1c16a2719202955ad3fe878be5cc14dba Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 18 Feb 2009 20:56:14 -0500 Subject: new msmktempdir function, to simplify making temporary directories. remove MHTMPDIR, since it's not needed. --- src/monkeysphere-host | 6 +----- src/share/common | 5 +++++ src/share/m/gen_subkey | 2 +- src/share/m/import_subkey | 2 +- src/share/m/subkey_to_ssh_agent | 2 +- src/share/mh/add_revoker | 2 +- src/share/mh/import_key | 1 - src/share/mh/publish_key | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) (limited to 'src/share') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 7e8dd27..a86a8c9 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -32,10 +32,6 @@ MHSHAREDIR="${SYSSHAREDIR}/mh" # datadir for host functions MHDATADIR="${SYSDATADIR}/host" -# temp directory for temp gnupghome directories for add_revoker -MHTMPDIR="${MHDATADIR}/tmp" -export MHTMPDIR - # host pub key files HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" @@ -171,7 +167,7 @@ show_key() { local GNUPGHOME # tmp gpghome dir - export GNUPGHOME=$(mktemp -d) + export GNUPGHOME=$(msmktempdir) # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT diff --git a/src/share/common b/src/share/common index 4120259..6b7d51b 100644 --- a/src/share/common +++ b/src/share/common @@ -134,6 +134,11 @@ cutline() { head --line="$1" "$2" | tail -1 } +# make a temporary directly +msmktempdir() { + mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX +} + # this is a wrapper for doing lock functions. # # it lets us depend on either lockfile-progs (preferred) or procmail's diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index cbefaa3..19d384d 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -114,7 +114,7 @@ EOF ) log verbose "generating subkey..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + fifoDir=$(msmktempdir) (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index aa89958..8b04456 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -42,7 +42,7 @@ Type '$PGRM help' for usage." done log verbose "importing ssh key..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + fifoDir=$(msmktempdir) (umask 077 && mkfifo "$fifoDir/pass") ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 012c95f..a92718e 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -64,7 +64,7 @@ You might want to run 'gpg --gen-key'." You might want to 'monkeysphere gen-subkey'" fi - workingdir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + workingdir=$(msmktempdir) umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index dfce4e1..bdcb749 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -53,7 +53,7 @@ if [ -f "$keyID" ] ; then fi else # create a temporary directory for storing the downloaded key - TMPLOC=$(mktemp -d "${MHTMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + TMPLOC=$(msmktempdir) || failure "Could not create temporary directory!" # download the key from the keyserver as the monkeysphere user su_monkeysphere_user \ diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 266bf05..cca40fa 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -39,7 +39,6 @@ userID="ssh://${hostName}" # create host home mkdir -p "${MHDATADIR}" -mkdir -p "${MHTMPDIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b433ad7..37b8a72 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -27,7 +27,7 @@ else fi # create a temporary gnupg directory from which to publish the key -export GNUPGHOME=$(mktemp -d) +export GNUPGHOME=$(msmktempdir) # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT -- cgit v1.2.3 From a5d96721e78a06f7dd55071ff3ae61370e00324c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 00:14:20 -0500 Subject: moved directory for monkeysphere-generated authorized_keys files back to its old location at /var/lib/monkeysphere/authorized_keys --- man/man8/monkeysphere-authentication.8 | 2 +- src/share/ma/setup | 2 +- src/share/ma/update_users | 2 +- tests/basic | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src/share') diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 56543fb..38df65d 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -161,7 +161,7 @@ If set to `false', never prompt the user for confirmation. (true) /etc/monkeysphere/monkeysphere-authentication.conf System monkeysphere-authentication config file. .TP -/var/lib/monkeysphere/authentication/authorized_keys/USER +/var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .SH AUTHOR diff --git a/src/share/ma/setup b/src/share/ma/setup index 6969d71..248406f 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -19,7 +19,7 @@ setup() { chmod 700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" chmod 700 "${GNUPGHOME_SPHERE}" - mkdir -p "${MADATADIR}"/authorized_keys + mkdir -p "${SYSDATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? diff --git a/src/share/ma/update_users b/src/share/ma/update_users index e9e3cc6..092d108 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -35,7 +35,7 @@ MODE="authorized_keys" GNUPGHOME="$GNUPGHOME_SPHERE" # the authorized_keys directory -authorizedKeysDir="${MADATADIR}/authorized_keys" +authorizedKeysDir="${SYSDATADIR}/authorized_keys" # check to see if the gpg trust database has been initialized if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then diff --git a/tests/basic b/tests/basic index 18e3019..9ae9c1c 100755 --- a/tests/basic +++ b/tests/basic @@ -158,7 +158,7 @@ cp "$TESTDIR"/etc/ssh/sshd_config "$SSHD_CONFIG" # write the sshd_config cat <> "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key -AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authentication/authorized_keys/%u +AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u EOF -- cgit v1.2.3 From 6a7b42ec39aad2e774255b875af7ab40e80bb872 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 00:35:50 -0500 Subject: catch pipe failures more cleanly during key import --- src/share/ma/add_certifier | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 2f29759..7c1441c 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -84,7 +84,8 @@ if [ -f "$keyID" ] ; then # + failure 'could not read key from '\''/root/dkg.gpg'\''' # + echo 'could not read key from '\''/root/dkg.gpg'\''' - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) + keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) || \ + failure "There were no gpg keys in the file." if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi -- cgit v1.2.3 From 68299f9faebcf3c54382aca3d662b35172f6a968 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 00:37:10 -0500 Subject: clean up failure message --- src/share/ma/add_certifier | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 7c1441c..b917a74 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -85,7 +85,7 @@ if [ -f "$keyID" ] ; then # + echo 'could not read key from '\''/root/dkg.gpg'\''' keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) || \ - failure "There were no gpg keys in the file." + failure "There were no gpg keys in the file $keyID." if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi -- cgit v1.2.3 From d09b0814096b1660c3a300e939091a58622a57a6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 18 Feb 2009 22:37:12 -0500 Subject: Cleanup how variables are specified and loaded: - define more common variables in share/common - cleanup how defaults are specified - fix how CHECK_KEYSERVER was determined in monkeysphere Fix calls to update_known_hosts and update_authorized_keys in monkeysphere so that some of the checks are done within the functions themselves, as opposed in the monkeysphere wrapper, so that other functions can call them easier. Fix ssh-proxycommand that had some left over cruft from the transition. --- src/monkeysphere | 80 ++++++++++++++--------------------------- src/monkeysphere-authentication | 35 ++++++++---------- src/monkeysphere-host | 29 +++++++-------- src/share/common | 44 +++++++++++++++++++++++ src/share/m/ssh_proxycommand | 26 +++++++------- 5 files changed, 112 insertions(+), 102 deletions(-) (limited to 'src/share') diff --git a/src/monkeysphere b/src/monkeysphere index da5f406..a626a8e 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -63,41 +63,38 @@ EOF # MAIN ######################################################################## -# unset variables that should be defined only in config file -unset KEYSERVER -unset CHECK_KEYSERVER -unset KNOWN_HOSTS -unset HASH_KNOWN_HOSTS -unset AUTHORIZED_KEYS +# set unset default variables +GNUPGHOME=${GNUPGHOME:="${HOME}/.gnupg"} +KNOWN_HOSTS="${HOME}/.ssh/known_hosts" +HASH_KNOWN_HOSTS="true" +AUTHORIZED_KEYS="${HOME}/.ssh/authorized_keys" # load global config -[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] && . "${SYSCONFIGDIR}/monkeysphere.conf" +[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] \ + && . "${SYSCONFIGDIR}/monkeysphere.conf" # set monkeysphere home directory MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"} mkdir -p -m 0700 "$MONKEYSPHERE_HOME" # load local config -[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] && . "$MONKEYSPHERE_CONFIG" - -# set empty config variables with ones from the environment, or from -# config file, or with defaults -LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} -GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}} -KEYSERVER=${MONKEYSPHERE_KEYSERVER:="$KEYSERVER"} -# if keyserver not specified in env or monkeysphere.conf, -# look in gpg.conf +[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] \ + && . "$MONKEYSPHERE_CONFIG" + +# set empty config variables with ones from the environment +GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=$GNUPGHOME} +LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} +KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} +# if keyserver not specified in env or conf, then look in gpg.conf if [ -z "$KEYSERVER" ] ; then if [ -f "${GNUPGHOME}/gpg.conf" ] ; then KEYSERVER=$(grep -e "^[[:space:]]*keyserver " "${GNUPGHOME}/gpg.conf" | tail -1 | awk '{ print $2 }') fi fi -# if it's still not specified, use the default -KEYSERVER=${KEYSERVER:="subkeys.pgp.net"} -CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} -KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=${KNOWN_HOSTS:="${HOME}/.ssh/known_hosts"}} -HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=${HASH_KNOWN_HOSTS:="true"}} -AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=${AUTHORIZED_KEYS:="${HOME}/.ssh/authorized_keys"}} +PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} +KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=$KNOWN_HOSTS} +HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=$HASH_KNOWN_HOSTS} +AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS} # other variables not in config file AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"} @@ -117,49 +114,26 @@ shift case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') - MODE='known_hosts' + # whether or not to check keyservers + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} - # touch the known_hosts file so that the file permission check - # below won't fail upon not finding the file - (umask 0022 && touch "$KNOWN_HOSTS") - - # check permissions on the known_hosts file path - check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure - - # if hosts are specified on the command line, process just - # those hosts + # if hosts are specified on the command line, process just + # those hosts if [ "$1" ] ; then update_known_hosts "$@" RETURN="$?" - # otherwise, if no hosts are specified, process every host - # in the user's known_hosts file + # otherwise, if no hosts are specified, process