From 0fded72147e60d7193c393e6de68493258501e7a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 27 Mar 2009 18:02:49 -0400 Subject: trying to make m gen-subkey more responsive in the face of errors, and clearer to the user about what is going on. --- src/share/common | 2 ++ src/share/m/gen_subkey | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index d6e4949..c8d44f6 100644 --- a/src/share/common +++ b/src/share/common @@ -304,6 +304,8 @@ passphrase_prompt() { local PASS if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then + printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info + printf '(with prompt "%s")\n' "$prompt" | log debug "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo" else read -s -p "$prompt" PASS diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index a0fa3ce..05004f6 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -57,14 +57,16 @@ save" # setup the temp fifo dir for retrieving the key password log debug "creating password fifo..." fifoDir=$(msmktempdir) - trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - log verbose "generating subkey..." + # FIXME: are we adequately cleaning up any trailing gpg process here? + trap "rm -rf $fifoDir; kill %% || true" EXIT echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + log debug "Prompting for passphrase" # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + log info "Generating subkey. This may take a long time..." trap - EXIT rm -rf "$fifoDir" -- cgit v1.2.3 From c0724b8e7aefd9ced1740a970941928f5b168b2b Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 15:05:36 -0700 Subject: some small compatibility changes: - fix file_hash function to use md5 or md5sum, for Darwin compatibility - use build-in 'type' instead of 'which', which for some reason doesn't behave on Darwin - clean up some redirection calls. --- src/share/common | 26 ++++++++++++++++---------- src/share/m/ssh_proxycommand | 6 +++--- src/share/m/subkey_to_ssh_agent | 2 +- 3 files changed, 20 insertions(+), 14 deletions(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index c8d44f6..04fe4fe 100644 --- a/src/share/common +++ b/src/share/common @@ -147,8 +147,8 @@ lock() { local action="$1" local file="$2" - if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then - if ! ( which lockfile >/dev/null ); then + if ! ( type lockfile-create &>/dev/null ) ; then + if ! ( type lockfile &>/dev/null ); then failure "Neither lockfile-create nor lockfile are in the path!" fi use_lockfileprogs= @@ -197,7 +197,7 @@ advance_date() { local shortunits # try things the GNU way first - if date -d "$number $longunits" "$format" >/dev/null 2>&1; then + if date -d "$number $longunits" "$format" &>/dev/null; then date -d "$number $longunits" "$format" else # otherwise, convert to (a limited version of) BSD date syntax: @@ -252,7 +252,13 @@ check_capability() { # hash of a file file_hash() { - md5sum "$1" 2> /dev/null + if type md5sum &>/dev/null ; then + md5sum "$1" + elif type lockfile &>/dev/null ; then + md5 "$1" + else + failure "Neither md5sum nor md5 are in the path!" + fi } # convert escaped characters in pipeline from gpg output back into @@ -303,7 +309,7 @@ passphrase_prompt() { local fifo="$2" local PASS - if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then + if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info printf '(with prompt "%s")\n' "$prompt" | log debug "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo" @@ -333,7 +339,7 @@ remove_line() { fi # if the string is in the file... - if grep -q -F "$string" "$file" 2> /dev/null ; then + if grep -q -F "$string" "$file" 2>/dev/null ; then tempfile=$(mktemp "${file}.XXXXXXX") || \ failure "Unable to make temp file '${file}.XXXXXXX'" @@ -460,7 +466,7 @@ gpg2ssh() { keyID="$1" - gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null + gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null } # output known_hosts line from ssh key @@ -551,7 +557,7 @@ gpg_fetch_userid() { echo 1,2,3,4,5 | \ gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ - --search ="$userID" > /dev/null 2>&1 + --search ="$userID" &>/dev/null returnCode="$?" return "$returnCode" @@ -811,7 +817,7 @@ process_host_known_hosts() { # hash from stdin to stdout tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) ssh2known_hosts "$host" "$sshKey" > "$tmpfile" - ssh-keygen -H -f "$tmpfile" 2> /dev/null + ssh-keygen -H -f "$tmpfile" 2>/dev/null cat "$tmpfile" >> "$KNOWN_HOSTS" rm -f "$tmpfile" "${tmpfile}.old" else @@ -1093,7 +1099,7 @@ process_authorized_user_ids() { # check permissions on the authorized_user_ids file path check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure - if ! meat "$authorizedUserIDs" > /dev/null ; then + if ! meat "$authorizedUserIDs" >/dev/null ; then log debug " no user IDs to process." return fi diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 77f9d24..74b0f85 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -186,7 +186,7 @@ URI="ssh://${HOSTP}" # CHECK_KEYSERVER variable in the monkeysphere.conf file. # if the host is in the gpg keyring... -if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then +if gpg_user --list-key ="${URI}" &>/dev/null ; then # do not check the keyserver CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"} @@ -253,9 +253,9 @@ esac # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then - if (which nc 2>/dev/null >/dev/null); then + if (type nc &>/dev/null); then exec nc "$HOST" "$PORT" - elif (which socat 2>/dev/null >/dev/null); then + elif (type socat &>/dev/null); then exec socat STDIO "TCP:$HOST:$PORT" else echo "Neither netcat nor socat found -- could not complete monkeysphere-ssh-proxycommand connection to $HOST:$PORT" >&2 diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index aa647a6..edc177b 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -27,7 +27,7 @@ subkey_to_ssh_agent() { local kname # if there's no agent running, don't bother: - if [ -z "$SSH_AUTH_SOCK" ] || ! which ssh-add >/dev/null ; then + if [ -z "$SSH_AUTH_SOCK" ] || ! type ssh-add >/dev/null ; then failure "No ssh-agent available." fi -- cgit v1.2.3 From 12f30bbed9bb66ea561298259e42a198195235fc Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 17:59:08 -0700 Subject: use /usr/bin/env to call perl in keytrans shebang. --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/keytrans b/src/share/keytrans index 8b2e2ea..d9830f4 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w -T +#!