every host + # in the user's known_hosts file else - # exit if the known_hosts file does not exist - if [ ! -e "$KNOWN_HOSTS" ] ; then - log error "known_hosts file '$KNOWN_HOSTS' does not exist." - exit - fi - process_known_hosts RETURN="$?" fi ;; 'update-authorized_keys'|'update-authorized-keys'|'a') - MODE='authorized_keys' - - # check permissions on the authorized_user_ids file path - check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" || failure - - # check permissions on the authorized_keys file path - check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure - - # exit if the authorized_user_ids file is empty - if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then - log error "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist." - exit - fi + # whether or not to check keyservers + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} # process authorized_user_ids file process_authorized_user_ids "$AUTHORIZED_USER_IDS" diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 1def4cd..0e60cc4 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -85,7 +85,7 @@ gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME - su_monkeysphere_user "gpg --no-greeting --quiet --no-tty $@" + su_monkeysphere_user "gpg --no-greeting --no-tty $@" } # output to stdout the core fingerprint from the gpg core secret @@ -108,29 +108,24 @@ gpg_core_sphere_sig_transfer() { # MAIN ######################################################################## -# unset variables that should be defined only in config file of in -# MONKEYSPHERE_ variables -unset LOG_LEVEL -unset KEYSERVER -unset AUTHORIZED_USER_IDS -unset RAW_AUTHORIZED_KEYS -unset MONKEYSPHERE_USER -unset PROMPT +# set unset default variables +AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" +RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" # load configuration file -[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG" - -# set empty config variable with ones from the environment, or with -# defaults -LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} -KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} -AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} -RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} -MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} -PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} +[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] \ + && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG" + +# set empty config variable with ones from the environment +LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} +KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} +MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} +AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=$AUTHORIZED_USER_IDS} +RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=$RAW_AUTHORIZED_KEYS} # other variables -CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"} GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"} diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a86a8c9..152b469 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -204,38 +204,31 @@ show_key() { # MAIN ######################################################################## -# unset variables that should be defined only in config file or in -# MONKEYSPHERE_ variables -unset LOG_LEVEL -unset KEYSERVER -unset MONKEYSPHERE_USER -unset PROMPT - # load configuration file -[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG" +[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] \ + && . "$MONKEYSPHERE_HOST_CONFIG" # set empty config variable with ones from the environment, or with # defaults -LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} -KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}} -MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}} -PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}} +LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL} +KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER} +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} +MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER} +PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT} # other variables -CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} # export variables needed in su invocation export DATE -export MODE export LOG_LEVEL export KEYSERVER +export CHECK_KEYSERVER export MONKEYSPHERE_USER export PROMPT -export CHECK_KEYSERVER export GNUPGHOME_HOST export GNUPGHOME -export HOST_FINGERPRINT= +export HOST_FINGERPRINT # get subcommand COMMAND="$1" @@ -302,6 +295,10 @@ case $COMMAND in diagnostics ;; + 'update-gpg-pub-file') + update_gpg_pub_file + ;; + 'version'|'v') echo "$VERSION" ;; diff --git a/src/share/common b/src/share/common index 6b7d51b..96fea77 100644 --- a/src/share/common +++ b/src/share/common @@ -23,6 +23,21 @@ export SYSCONFIGDIR # monkeysphere version VERSION=__VERSION__ +# default log level +LOG_LEVEL="INFO" + +# default keyserver +KEYSERVER="pool.sks-keyservers.net" + +# whether or not to check keyservers by defaul +CHECK_KEYSERVER="true" + +# default monkeysphere user +MONKEYSPHERE_USER="monkeysphere" + +# default about whether or not to prompt +PROMPT="true" + ######################################################################## ### UTILITY FUNCTIONS @@ -800,6 +815,9 @@ process_host_known_hosts() { local sshKey local tmpfile + # set the key processing mode + export MODE='known_hosts' + host="$1" userID="ssh://${host}" @@ -879,6 +897,13 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 + # touch the known_hosts file so that the file permission check + # below won't fail upon not finding the file + (umask 0022 && touch "$KNOWN_HOSTS") + + # check permissions on the known_hosts file path + check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure + # create a lockfile on known_hosts: lock create "$KNOWN_HOSTS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -933,6 +958,11 @@ update_known_hosts() { process_known_hosts() { local hosts + # exit if the known_hosts file does not exist + if [ ! -e "$KNOWN_HOSTS" ] ; then + failure "known_hosts file '$KNOWN_HOSTS' does not exist." + fi + log debug "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -956,6 +986,9 @@ process_uid_authorized_keys() { local ok local sshKey + # set the key processing mode + export MODE='authorized_keys' + userID="$1" log verbose "processing: $userID" @@ -1017,6 +1050,9 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 + # check permissions on the authorized_keys file path + check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure + # create a lockfile on authorized_keys lock create "$AUTHORIZED_KEYS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -1082,6 +1118,14 @@ process_authorized_user_ids() { authorizedUserIDs="$1" + # exit if the authorized_user_ids file is empty + if [ ! -e "$authorizedUserIDs" ] ; then + failure "authorized_user_ids file '$authorizedUserIDs' does not exist." + fi + + # check permissions on the authorized_user_ids file path + check_key_file_permissions "$USER" "$authorizedUserIDs" || failure + log debug "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index cd0a1fb..29040d8 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -15,8 +15,6 @@ # established. Can be added to ~/.ssh/config as follows: # ProxyCommand monkeysphere ssh-proxycommand %h %p -ssh_proxycommand() { - # "marginal case" ouput in the case that there is not a full # validation path to the host output_no_valid_key() { @@ -136,10 +134,9 @@ EOF EOF } -######################################################################## -# export the monkeysphere log level -export MONKEYSPHERE_LOG_LEVEL +# the ssh proxycommand function itself +ssh_proxycommand() { if [ "$1" = '--no-connect' ] ; then NO_CONNECT='true' @@ -170,12 +167,13 @@ URI="ssh://${HOSTP}" # intentionally different than that of running monkeyesphere normally, # and keyserver checking is intentionally done under certain # circumstances. This can be overridden by setting the -# MONKEYSPHERE_CHECK_KEYSERVER environment variable. +# MONKEYSPHERE_CHECK_KEYSERVER environment variable, or by setting the +# CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver - CHECK_KEYSERVER="false" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} # if the host is NOT in the keyring... else @@ -188,20 +186,22 @@ else # FIXME: more nuanced checking should be done here to properly # take into consideration hosts that join monkeysphere by # converting an existing and known ssh key - CHECK_KEYSERVER="false" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} # if the host key is not found in the known_hosts file... else # check the keyserver - CHECK_KEYSERVER="true" + CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} fi fi -# set and export the variable for use by monkeysphere -MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} -export MONKEYSPHERE_CHECK_KEYSERVER + +# finally look in the MONKEYSPHERE_ environment variable for a +# CHECK_KEYSERVER setting to override all else +CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} # update the known_hosts file for the host -monkeysphere update-known_hosts "$HOSTP" +source "${MSHAREDIR}/update_known_hosts" +update_known_hosts "$HOSTP" # output on depending on the return of the update-known_hosts # subcommand, which is (ultimately) the return code of the -- cgit v1.2.3 From dd1914ec0225cca711508dfd1351502040b6ec87 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 01:17:11 -0500 Subject: made gpg_sphere use --quiet again, and now doing more explicit extraction of key fingerprint during add-certifier from file. --- src/monkeysphere-authentication | 4 ++-- src/share/common | 11 +++++++++++ src/share/ma/add_certifier | 29 +++++++++-------------------- 3 files changed, 22 insertions(+), 22 deletions(-) (limited to 'src/share') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index e8b11a4..e7a0580 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -84,8 +84,8 @@ gpg_core() { gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME - - su_monkeysphere_user "gpg --no-greeting --no-tty $@" + + su_monkeysphere_user "gpg --no-greeting --quiet --no-tty $@" } # output to stdout the core fingerprint from the gpg core secret diff --git a/src/share/common b/src/share/common index 6b7d51b..b78f64a 100644 --- a/src/share/common +++ b/src/share/common @@ -1100,3 +1100,14 @@ process_authorized_user_ids() { update_authorized_keys "${userIDs[@]}" } + +# takes a gpg key or keys on stdin, and outputs a list of +# fingerprints, one per line: +list_primary_fingerprints() { + local file="$1" + local fake=$(msmktempdir) + GNUPGHOME="$fake" gpg --no-tty --quiet --import + GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ + awk -F: '/^fpr:/{ print $10 }' + rm -rf "$fake" +} diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index b917a74..e543d94 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -67,28 +67,17 @@ if [ -z "$keyID" ] ; then fi if [ -f "$keyID" ] ; then log info "Reading key from file '$keyID':" - importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) || \ - failure "There were no gpg keys in the file $keyID." - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + + fingerprints=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + + keyID="$fingerprints" else # get the key from the key server log debug "retrieving key from keyserver..." -- cgit v1.2.3 From 4465c13b93d3d4bc1cb59c5506775b4fc0274058 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 01:20:33 -0500 Subject: tweak some of the prompting, to change defaults, and add PROMPT usage where missing --- src/share/m/gen_subkey | 12 ++++++++---- src/share/ma/add_certifier | 2 +- src/share/ma/remove_certifier | 2 +- src/share/mh/add_hostname | 4 ++-- src/share/mh/add_revoker | 2 +- src/share/mh/publish_key | 4 ++-- src/share/mh/revoke_hostname | 4 ++-- src/share/mh/set_expire | 2 +- 8 files changed, 18 insertions(+), 14 deletions(-) (limited to 'src/share') diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index 19d384d..d926ad5 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -86,12 +86,16 @@ Type '$PGRM help' for usage." fi # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then - echo "A valid authentication key already exists for primary key '$keyID'." - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then + log error "A valid authentication key already exists for primary key '$keyID'." + if [ "$PROMPT" = "true" ] ; then + read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + break + else failure "aborting." fi - break fi done diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index b917a74..9865e5c 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -111,7 +111,7 @@ gpg_sphere "--fingerprint 0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" - read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N} + read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not added." fi diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 10aa67b..95f6dff 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -27,7 +27,7 @@ fi gpg_core --list-key --fingerprint "0x${keyID}!" || failure if [ "$PROMPT" = "true" ] ; then - read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N} + read -p "Really remove above listed identity certifier? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 70bbec3..0da6a06 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -34,8 +34,8 @@ find_host_userid > /dev/null && \ if [ "$PROMPT" = "true" ] ; then echo "The following user ID will be added to the host key:" echo " $userID" - read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Are you sure you would like to add this user ID? (Y/n) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "User ID not added." fi else diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index bdcb749..21dc0bb 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -79,7 +79,7 @@ gpg_host --fingerprint "0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" - read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} + read -p "revoker of the host key? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "revoker not added." fi diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 37b8a72..05faa0b 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -18,8 +18,8 @@ publish_key() { local GNUPGHOME if [ "$PROMPT" = "true" ] ; then - read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Really publish host key to $KEYSERVER? (Y/n) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "key not published." fi else diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 77f1f0d..92383a0 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -45,8 +45,8 @@ uidIndex=$(find_host_userid) || \ if [ "$PROMPT" = "true" ] ; then echo "The following host key user ID will be revoked:" echo " $userID" - read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} - if [ ${OK/y/Y} != 'Y' ] ; then + read -p "Are you sure you would like to revoke this user ID? (N/y) " OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then failure "User ID not revoked." fi else diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index ae7c13a..63e5c55 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -22,7 +22,7 @@ local extendTo extendTo=$(get_gpg_expiration "$1") if [ "$PROMPT" = "true" ] ; then - read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N} + read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "expiration not set." fi -- cgit v1.2.3 From ca854b125a6088b3ee89ddb0927630e5a44911be Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 01:49:30 -0500 Subject: shipping transition script; requiring manual version synchronization between common and the changelog (until we come up with a more general templating build process) --- Makefile | 4 ++-- src/share/common | 2 +- tests/basic | 16 ++++++++++++++++ 3 files changed, 19 insertions(+), 3 deletions(-) (limited to 'src/share') diff --git a/Makefile b/Makefile index 59b8887..a8cd4d0 100755 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Makefile for monkeysphere -# (c) 2008 Daniel Kahn Gillmor +# (c) 2008-2009 Daniel Kahn Gillmor # Licensed under GPL v3 or later MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` @@ -29,7 +29,6 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/share/common cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) @@ -54,6 +53,7 @@ install: all installman install src/monkeysphere src/keytrans/openpgp2ssh src/keytrans/pem2openpgp $(DESTDIR)$(PREFIX)/bin install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/transition* $(DESTDIR)$(PREFIX)/share/monkeysphere install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma diff --git a/src/share/common b/src/share/common index b78f64a..b45363a 100644 --- a/src/share/common +++ b/src/share/common @@ -21,7 +21,7 @@ SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} export SYSCONFIGDIR # monkeysphere version -VERSION=__VERSION__ +VERSION=0.23~pre ######################################################################## ### UTILITY FUNCTIONS diff --git a/tests/basic b/tests/basic index 9ae9c1c..dea393f 100755 --- a/tests/basic +++ b/tests/basic @@ -26,6 +26,7 @@ source "$TESTDIR"/common ## test has *more* requirements than plain ol' monkeysphere: which socat >/dev/null || { echo "You must have socat installed to run this test." ; exit 1; } + ## FIXME: other checks? ###################################################################### @@ -123,6 +124,21 @@ export SOCKET="$TEMPDIR"/ssh-socket # *anything* with any running X11 session. export DISPLAY=monkeys +## make sure that the version number matches the debian changelog +## (don't bother if this is being run from the tests). + +if [ -f "$TESTDIR"/../packaging/debian/changelog ]; then + echo "##################################################" + echo "### checking version string match..." + repver=$(monkeysphere version) + debver=$(head -n1 "$TESTDIR"/../packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/') + if [ "$repver" = "$debver" ] ; then + echo "Versions match!" + else + printf "reported version string (%s) does not match debian changelog (%s)\n" "$repver" "$debver" + exit 1 + fi +fi ###################################################################### ### CONFIGURE ENVIRONMENTS -- cgit v1.2.3 From a5b856642557d0a8463aa7ca26a6e3f898a8ac54 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 02:02:19 -0500 Subject: making clearer comments in the transition script, invoking from postinst for debian. --- packaging/debian/monkeysphere.postinst | 3 +++ src/share/common | 2 +- src/transition_0.22_0.23 | 26 +++++++++++++++++++++----- 3 files changed, 25 insertions(+), 6 deletions(-) (limited to 'src/share') diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 8e79771..efa7fb4 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -17,6 +17,9 @@ if ! getent passwd monkeysphere >/dev/null ; then monkeysphere fi +# try to transition from 0.22 to 0.23: +/usr/share/monkeysphere/transition_0.22_0.23 + # setup monkeysphere authentication monkeysphere-authentication setup diff --git a/src/share/common b/src/share/common index b45363a..a2f4494 100644 --- a/src/share/common +++ b/src/share/common @@ -8,7 +8,7 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# Copyright 2008, released under the GPL, version 3 or later +# Copyright 2008-2009, released under the GPL, version 3 or later # all-caps variables are meant to be user supplied (ie. from config # file) and are considered global diff --git a/src/transition_0.22_0.23 b/src/transition_0.22_0.23 index 12ef1d2..e1c9e9e 100755 --- a/src/transition_0.22_0.23 +++ b/src/transition_0.22_0.23 @@ -1,10 +1,24 @@ #!/bin/bash -# this script should run without any errors. -set -e - # This is a post-install script for monkeysphere, to transition an old -# (<0.23) setup to the new (>=0.23) setup +# (<0.23) setup to the new (>=0.23) setup. + +# You should be able to run this script after any version >= 0.23 is +# installed. This script should be well-behaved, even if it is run +# repeatedly. + +# Written by +# Jameson Rollins +# Daniel Kahn Gillmor +# +# Copyright 2009, released under the GPL, version 3 or later + +# NOTE: the reverse operation (downgrading) is not directly supported, +# and MAY LOCK YOU OUT OF YOUR SYSTEM, depending on how you have +# configured the monkeysphere! + +# any unexpected errors should cause this script to bail: +set -e SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} @@ -29,7 +43,9 @@ is_domain_name() { printf "%s" "$1" | egrep -q '^[[:alnum:]][[:alnum:]-.]*[[:alnum:]]$' } -# run the authentication setup +# run the authentication setup (this is also the first chance to bail +# if 0.23 is not fully-installed, because m-a did not exist before +# 0.23) monkeysphere-authentication setup # before 0.23, the old gnupg-host data directory used to contain the -- cgit v1.2.3 From 07e96da7841640d7f38318faec682fb4da1ba7d0 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 01:40:19 -0500 Subject: add some log debug redirects --- src/share/ma/add_certifier | 2 +- src/share/ma/setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 1b484f5..bd41f23 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -148,7 +148,7 @@ if echo "$ltsignCommand" | \ # update the sphere trustdb log debug "updating sphere trustdb..." - gpg_sphere "--check-trustdb" + gpg_sphere "--check-trustdb" 2>&1 | log debug log info "Identity certifier added." else diff --git a/src/share/ma/setup b/src/share/ma/setup index 248406f..441df28 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -80,7 +80,7 @@ EOF # ensure that the authentication sphere checker has absolute ownertrust on the expected key. log debug "setting ultimate owner trust on core key in gpg_sphere..." printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust" - gpg_sphere "--export-ownertrust" + gpg_sphere "--export-ownertrust" 2>&1 | log debug # check the owner trust log debug "checking gpg_sphere owner trust set properly..." -- cgit v1.2.3 From 771cbc184298f4e698dd960386cb1b9259746c34 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 02:05:05 -0500 Subject: add PROMPT respect in get_gpg_expiration --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index d185fdd..31f8ddd 100644 --- a/src/share/common +++ b/src/share/common @@ -291,7 +291,7 @@ get_gpg_expiration() { keyExpire="$1" - if [ -z "$keyExpire" ]; then + if [ -z "$keyExpire" -a "$PROMPT" = 'true' ]; then cat >&2 < Date: Thu, 19 Feb 2009 02:50:38 -0500 Subject: fail if hostname can not be determined in import_key --- src/share/mh/import_key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/mh/import_key b/src/share/mh/import_key index cca40fa..bca7319 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -21,7 +21,7 @@ hostName="$1" # use the default hostname if not specified if [ -z "$hostName" ] ; then - hostName=$(hostname -f) + hostName=$(hostname -f) || failure "Could not determine hostname." # test that the domain is not obviously illegitimate domain=${foo##*.