/usr/bin/env perl -w -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From ae60b830b1a1354acd458a1cf593bd92bd8e8a00 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 19:38:35 -0700 Subject: undo perl shebang line change i just made, since the '-w -T' options don't seem to work with /usr/bin/env --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/keytrans b/src/share/keytrans index d9830f4..8b2e2ea 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/env perl -w -T +#!/usr/bin/perl -w -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From 792b299e0850dfa3ab1072760f9e82febd81c366 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 5 Apr 2009 19:41:13 -0700 Subject: fix typo in check_key_file_permissions function --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index 04fe4fe..1ce07fc 100644 --- a/src/share/common +++ b/src/share/common @@ -445,7 +445,7 @@ check_key_file_permissions() { # return 2 if path has group or other writability if is_write "$gAccess" || is_write "$oAccess" ; then log error "improper group or other writability on path '$path':" - log error " group: $gAccess, other: $oAcess" + log error " group: $gAccess, other: $oAccess" return 2 fi -- cgit v1.2.3 From 8a10cedafffa08873508598c9bff0c12e1c5d278 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 21:04:31 -0400 Subject: actually check for md5 in the path within file_hash() --- src/share/common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index 1ce07fc..ac0b5d6 100644 --- a/src/share/common +++ b/src/share/common @@ -254,7 +254,7 @@ check_capability() { file_hash() { if type md5sum &>/dev/null ; then md5sum "$1" - elif type lockfile &>/dev/null ; then + elif type md5 &>/dev/null ; then md5 "$1" else failure "Neither md5sum nor md5 are in the path!" -- cgit v1.2.3 From 5df09d935f33477cdd9763c0e9c1ba7c8073aea0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 21:09:12 -0400 Subject: more portable perl-based simple_checksum; i think this is correct, but i welcome any pointers about what i might be getting wrong. --- src/share/keytrans | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/keytrans b/src/share/keytrans index 8b2e2ea..e6777ff 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -195,11 +195,11 @@ my $keyserver_prefs = { nomodify => 0x80 ########### Math/Utility Functions ############## -# see the bottom of page 43 of RFC 4880 +# see the bottom of page 44 of RFC 4880 (http://tools.ietf.org/html/rfc4880#page-44) sub simple_checksum { my $bytes = shift; - return unpack("%32W*",$bytes) % 65536; + return unpack("%16C*",$bytes); } # calculate the multiplicative inverse of a mod b this is euclid's -- cgit v1.2.3 From c8719b2f757364178ecbe621b027765c8ce58ef4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 6 Apr 2009 22:32:56 -0400 Subject: replacing head -c with dd (for portability reasons, see #673) --- src/share/ma/setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/ma/setup b/src/share/ma/setup index b453f3c..4c87009 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -57,9 +57,9 @@ EOF if [ -z "$CORE_FPR" ] ; then log info "setting up Monkeysphere authentication trust core..." - local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 Date: Mon, 6 Apr 2009 19:52:34 -0700 Subject: remove -w from keytrans shebang line, since it's redundant with 'use warnings' --- src/share/keytrans | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/share') diff --git a/src/share/keytrans b/src/share/keytrans index e6777ff..f9288fa 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w -T +#!/usr/bin/perl -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -- cgit v1.2.3 From c514677a32ef4a3264898a389902ac973ebc3507 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:40:08 -0700 Subject: Add two new compatibility functions: - list_user to list all users on the system - get_homedir to return the path to a users home directory These functions should provide compatibility on linux, FreeBSD and Darwin systems. --- src/share/common | 19 ++++++++++++++++++- src/share/ma/update_users | 2 +- 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index ac0b5d6..f954bb9 100644 --- a/src/share/common +++ b/src/share/common @@ -390,7 +390,7 @@ translate_ssh_variables() { path="$2" # get the user's home directory - userHome=$(getent passwd "$uname" | cut -d: -f6) + userHome=$(get_homedir "$uname") # translate '%u' to user name path=${path/\%u/"$uname"} @@ -458,6 +458,23 @@ check_key_file_permissions() { fi } +# return a list of all users on the system +list_users() { + if type getent &>/dev/null ; then + # for linux and FreeBSD systems + getent passwd | cut -d: -f1 + elif type dscl &>/dev/null ; then + # for Darwin systems + dscl localhost -list /Search/Users + fi +} + +# return the path to the home directory of a user +get_homedir() { + local uname=${1:-`whoami`} + eval "echo ~${uname}" +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 3a5c006..c5c74cf 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -24,7 +24,7 @@ if [ "$1" ] ; then unames="$@" else # or just look at all users if none specified - unames=$(getent passwd | cut -d: -f1) + unames=$(list_users) fi # set mode -- cgit v1.2.3 From c2a85da2be8f884cb7e96f05d8a37dcb6ddd80b5 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 6 Apr 2009 22:53:04 -0700 Subject: add else failure to list_users function --- src/share/common | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/share') diff --git a/src/share/common b/src/share/common index f954bb9..11e7969 100644 --- a/src/share/common +++ b/src/share/common @@ -466,6 +466,8 @@ list_users() { elif type dscl &>/dev/null ; then # for Darwin systems dscl localhost -list /Search/Users + else + failure "Neither getent or dscl is in the path! Could not determine list of users." fi } -- cgit v1.2.3