} case $domain in -- cgit v1.2.3 From 46f3e179ad569e247b85d86933ef1782fd1379f6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 03:49:23 -0500 Subject: fix CHECK_KEYSERVER variable in monkeysphere, so the default is correct for proxycommand, and fix an errant bad line in proxycommand. --- src/monkeysphere | 8 ++++++-- src/share/m/ssh_proxycommand | 1 - 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src/share') diff --git a/src/monkeysphere b/src/monkeysphere index a626a8e..992ca06 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -69,6 +69,10 @@ KNOWN_HOSTS="${HOME}/.ssh/known_hosts" HASH_KNOWN_HOSTS="true" AUTHORIZED_KEYS="${HOME}/.ssh/authorized_keys" +# unset the check keyserver variable, since that needs to have +# different defaults for the different functions +unset CHECK_KEYSERVER + # load global config [ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] \ && . "${SYSCONFIGDIR}/monkeysphere.conf" @@ -115,7 +119,7 @@ shift case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') # whether or not to check keyservers - CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} # if hosts are specified on the command line, process just # those hosts @@ -133,7 +137,7 @@ case $COMMAND in 'update-authorized_keys'|'update-authorized-keys'|'a') # whether or not to check keyservers - CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} # process authorized_user_ids file process_authorized_user_ids "$AUTHORIZED_USER_IDS" diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 29040d8..d7e801e 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -200,7 +200,6 @@ fi CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} # update the known_hosts file for the host -source "${MSHAREDIR}/update_known_hosts" update_known_hosts "$HOSTP" # output on depending on the return of the update-known_hosts -- cgit v1.2.3 From 85c1f65ccd66be7f7ca939729f84bfab0603fdab Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 04:30:47 -0500 Subject: added msmktempfile; got rid of /dev/stdin assumption in ssh_proxycommand for portability --- src/share/common | 9 +++++++-- src/share/m/ssh_proxycommand | 8 ++++---- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index 1c16ac6..bfe73a3 100644 --- a/src/share/common +++ b/src/share/common @@ -149,9 +149,14 @@ cutline() { head --line="$1" "$2" | tail -1 } -# make a temporary directly +# make a temporary directory msmktempdir() { - mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX + mktemp -d ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX +} + +# make a temporary file +msmktempfile() { + mktemp ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX } # this is a wrapper for doing lock functions. diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index d7e801e..e07b637 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -64,11 +64,11 @@ An OpenPGP key matching the ssh key offered by the host was found: EOF - # do some crazy "Here Strings" redirection to get the key to - # ssh-keygen, since it doesn't read from stdin cleanly - sshFingerprint=$(ssh-keygen -l -f /dev/stdin \ - <<<$(echo "$sshKeyGPG") | \ + sshKeyGPGFile=$(msmktempfile) + printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile" + sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" \ awk '{ print $2 }') + rm -f "$sshKeyGPGFile" # get the sigs for the matching key gpgSigOut=$(gpg --check-sigs \ -- cgit v1.2.3 From 9b66b19a701fa74d90d5f3b3325e2c8fdd173549 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 04:55:46 -0500 Subject: do not show uid validity for gpg authentication core, since the core has no ultimate ownertrust --- src/share/ma/remove_certifier | 2 +- src/share/ma/setup | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 95f6dff..a9a1451 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -27,7 +27,7 @@ fi gpg_core --list-key --fingerprint "0x${keyID}!" || failure if [ "$PROMPT" = "true" ] ; then - read -p "Really remove above listed identity certifier? (Y/n) " OK; OK=${OK:-Y} + read -p "Really remove the identity certifier above? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not removed." fi diff --git a/src/share/ma/setup b/src/share/ma/setup index 441df28..f3d462a 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -29,7 +29,6 @@ setup() { # This file is maintained by the Monkeysphere software. # Edits will be overwritten. no-greeting -list-options show-uid-validity EOF log debug "writing sphere gpg.conf..." -- cgit v1.2.3 From 39996655a57ca3167e733d0a0457941ae4060270 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 05:03:05 -0500 Subject: avoid chown -R, explicitly indicate the files we expect to be changed. --- src/share/ma/setup | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/setup b/src/share/ma/setup index f3d462a..54ab5be 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -42,9 +42,8 @@ EOF # make sure the monkeysphere user owns everything in the sphere # gnupghome - log debuf "fixing sphere gnupg home ownership..." - chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" - chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" + log debug "fixing sphere gnupg home ownership..." + chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(core_fingerprint) -- cgit v1.2.3 From 481d4d4308bdd5c352d877211dab0ef1d13d7a56 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 05:08:57 -0500 Subject: fix permissions and ownership on authentication directories. --- src/share/ma/setup | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/ma/setup b/src/share/ma/setup index 54ab5be..1685e5d 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -13,13 +13,17 @@ setup() { # make all needed directories + log debug "make authentication directory structure..." mkdir -p "${MADATADIR}" + chmod 750 "${MADATADIR}" + chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" mkdir -p "${MATMPDIR}" + chmod 750 "${MATMPDIR}" + chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" chmod 700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" chmod 700 "${GNUPGHOME_SPHERE}" - mkdir -p "${SYSDATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? -- cgit v1.2.3 From 930822a6e672c28c06f78e9d8250cda07248f129 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 05:14:50 -0500 Subject: more fix permissions and ownership on authentication directories. --- src/share/ma/setup | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/setup b/src/share/ma/setup index 1685e5d..8929871 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -15,15 +15,16 @@ setup() { # make all needed directories log debug "make authentication directory structure..." mkdir -p "${MADATADIR}" - chmod 750 "${MADATADIR}" + chmod 0750 "${MADATADIR}" chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" mkdir -p "${MATMPDIR}" - chmod 750 "${MATMPDIR}" + chmod 0750 "${MATMPDIR}" chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}" mkdir -p "${GNUPGHOME_CORE}" - chmod 700 "${GNUPGHOME_CORE}" + chmod 0700 "${GNUPGHOME_CORE}" mkdir -p "${GNUPGHOME_SPHERE}" - chmod 700 "${GNUPGHOME_SPHERE}" + chmod 0700 "${GNUPGHOME_SPHERE}" + mkdir -p "${SYSDATADIR}"/authorized_keys # deliberately replace the config files via truncation # FIXME: should we be dumping to tmp files and then moving atomically? -- cgit v1.2.3 From c073811aa573d0e3486c39ed9514c46e0a7a077f Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 12:29:47 -0500 Subject: modify import_key to take the key file to import as an argument. can be '-' to import from stdin. modify man page and test accordingly. --- man/man8/monkeysphere-host.8 | 13 +++++++------ src/monkeysphere-host | 16 ++++++++-------- src/share/mh/import_key | 21 ++++++++++++++++----- tests/basic | 2 +- 4 files changed, 32 insertions(+), 20 deletions(-) (limited to 'src/share') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 6c97315..f33aea6 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,9 +23,10 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP -.B import-key [NAME[:PORT]] -Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is -used to specify the hostname (and port) used in the user ID of the new +.B import-key FILE [NAME[:PORT]] +Import a pem-encoded ssh secret host key from file FILE. If FILE +is '-', then the key will be imported from stdin. NAME[:PORT] is used +to specify the hostname (and port) used in the user ID of the new OpenPGP key. If NAME is not specified, then the system fully-qualified domain name will be used (ie. `hostname -f'). If PORT is not specified, the no port is added to the user ID, which means @@ -35,11 +36,11 @@ port 22 is assumed. `i' may be used in place of `import-key'. Output information about host's OpenPGP and SSH keys. `s' may be used in place of `show-key'. .TP -.B extend-key EXPIRE +.B extend-key [EXPIRE] Extend the validity of the OpenPGP key for the host until EXPIRE from the present. If EXPIRE is not specified, then the user will be -prompted for the extension term. Expiration is specified like GnuPG -does: +prompted for the extension term. Expiration is specified as with +GnuPG: .nf 0 = key does not expire = key expires in n days diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a67715f..9d703c2 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -54,9 +54,9 @@ usage: $PGRM [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg show-key (s) output all host key information - set-expire (e) EXPIRE set host key expiration + set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID add-revoker (o) FINGERPRINT add a revoker to the host key @@ -236,6 +236,12 @@ COMMAND="$1" shift case $COMMAND in + 'import-key'|'i') + check_host_key + source "${MHSHAREDIR}/import_key" + import_key "$@" + ;; + 'show-key'|'show'|'s') check_host_no_key show_key @@ -283,12 +289,6 @@ case $COMMAND in publish_key ;; - 'import-key'|'i') - check_host_key - source "${MHSHAREDIR}/import_key" - import_key "$@" - ;; - 'diagnostics'|'d') load_fingerprint source "${MHSHAREDIR}/diagnostics" diff --git a/src/share/mh/import_key b/src/share/mh/import_key index bca7319..6394ad7 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -13,11 +13,13 @@ import_key() { +local sshKeyFile local hostName local domain local userID -hostName="$1" +sshKeyFile="$1" +hostName="$2" # use the default hostname if not specified if [ -z "$hostName" ] ; then @@ -42,10 +44,19 @@ mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -log verbose "importing ssh key..." -# translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import +# import ssh key to a private key +if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." +elif [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_host --import +else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + <"$sshKeyFile" \ + | gpg_host --import +fi # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key diff --git a/tests/basic b/tests/basic index dea393f..0b91531 100755 --- a/tests/basic +++ b/tests/basic @@ -185,7 +185,7 @@ EOF echo "##################################################" echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host import-key testhost < "$TEMPDIR"/ssh_host_rsa_key +monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key testhost echo "##################################################" echo "### getting host key fingerprint..." -- cgit v1.2.3 From bd64869a3b68ff8a020c381371a8ab1e24a5a0e4 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 15:19:02 -0500 Subject: The monkeysphere {import,gen}_subkey functions were not up-to-date. did a lot of work to bring them up-to-date, and better handle argument checking. also updated man page, changelog, and tests/basic. --- man/man1/monkeysphere.1 | 41 ++++++++++++++--------- packaging/debian/changelog | 6 ++-- src/monkeysphere | 82 ++++++++++++++++++++++++++++++++++++++++++--- src/share/m/gen_subkey | 83 ++++++++-------------------------------------- src/share/m/import_subkey | 62 ++++++++++++++++++---------------- src/share/mh/import_key | 9 +++-- tests/basic | 2 +- 7 files changed, 161 insertions(+), 124 deletions(-) (limited to 'src/share') diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 3ed43e1..345e1d8 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -56,24 +56,32 @@ ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of `update-authorized_keys'. .TP +.B import-subkey FILE [KEYID] +Import an existing ssh RSA key as an authentication subkey for a +private key in your GnuPG keyring. KEYID is the key ID for the +primary key for which the subkey with "authentication" capability will +be imported. If no key ID is specified, but only one key exists in +the secret keyring, that key will be used. `i' may be used in place +of `import-subkey'. +.TP .B gen-subkey [KEYID] Generate an authentication subkey for a private key in your GnuPG -keyring. For the primary key with the specified key ID, generate a -subkey with "authentication" capability that can be used for -monkeysphere transactions. An expiration length can be specified with -the `-e' or `--expire' option (prompt otherwise). If no key ID is +keyring. KEYID is the key ID for the primary key for which the subkey +with "authentication" capability will be generated. If no key ID is specified, but only one key exists in the secret keyring, that key -will be used. `g' may be used in place of `gen-subkey'. +will be used. The length of the generated key can be specified with +the `--length` or `-l` option. `g' may be used in place of +`gen-subkey'. .TP .B ssh-proxycommand -an ssh proxy command that can be used -to trigger a monkeysphere update of the ssh known_hosts file for a -host that is being connected to with ssh. This works by updating the -known_hosts file for the host first, before an attempted connection to -the host is made. Once the known_hosts file has been updated, a TCP -connection to the host is made by exec'ing netcat(1). Regular ssh -communication is then done over this netcat TCP connection (see -ProxyCommand in ssh_config(5) for more info). +An ssh ProxyCommand that can be used to trigger a monkeysphere update +of the ssh known_hosts file for a host that is being connected to with +ssh. This works by updating the known_hosts file for the host first, +before an attempted connection to the host is made. Once the +known_hosts file has been updated, a TCP connection to the host is +made by exec'ing netcat(1). Regular ssh communication is then done +over this netcat TCP connection (see ProxyCommand in ssh_config(5) for +more info). This command is meant to be run as the ssh "ProxyCommand". This can either be done by specifying the proxy command on the command line: @@ -108,9 +116,10 @@ change in the future, possibly by adding a deferred check, so that hosts that go from non-monkeysphere-enabled to monkeysphere-enabled will be properly checked. -Setting the MONKEYSPHERE_CHECK_KEYSERVER -variable (to `true' or `false') will override the keyserver-checking policy -defined above. +Setting the CHECK_KEYSERVER variable in the config file or the +MONKEYSPHERE_CHECK_KEYSERVER environment variable to either `true' or +`false' will override the keyserver-checking policy defined above and +either always or never check the keyserver for host key updates. .TP .B subkey-to-ssh-agent [ssh-add arguments] diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 6a9ea18..fc317d9 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -16,12 +16,12 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low functions that require it to be there. * get rid of getopts dependency * added version output option - * check that existing authentication keys are valid in gen_key - function. + * better checks on validity of existing authentication subkeys when + doing monkeysphere {import,gen}_subkey. * add transition infrastructure for major changes between releases (see transitions/README.txt) - -- Daniel Kahn Gillmor Thu, 19 Feb 2009 02:14:44 -0500 + -- Jameson Graef Rollins Thu, 19 Feb 2009 15:11:04 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/monkeysphere b/src/monkeysphere index 992ca06..4169f2a 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -45,12 +45,9 @@ Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file - import-subkey (i) import existing ssh key as gpg subkey - --keyfile (-f) FILE key file to import - --expire (-e) EXPIRE date to expire + import-subkey (i) FILE [KEYID] import existing ssh key as gpg subkey gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) - --expire (-e) EXPIRE date to expire ssh-proxycommand monkeysphere ssh ProxyCommand subkey-to-ssh-agent (s) store authentication subkey in ssh-agent version (v) show version number @@ -59,6 +56,83 @@ subcommands: EOF } +# take a secret key ID and check that only zero or one ID is provided, +# and that it corresponds to only a single secret key ID +check_gpg_sec_key_id() { + local gpgSecOut + + case "$#" in + 0) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') + ;; + 1) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure + ;; + *) + failure "You must specify only a single primary key ID." + ;; + esac + + # check that only a single secret key was found + case $(echo "$gpgSecOut" | grep -c '^sec:') in + 0) + failure "No secret keys found. Create an OpenPGP key with the following command: + gpg --gen-key" + ;; + 1) + echo "$gpgSecOut" | cut -d: -f5 + ;; + *) + echo "Multiple primary secret keys found:" | log error + echo "$gpgSecOut" | cut -d: -f5 | log error + echo "Please specify which primary key to use." | log error + failure + ;; + esac +} + +# check that a valid authentication subkey does not already exist +check_gpg_authentication_subkey() { + local keyID + local IFS + local line + local type + local validity + local usage + + keyID="$1" + + # check that a valid authentication key does not already exist + IFS=$'\n' + for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do + type=$(echo "$line" | cut -d: -f1) + validity=$(echo "$line" | cut -d: -f2) + usage=$(echo "$line" | cut -d: -f12) + + # look at keys only + if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then + continue + fi + # check for authentication capability + if ! check_capability "$usage" 'a' ; then + continue + fi + # if authentication key is valid, prompt to continue + if [ "$validity" = 'u' ] ; then + log error "A valid authentication key already exists for primary key '$keyID'." + if [ "$PROMPT" = "true" ] ; then + read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + break + else + failure "aborting." + fi + fi + done +} + ######################################################################## # MAIN ######################################################################## diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index d926ad5..7c3ebb7 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -15,10 +15,10 @@ gen_subkey(){ local keyLength - local keyExpire + local gpgSecOut local keyID - local gpgOut - local userID + local editCommands + local fifoDir # get options while true ; do @@ -27,10 +27,6 @@ gen_subkey(){ keyLength="$2" shift 2 ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -41,67 +37,11 @@ Type '$PGRM help' for usage." esac done - case "$#" in - 0) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') - ;; - 1) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure - ;; - *) - failure "You must specify only a single primary key ID." - ;; - esac - - # check that only a single secret key was found - case $(echo "$gpgSecOut" | grep -c '^sec:') in - 0) - failure "No secret keys found. Create an OpenPGP key with the following command: - gpg --gen-key" - ;; - 1) - keyID=$(echo "$gpgSecOut" | cut -d: -f5) - ;; - *) - echo "Multiple primary secret keys found:" - echo "$gpgSecOut" | cut -d: -f5 - failure "Please specify which primary key to use." - ;; - esac + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") - # check that a valid authentication key does not already exist - IFS=$'\n' - for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do - type=$(echo "$line" | cut -d: -f1) - validity=$(echo "$line" | cut -d: -f2) - usage=$(echo "$line" | cut -d: -f12) - - # look at keys only - if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then - continue - fi - # check for authentication capability - if ! check_capability "$usage" 'a' ; then - continue - fi - # if authentication key is valid, prompt to continue - if [ "$validity" = 'u' ] ; then - log error "A valid authentication key already exists for primary key '$keyID'." - if [ "$PROMPT" = "true" ] ; then - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "aborting." - fi - break - else - failure "aborting." - fi - fi - done - - # set subkey defaults - # prompt about key expiration if not specified - keyExpire=$(get_gpg_expiration "$keyExpire") + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" # generate the list of commands that will be passed to edit-key editCommands=$(cat < Date: Thu, 19 Feb 2009 15:31:17 -0500 Subject: add a gpg_user function in monkeysphere to add some gpg quieting option, and use it in all gpg invocations. add a trap to subkey_to_ssh_agent. --- src/monkeysphere | 13 +++++++++---- src/share/m/gen_subkey | 2 +- src/share/m/import_subkey | 4 ++-- src/share/m/ssh_proxycommand | 6 +++--- src/share/m/subkey_to_ssh_agent | 13 ++++++++----- 5 files changed, 23 insertions(+), 15 deletions(-) (limited to 'src/share') diff --git a/src/monkeysphere b/src/monkeysphere index 4169f2a..cac9a02 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -56,6 +56,11 @@ subcommands: EOF } +# user gpg command to define common options +gpg_user() { + gpg --no-greeting --quiet --no-tty "$@" +} + # take a secret key ID and check that only zero or one ID is provided, # and that it corresponds to only a single secret key ID check_gpg_sec_key_id() { @@ -63,10 +68,10 @@ check_gpg_sec_key_id() { case "$#" in 0) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') + gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') ;; 1) - gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure + gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure ;; *) failure "You must specify only a single primary key ID." @@ -104,7 +109,7 @@ check_gpg_authentication_subkey() { # check that a valid authentication key does not already exist IFS=$'\n' - for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do + for line in $(gpg_user --fixed-list-mode --list-keys --with-colons "$keyID") ; do type=$(echo "$line" | cut -d: -f1) validity=$(echo "$line" | cut -d: -f2) usage=$(echo "$line" | cut -d: -f12) @@ -119,7 +124,7 @@ check_gpg_authentication_subkey() { fi # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then - log error "A valid authentication key already exists for primary key '$keyID'." + echo "A valid authentication key already exists for primary key '$keyID'." if [ "$PROMPT" = "true" ] ; then read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index 7c3ebb7..dbd9dd6 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -64,7 +64,7 @@ EOF (umask 077 && mkfifo "$fifoDir/pass") log verbose "generating subkey..." - echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index d71c258..f3ca957 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -43,11 +43,11 @@ import_subkey() { if [ "$sshKeyFile" = '-' ] ; then log verbose "importing ssh key from stdin..." ssh2openpgp \ - | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & else log verbose "importing ssh key from file '$sshKeyFile'..." ssh2openpgp <"$sshKeyFile" \ - | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & fi # get the password if needed diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index e07b637..d2b4527 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -43,7 +43,7 @@ EOF # found? # get the gpg info for userid - gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ + gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) @@ -71,7 +71,7 @@ EOF rm -f "$sshKeyGPGFile" # get the sigs for the matching key - gpgSigOut=$(gpg --check-sigs \ + gpgSigOut=$(gpg_user --check-sigs \ --list-options show-uid-validity \ "$keyid") @@ -171,7 +171,7 @@ URI="ssh://${HOSTP}" # CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... -if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then +if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then # do not check the keyserver CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index a92718e..818f4f7 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -46,7 +46,8 @@ For more details, see: # get list of secret keys (to work around bug # https://bugs.g10code.com/gnupg/issue945): - secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \ + secretkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ + --fingerprint | \ grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }') if [ -z "$secretkeys" ]; then @@ -54,7 +55,7 @@ For more details, see: You might want to run 'gpg --gen-key'." fi - authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \ + authsubkeys=$(gpg_user --list-secret-keys --with-colons --fixed-list-mode \ --fingerprint --fingerprint $secretkeys | \ cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \ grep '^fpr::' | cut -f3 -d: | sort -u) @@ -65,6 +66,7 @@ You might want to 'monkeysphere gen-subkey'" fi workingdir=$(msmktempdir) + trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" keysuccess=1 @@ -79,19 +81,19 @@ You might want to 'monkeysphere gen-subkey'" # fingerprint, but filtering out all / characters to make sure # the filename is legit. - primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) + primaryuid=$(gpg_user --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /) #kname="[monkeysphere] $primaryuid" kname="$primaryuid" if [ "$1" = '-d' ]; then # we're removing the subkey: - gpg --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" + gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" (cd "$workingdir" && ssh-add -d "$kname") else # we're adding the subkey: mkfifo "$workingdir/$kname" - gpg --quiet --passphrase-fd 3 3<"$workingdir/passphrase" \ + gpg_user --passphrase-fd 3 3<"$workingdir/passphrase" \ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ --export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" & (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" Date: Thu, 19 Feb 2009 15:46:23 -0500 Subject: the import_subkey function was in fact not implement at all. MUST FIX! --- src/share/m/import_subkey | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index f3ca957..1823f71 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -33,6 +33,9 @@ import_subkey() { # check that an authentication subkey does not already exist check_gpg_authentication_subkey "$keyID" + # FIXME: implement! + failure "implement me!" + # setup the temp fifo dir for retrieving the key password log debug "creating password fifo..." fifoDir=$(msmktempdir) @@ -42,11 +45,11 @@ import_subkey() { # import ssh key to as authentication subkey if [ "$sshKeyFile" = '-' ] ; then log verbose "importing ssh key from stdin..." - ssh2openpgp \ + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & else log verbose "importing ssh key from file '$sshKeyFile'..." - ssh2openpgp <"$sshKeyFile" \ + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$sshKeyFile" \ | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & fi -- cgit v1.2.3 From 6c048ca2dc8ca4ae7708ce8ee5c578ab4ed73c8b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 18:14:13 -0500 Subject: Modify/cleanup add_certifier and add_revoker, so that their code base is more similar, and so that they can read keys from stdin instead of just from a file. Also fix the permissions on the tempdir in publish_key. --- man/man8/monkeysphere-authentication.8 | 5 ++- man/man8/monkeysphere-host.8 | 7 ++-- src/monkeysphere-authentication | 2 +- src/monkeysphere-host | 2 +- src/share/common | 1 - src/share/ma/add_certifier | 39 ++++++++++++++------ src/share/mh/add_revoker | 65 ++++++++++++++++++++-------------- src/share/mh/publish_key | 2 ++ 8 files changed, 80 insertions(+), 43 deletions(-) (limited to 'src/share') diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 38df65d..361822d 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -37,8 +37,11 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP -.B add-id-certifier KEYID +.B add-id-certifier KEYID|FILE Instruct system to trust user identity certifications made by KEYID. +The key ID will be loaded from the keyserver. A file may be loaded +instead of pulling the key from the keyserver by specifying the path +to the file as the argument, or by specifying `-` to load from stdin. Using the `-n' or `--domain' option allows you to indicate that you only trust the given KEYID to make identifications within a specific domain (e.g. "trust KEYID to certify user identities within the diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index f33aea6..2b71807 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -58,8 +58,11 @@ place of `add-hostname'. Revoke a hostname user ID from the server host key. `n-' may be used in place of `revoke-hostname'. .TP -.B add-revoker FINGERPRINT -Add a revoker to the host's OpenPGP key. `o' may be be used in place +.B add-revoker KEYID|FILE +Add a revoker to the host's OpenPGP key. The key ID will be loaded +from the keyserver. A file may be loaded instead of pulling the key +from the keyserver by specifying the path to the file as the argument, +or by specifying `-` to load from stdin. `o' may be be used in place of `add-revoker'. .TP .B revoke-key diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 22cd018..497470d 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -57,7 +57,7 @@ Monkeysphere authentication admin tool. subcommands: update-users (u) [USER]... update user authorized_keys files - add-id-certifier (c+) KEYID import and tsign a certification key + add-id-certifier (c+) [KEYID|FILE] import and tsign a certification key --domain (-n) DOMAIN limit ID certifications to DOMAIN --trust (-t) TRUST trust level of certifier (full) --depth (-d) DEPTH trust depth for certifier (1) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 9d703c2..4c7df88 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -59,7 +59,7 @@ subcommands: set-expire (e) [EXPIRE] set host key expiration add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (o) FINGERPRINT add a revoker to the host key + add-revoker (o) [KEYID|FILE] add a revoker to the host key revoke-key (r) revoke host key publish-key (p) publish host key to keyserver diff --git a/src/share/common b/src/share/common index bfe73a3..745a861 100644 --- a/src/share/common +++ b/src/share/common @@ -1153,7 +1153,6 @@ process_authorized_user_ids() { # takes a gpg key or keys on stdin, and outputs a list of # fingerprints, one per line: list_primary_fingerprints() { - local file="$1" local fake=$(msmktempdir) GNUPGHOME="$fake" gpg --no-tty --quiet --import GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index bd41f23..024255f 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -62,30 +62,47 @@ Type '$PGRM help' for usage." done keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - fingerprints=$(su_monkeysphere_user \ +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") - if [ $(printf "%s" "$fingerprints" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi - gpg_sphere "--import" < "$keyID" || failure "could not read key from '$keyID'" + # load the key + gpg_sphere "--import" <"$keyID" \ + || failure "could not read key from '$keyID'" - keyID="$fingerprints" + keyID="$fingerprint" + +# else, get the key from the keyserver else - # get the key from the key server - log debug "retrieving key from keyserver..." - gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." + gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." fi -export keyID - # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 21dc0bb..c6f9a58 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -25,48 +25,61 @@ local ltsignCommand local trustval keyID="$1" + +# check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a revoker key, or specify a file to read the key from." fi -if [ -f "$keyID" ] ; then - log info "Reading key from file '$keyID':" - importinfo=$(gpg_host --import < "$keyID" 2>&1) || failure "could not read key from '$keyID'" - # FIXME: if this is tried when the key database is not - # up-to-date, i got these errors (using set -x): - - # ++ su -m monkeysphere -c '\''gpg --import'\'' - # Warning: using insecure memory! - # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported - # gpg: Total number processed: 1 - # gpg: imported: 1 (RSA: 1) - # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied - # gpg: failed to rebuild keyring cache: Permission denied - # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: next trustdb check due at 2009-01-10' - # + failure 'could not read key from '\''/root/dkg.gpg'\''' - # + echo 'could not read key from '\''/root/dkg.gpg'\''' - - keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) - if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + +# if file is specified +if [ -f "$keyID" -o "$keyID" = '-' ] ; then + # load the key from stdin + if [ "$keyID" = '-' ] ; then + local keyID=$(msmktempfile) + trap "rm -f $keyID" EXIT + log verbose "reading key from stdin..." + cat > "$keyID" + + # load the key from the file + elif [ -f "$keyID" ] ; then + log verbose "reading key from file '$keyID'..." + fi + + # check the key is ok as monkeysphere user before loading + fingerprint=$(su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + + if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi + + # load the key + gpg_host --import <"$keyID" \ + || failure "could not read key from '$keyID'" + + keyID="$fingerprint" + +# else, get the key from the keyserver else # create a temporary directory for storing the downloaded key - TMPLOC=$(msmktempdir) || failure "Could not create temporary directory!" + local TMPLOC=$(msmktempdir) + chmod 0700 "$GNUPGHOME" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # download the key from the keyserver as the monkeysphere user + log verbose "searching keyserver $KEYSERVER for keyID $keyID..." su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" + "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." # export the new key to the host keyring + log verbose "loading key $keyID..." su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ | gpg_host --import fi -export keyID - -# get the full fingerprint of the revoker key ID +# get the full fingerprint of new revoker key +log debug "getting fingerprint of revoker key..." fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 05faa0b..b0ffd93 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -28,6 +28,8 @@ fi # create a temporary gnupg directory from which to publish the key export GNUPGHOME=$(msmktempdir) +chmod 0700 "$GNUPGHOME" +chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT -- cgit v1.2.3 From 03cf0966b1fbaefa434b706a65ff6d2d1479f0fd Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 19:01:38 -0500 Subject: fix arg parsing in add_certifier to allow of - for stdin read. --- src/share/ma/add_certifier | 4 ++++ src/share/ma/setup | 2 +- src/share/mh/add_revoker | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 024255f..e2df1d3 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -51,6 +51,9 @@ while true ; do depth="$2" shift 2 ;; + -) + break + ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. @@ -83,6 +86,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then fi # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") diff --git a/src/share/ma/setup b/src/share/ma/setup index 8929871..e77afff 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -13,7 +13,7 @@ setup() { # make all needed directories - log debug "make authentication directory structure..." + log debug "checking authentication directory structure..." mkdir -p "${MADATADIR}" chmod 0750 "${MADATADIR}" chgrp "$MONKEYSPHERE_USER" "${MADATADIR}" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index c6f9a58..2275f61 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -46,6 +46,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then fi # check the key is ok as monkeysphere user before loading + log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") -- cgit v1.2.3 From 8a5413ed44737b39ea132d4670512043593820b2 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 21:04:47 -0500 Subject: diagnostics should now check for cruft from old versions of the monkeysphere. --- src/share/common | 32 ++++++++++++++++++++++++++++++++ src/share/ma/diagnostics | 2 ++ src/share/mh/diagnostics | 2 ++ 3 files changed, 36 insertions(+) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index bfe73a3..05c917f 100644 --- a/src/share/common +++ b/src/share/common @@ -1160,3 +1160,35 @@ list_primary_fingerprints() { awk -F: '/^fpr:/{ print $10 }' rm -rf "$fake" } + + +check_cruft_file() { + local loc="$1" + local version="$2" + + if [ -e "$loc" ] ; then + printf "The file '%s' is no longer used by\nmonkeysphere (as of version %s), and can be removed.\n" "$loc" "$version" | log info + fi +} + +check_upgrade_dir() { + local loc="$1" + local version="$2" + + if [ -d "$loc" ] ; then + printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n" "$loc" "$SYSSHAREDIR" "$version" | log info +} + +## look for cruft from old versions of the monkeysphere, and notice if +## upgrades have not been run: +report_cruft() { + check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23 + check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23 + + check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23 + check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23 + + if ls "${SYSDATADIR}/backup-from-"*"-transition" 2>/dev/null ; then + printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n" | log info + fi +} diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 0411080..7810c56 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -28,6 +28,8 @@ local badhostkeys local sshd_config local problemsfound=0 +report_cruft + if ! id monkeysphere >/dev/null ; then echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." problemsfound=$(($problemsfound+1)) diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index d774723..51530e3 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -28,6 +28,8 @@ local badhostkeys local sshd_config local problemsfound=0 +report_cruft + # FIXME: what's the correct, cross-platform answer? sshd_config=/etc/ssh/sshd_config seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) -- cgit v1.2.3 From 2aa462ad7d94dd60dad494240ffad2450612ea72 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 21:19:19 -0500 Subject: cleaning up output of cruft report --- src/share/common | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index 05c917f..d151e85 100644 --- a/src/share/common +++ b/src/share/common @@ -1167,7 +1167,7 @@ check_cruft_file() { local version="$2" if [ -e "$loc" ] ; then - printf "The file '%s' is no longer used by\nmonkeysphere (as of version %s), and can be removed.\n" "$loc" "$version" | log info + printf "! The file '%s' is no longer used by\n monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info fi } @@ -1176,7 +1176,8 @@ check_upgrade_dir() { local version="$2" if [ -d "$loc" ] ; then - printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n" "$loc" "$SYSSHAREDIR" "$version" | log info + printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info + fi } ## look for cruft from old versions of the monkeysphere, and notice if @@ -1188,7 +1189,14 @@ report_cruft() { check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23 check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23 - if ls "${SYSDATADIR}/backup-from-"*"-transition" 2>/dev/null ; then - printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n" | log info + local found= + for foo in "${SYSDATADIR}/backup-from-"*"-transition" ; do + if [ -d "$foo" ] ; then + printf "! %s\n" "$foo" | log info + found=true + fi + done + if [ "$found" ] ; then + printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info fi } -- cgit v1.2.3 From 9c2e3169069a187b500b69dba75813a8e8b868cb Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 22:06:43 -0500 Subject: clean up the diagnostics functions, check for ID-Certifiers in m-a d --- src/share/ma/diagnostics | 16 ++++++++++++++-- src/share/mh/diagnostics | 35 +++-------------------------------- 2 files changed, 17 insertions(+), 34 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 7810c56..ce463b2 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -47,7 +47,10 @@ if ! [ -d "$MADATADIR" ] ; then exit fi -# FIXME: what's the correct, cross-platform answer? +# FIXME: what's the correct, cross-platform way to determine where +# sshd_config lives? +sshd_config=/etc/ssh/sshd_config + seckey=$(gpg_core --list-secret-keys --fingerprint --with-colons --fixed-list-mode) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -97,7 +100,16 @@ fi # FIXME: look to see that the ownertrust rules are set properly on the # sphere keyring -# FIXME: make sure that at least one identity certifier exists +# make sure that at least one identity certifier exists +echo +echo "Checking for Identity Certifiers..." +if ! monkeysphere-authentication list-identity-certifiers | egrep -q '^[A-F0-9]{40}:' then + echo "! No Identity Certifiers found!" + echo " - Recommendation: once you know who should be able to certify identities for + connecting users, you should add their key, with: + monkeysphere-authentication add-identity-certifier" + problemsfound=$(($problemsfound+1)) +fi # FIXME: look at the timestamps on the monkeysphere-generated # authorized_keys files -- warn if they seem out-of-date. diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 51530e3..2f65f89 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -25,13 +25,10 @@ local expire local uid local fingerprint local badhostkeys -local sshd_config local problemsfound=0 report_cruft -# FIXME: what's the correct, cross-platform answer? -sshd_config=/etc/ssh/sshd_config seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -52,7 +49,7 @@ fi echo "Checking host GPG key..." if (( "$keysfound" < 1 )); then echo "! No host key found." - echo " - Recommendation: run 'monkeysphere-host gen-key' or 'monkeysphere-host import-key'" + echo " - Recommendation: run 'monkeysphere-host import-key'" problemsfound=$(($problemsfound+1)) elif (( "$keysfound" > 1 )); then echo "! More than one host key found?" @@ -116,35 +113,9 @@ else # FIXME: propose adding a revoker to the host key if none exist (do we # have a way to do that after key generation?) - # Ensure that the ssh_host_rsa_key file is present and non-empty: - echo - echo "Checking host SSH key..." - if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then - echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty." - problemsfound=$(($problemsfound+1)) - else - if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then - echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600." - problemsfound=$(($problemsfound+1)) - fi - - # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then - echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)." - echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'" - problemsfound=$(($problemsfound+1)) - fi - if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then - echo "! $sshd_config refers to some non-monkeysphere host keys:" - echo "$badhostkeys" - echo " - Recommendation: remove the above HostKey lines from $sshd_config" - problemsfound=$(($problemsfound+1)) - fi +# FIXME: test (with ssh-keyscan?) that the running ssh +# daemon is actually offering the monkeysphere host key. - # FIXME: test (with ssh-keyscan?) that the running ssh - # daemon is actually offering the monkeysphere host key. - - fi fi # FIXME: look at the ownership/privileges of the various keyrings, -- cgit v1.2.3 From 21e298b8df5108b1337d66ba1a39184be4ce0e4e Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Feb 2009 22:39:00 -0500 Subject: remove import_subkey from monkeysphere usage and man page until we get a chance to fully implement it. --- man/man1/monkeysphere.1 | 8 -------- src/monkeysphere | 1 - src/share/m/import_subkey | 6 +++--- 3 files changed, 3 insertions(+), 12 deletions(-) (limited to 'src/share') diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 345e1d8..887b5df 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -56,14 +56,6 @@ ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of `update-authorized_keys'. .TP -.B import-subkey FILE [KEYID] -Import an existing ssh RSA key as an authentication subkey for a -private key in your GnuPG keyring. KEYID is the key ID for the -primary key for which the subkey with "authentication" capability will -be imported. If no key ID is specified, but only one key exists in -the secret keyring, that key will be used. `i' may be used in place -of `import-subkey'. -.TP .B gen-subkey [KEYID] Generate an authentication subkey for a private key in your GnuPG keyring. KEYID is the key ID for the primary key for which the subkey diff --git a/src/monkeysphere b/src/monkeysphere index cac9a02..a65cef6 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -45,7 +45,6 @@ Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file - import-subkey (i) FILE [KEYID] import existing ssh key as gpg subkey gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) ssh-proxycommand monkeysphere ssh ProxyCommand diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index 1823f71..7333f80 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -19,6 +19,9 @@ import_subkey() { local gpgSecOut local fifoDir + # FIXME: implement! + failure "implement me!" + sshKeyFile="$1" shift @@ -33,9 +36,6 @@ import_subkey() { # check that an authentication subkey does not already exist check_gpg_authentication_subkey "$keyID" - # FIXME: implement! - failure "implement me!" - # setup the temp fifo dir for retrieving the key password log debug "creating password fifo..." fifoDir=$(msmktempdir) -- cgit v1.2.3 From 826bfb547cc82252f18e63a25bb7ee5aeaaebc72 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Feb 2009 22:40:02 -0500 Subject: correcting ssh_proxycommand output. --- src/share/m/ssh_proxycommand | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index e07b637..0a81500 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -66,7 +66,7 @@ EOF sshKeyGPGFile=$(msmktempfile) printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile" - sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" \ + sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \ awk '{ print $2 }') rm -f "$sshKeyGPGFile" -- cgit v1.2.3 From 18f0c19e96b6eb1132e6a412e324f8c2b64762ff Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 20 Feb 2009 00:09:20 -0500 Subject: add_revoker fully working. also cleanup of add_certifier. add_revoker and add_certifier to many similar procedures, so I'm trying to keep them in sync as I figure out the right way to handle things. --- src/share/ma/add_certifier | 69 +++++++++++++++----------------- src/share/mh/add_revoker | 84 +++++++++++++++++++-------------------- website/getting-started-user.mdwn | 6 +-- 3 files changed, 75 insertions(+), 84 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index e2df1d3..f2cadf2 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -31,7 +31,6 @@ local domain= local trust=full local depth=1 local keyID -local importinfo local fingerprint local ltsignCommand local trustval @@ -71,11 +70,25 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi +# check the trust value +case "$trust" in + 'marginal') + trustval=1 + ;; + 'full') + trustval=2 + ;; + *) + failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." + ;; +esac + # if file is specified if [ -f "$keyID" -o "$keyID" = '-' ] ; then # load the key from stdin if [ "$keyID" = '-' ] ; then - local keyID=$(msmktempfile) + # make a temporary file to hold the key from stdin + keyID=$(msmktempfile) trap "rm -f $keyID" EXIT log verbose "reading key from stdin..." cat > "$keyID" @@ -98,54 +111,36 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then gpg_sphere "--import" <"$keyID" \ || failure "could not read key from '$keyID'" - keyID="$fingerprint" - # else, get the key from the keyserver else log verbose "searching keyserver $KEYSERVER for keyID $keyID..." gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." -fi -# get the full fingerprint of new certifier key -log debug "getting fingerprint of certifier key..." -fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ - | grep '^fpr:' | grep "$keyID" | cut -d: -f10) - -if [ -z "$fingerprint" ] ; then - failure "Key '$keyID' not found." -fi - -log info "key found:" -gpg_sphere "--fingerprint 0x${fingerprint}!" - -if [ "$PROMPT" = "true" ] ; then - echo "Are you sure you want to add the above key as a" - read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "Identity certifier not added." + # get the full fingerprint of new certifier key + log debug "getting fingerprint of certifier key..." + fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + + log info "key found:" + gpg_sphere "--fingerprint 0x${fingerprint}!" + + if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Identity certifier not added." + fi + else + log debug "adding key without prompting." fi -else - log debug "adding key without prompting." fi # export the key to the core keyring so that the core can sign the # new certifier key -log debug "exporting retrieved certifier key to core keyring..." +log debug "loading key into core keyring..." gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import -case "$trust" in - 'marginal') - trustval=1 - ;; - 'full') - trustval=2 - ;; - *) - failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." - ;; -esac - # edit-key script to ltsign key # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat < "$keyID" @@ -58,62 +59,57 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then gpg_host --import <"$keyID" \ || failure "could not read key from '$keyID'" - keyID="$fingerprint" - # else, get the key from the keyserver else # create a temporary directory for storing the downloaded key - local TMPLOC=$(msmktempdir) + local GNUPGHOME="$tmpDir" chmod 0700 "$GNUPGHOME" chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" + export GNUPGHOME # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for keyID $keyID..." - su_monkeysphere_user \ - "GNUPGHOME=$TMPLOC gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + su_monkeysphere_user "gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + # get the full fingerprint of new revoker key + log debug "getting fingerprint of revoker key..." + fingerprint=$(su_monkeysphere_user "gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + + log info "key found:" + su_monkeysphere_user "gpg --fingerprint 0x${fingerprint}!" + + if [ "$PROMPT" = "true" ] ; then + echo "Are you sure you want to add the above key as a" + read -p "revoker of the host key? (Y/n) " OK; OK=${OK:-Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "revoker not added." + fi + else + log debug "adding revoker without prompting." + fi + # export the new key to the host keyring - log verbose "loading key $keyID..." - su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --quiet --export 0x${keyID}!" \ + log debug "loading key into host keyring..." + su_monkeysphere_user "gpg --quiet --export 0x${fingerprint}!" \ | gpg_host --import fi -# get the full fingerprint of new revoker key -log debug "getting fingerprint of revoker key..." -fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ - | grep '^fpr:' | grep "$keyID" | cut -d: -f10) - -if [ -z "$fingerprint" ] ; then - failure "Key '$keyID' not found." -fi - -log info "key found:" -gpg_host --fingerprint "0x${fingerprint}!" - -if [ "$PROMPT" = "true" ] ; then - echo "Are you sure you want to add the above key as a" - read -p "revoker of the host key? (Y/n) " OK; OK=${OK:-Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "revoker not added." - fi -else - log debug "adding revoker without prompting." -fi - # edit-key script to add revoker addrevokerCommand=$(cat < Date: Fri, 20 Feb 2009 00:23:35 -0500 Subject: stupid bug fix --- src/share/mh/add_revoker | 1 - 1 file changed, 1 deletion(-) (limited to 'src/share') diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 638f052..239dcfc 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -100,7 +100,6 @@ fi addrevokerCommand=$(cat < Date: Fri, 20 Feb 2009 00:38:59 -0500 Subject: explicitly set GNUPGHOME in su_monkeysphere_user calls to gpg in add_revoker, to avoid any confusion about having GNUPGHOME as a tempdir exported to the environment. --- src/share/mh/add_revoker | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'src/share') diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 239dcfc..428b958 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -61,24 +61,23 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then # else, get the key from the keyserver else - # create a temporary directory for storing the downloaded key - local GNUPGHOME="$tmpDir" - chmod 0700 "$GNUPGHOME" - chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$GNUPGHOME" - export GNUPGHOME + # fix permissions and ownership on temporary directory which will + # be used by monkeysphere user for storing the downloaded key + chmod 0700 "$tmpDir" + chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_USER" "$tmpDir" # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for keyID $keyID..." - su_monkeysphere_user "gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." # get the full fingerprint of new revoker key log debug "getting fingerprint of revoker key..." - fingerprint=$(su_monkeysphere_user "gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \ + fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \ | grep '^fpr:' | grep "$keyID" | cut -d: -f10) log info "key found:" - su_monkeysphere_user "gpg --fingerprint 0x${fingerprint}!" + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a" @@ -92,7 +91,7 @@ else # export the new key to the host keyring log debug "loading key into host keyring..." - su_monkeysphere_user "gpg --quiet --export 0x${fingerprint}!" \ + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \ | gpg_host --import fi -- cgit v1.2.3 From 2401c44bf177ca12f135109eb03b8610313f0218 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 00:50:46 -0500 Subject: document why monkeysphere import-subkey is not yet working. --- src/share/m/import_subkey | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index 7333f80..8d60f26 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -13,6 +13,11 @@ # import an existing ssh key as a gpg subkey +## 2009-02-20 00:49:11-0500: This is not implemented yet, because we +## don't currently have a good way to manipulate the user's OpenPGP +## secret key such that we could make a proper subkey binding +## signature. + import_subkey() { local sshKeyFile local keyID @@ -20,7 +25,7 @@ import_subkey() { local fifoDir # FIXME: implement! - failure "implement me!" + failure "import-subkey is not implemented yet. We welcome patches. Sorry!" sshKeyFile="$1" shift -- cgit v1.2.3 From 076be3a8a16c32dd94e8b2e75359d0ba1d51f352 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 01:02:06 -0500 Subject: clarify revoke_hostname warning --- src/share/mh/revoke_hostname | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index 92383a0..71b56ed 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -28,7 +28,7 @@ if [ -z "$1" ] ; then fi echo "WARNING: There is a known bug in this function." -echo "This function has been known to occasionally revoke the wrong user ID." +echo "This function has been known to occasionally revoke the wrong hostname." echo "Please see the following bug report for more information:" echo "https://labs.riseup.net/code/issues/show/422" read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} -- cgit v1.2.3 From 9b47ae89c3840eb2af9a57a885e19ccbe36957d5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 20 Feb 2009 01:39:29 -0500 Subject: trivial implementation of monkeysphere-host revoke-key: just prints ascii-armored revocation certificate to stdout, and admin is expected to know what to do with it. --- man/man8/monkeysphere-host.8 | 7 +++++-- src/share/mh/revoke_key | 28 ++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 4 deletions(-) (limited to 'src/share') diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 2b71807..2ccaaec 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -66,8 +66,11 @@ or by specifying `-` to load from stdin. `o' may be be used in place of `add-revoker'. .TP .B revoke-key -Revoke the host's OpenPGP key. `r' may be used in place of -`revoke-key'. +Revoke the host's OpenPGP key. This will ask you a series of +questions, and then generate a key revocation certificate on standard +out. If you publish this revocation certificate to the public +keyservers, your host key will be permanently revoked. `r' may be +used in place of `revoke-key'. .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index cccdc22..380236b 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -15,7 +15,31 @@ revoke_key() { -# FIXME: implement! -failure "not implemented yet!" +# Coming in here, we expect $HOST_FINGERPRINT to be set, and we +# believe that there is in fact a key. + # our current implementation is very simple: we just want to + # generate the revocation certificate on stdout. This provides + # for the two most likely (but hopefully not common) scenarios: + + # an admin wants a revocation certificate for the host which they + # can store securely offline. In this case, the admin can + # redirect stdout to a file, or can simply copy/paste or + # transcribe from the terminal. + + # Alternately, an admin might want to publish the revocation + # certificate immediately. here's a quick way to do this: + + + # tmp=$(mktemp -d) + # export GNUPGHOME="$tmp" + # gpg --import < /var/lib/monkeysphere/ssh_host_rsa_key.pub.gpg + # monkeysphere-host revoke-key | gpg --import + # gpg --keyserver pool.sks-keyservers.net --send $(hostname -f) + + + # note: we're not using the gpg_host function because we actually + # want to use gpg's UI in this case, so we want to omit --no-tty + + GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!" } -- cgit v1.2.3