From b7e17887ac20bc5916d830f5282b07f4c0360c2a Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sat, 31 Jan 2009 17:30:11 -0500
Subject: break out monkeysphere-{host,authentication} subcommands into
 seperate scripts.  MUCH MORE WORK NEEDED to get these working.

---
 src/subcommands/mh/add-hostname    |  71 +++++++++++++++
 src/subcommands/mh/add-revoker     |  16 ++++
 src/subcommands/mh/diagnostics     | 179 +++++++++++++++++++++++++++++++++++++
 src/subcommands/mh/extend-key      |  29 ++++++
 src/subcommands/mh/publish-key     |  24 +++++
 src/subcommands/mh/revoke-hostname |  89 ++++++++++++++++++
 src/subcommands/mh/revoke-key      |  16 ++++
 src/subcommands/mh/show-key        |  37 ++++++++
 8 files changed, 461 insertions(+)
 create mode 100755 src/subcommands/mh/add-hostname
 create mode 100755 src/subcommands/mh/add-revoker
 create mode 100755 src/subcommands/mh/diagnostics
 create mode 100755 src/subcommands/mh/extend-key
 create mode 100755 src/subcommands/mh/publish-key
 create mode 100755 src/subcommands/mh/revoke-hostname
 create mode 100755 src/subcommands/mh/revoke-key
 create mode 100755 src/subcommands/mh/show-key

(limited to 'src/subcommands/mh')

diff --git a/src/subcommands/mh/add-hostname b/src/subcommands/mh/add-hostname
new file mode 100755
index 0000000..fc1ae96
--- /dev/null
+++ b/src/subcommands/mh/add-hostname
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host add-hostname subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# add hostname user ID to server key
+
+local userID
+local fingerprint
+local tmpuidMatch
+local line
+local adduidCommand
+
+if [ -z "$1" ] ; then
+    failure "You must specify a hostname to add."
+fi
+
+userID="ssh://${1}"
+
+fingerprint=$(fingerprint_server_key)
+
+# match to only ultimately trusted user IDs
+tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+# find the index of the requsted user ID
+# NOTE: this is based on circumstantial evidence that the order of
+# this output is the appropriate index
+if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
+    | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+    failure "Host userID '$userID' already exists."
+fi
+
+echo "The following user ID will be added to the host key:"
+echo "  $userID"
+read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+if [ ${OK/y/Y} != 'Y' ] ; then
+    failure "User ID not added."
+fi
+
+# edit-key script command to add user ID
+adduidCommand=$(cat <<EOF
+adduid
+$userID
+
+
+save
+EOF
+)
+
+# execute edit-key script
+if echo "$adduidCommand" | \
+    gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+
+    # update the trustdb for the authentication keyring
+    gpg_authentication "--check-trustdb"
+
+    show_server_key
+
+    echo
+    echo "NOTE: User ID added to key, but key not published."
+    echo "Run '$PGRM publish-key' to publish the new user ID."
+else
+    failure "Problem adding user ID."
+fi
diff --git a/src/subcommands/mh/add-revoker b/src/subcommands/mh/add-revoker
new file mode 100755
index 0000000..8783cd1
--- /dev/null
+++ b/src/subcommands/mh/add-revoker
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host add-revoker subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# add a revoker to the host key
+
+# FIXME: implement!
+failure "not implemented yet!"
diff --git a/src/subcommands/mh/diagnostics b/src/subcommands/mh/diagnostics
new file mode 100755
index 0000000..f411e06
--- /dev/null
+++ b/src/subcommands/mh/diagnostics
@@ -0,0 +1,179 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host diagnostics subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+#  * check on the status and validity of the key and public certificates
+local seckey
+local keysfound
+local curdate
+local warnwindow
+local warndate
+local create
+local expire
+local uid
+local fingerprint
+local badhostkeys
+local sshd_config
+local problemsfound=0
+
+# FIXME: what's the correct, cross-platform answer?
+sshd_config=/etc/ssh/sshd_config
+seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
+keysfound=$(echo "$seckey" | grep -c ^sec:)
+curdate=$(date +%s)
+# warn when anything is 2 months away from expiration
+warnwindow='2 months'
+warndate=$(advance_date $warnwindow +%s)
+
+if ! id monkeysphere >/dev/null ; then
+    echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
+    problemsfound=$(($problemsfound+1))
+fi
+
+if ! [ -d "$SYSDATADIR" ] ; then
+    echo "! no $SYSDATADIR directory found.  Please create it."
+    problemsfound=$(($problemsfound+1))
+fi
+
+echo "Checking host GPG key..."
+if (( "$keysfound" < 1 )); then
+    echo "! No host key found."
+    echo " - Recommendation: run 'monkeysphere-server gen-key'"
+    problemsfound=$(($problemsfound+1))
+elif (( "$keysfound" > 1 )); then
+    echo "! More than one host key found?"
+    # FIXME: recommend a way to resolve this
+    problemsfound=$(($problemsfound+1))
+else
+    create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
+    expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
+    fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:)
+    # check for key expiration:
+    if [ "$expire" ]; then
+	if (( "$expire"  < "$curdate" )); then
+	    echo "! Host key is expired."
+	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+	    problemsfound=$(($problemsfound+1))
+	elif (( "$expire" < "$warndate" )); then
+	    echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+	    problemsfound=$(($problemsfound+1))
+	fi
+    fi
+
+    # and weirdnesses:
+    if [ "$create" ] && (( "$create" > "$curdate" )); then
+	echo "! Host key was created in the future(?!). Is your clock correct?"
+	echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+	problemsfound=$(($problemsfound+1))
+    fi
+    
+    # check for UserID expiration:
+    echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
+    while IFS=: read create expire uid ; do
+	# FIXME: should we be doing any checking on the form
+	# of the User ID?  Should we be unmangling it somehow?
+
+	if [ "$create" ] && (( "$create" > "$curdate" )); then
+	    echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
+	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+	    problemsfound=$(($problemsfound+1))
+	fi
+	if [ "$expire" ] ; then
+	    if (( "$expire" < "$curdate" )); then
+		echo "! User ID '$uid' is expired."
+		# FIXME: recommend a way to resolve this
+		problemsfound=$(($problemsfound+1))
+	    elif (( "$expire" < "$warndate" )); then
+		echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
+		# FIXME: recommend a way to resolve this
+		problemsfound=$(($problemsfound+1))
+	    fi
+	fi
+    done
+	    
+# FIXME: verify that the host key is properly published to the
+#   keyservers (do this with the non-privileged user)
+
+# FIXME: check that there are valid, non-expired certifying signatures
+#   attached to the host key after fetching from the public keyserver
+#   (do this with the non-privileged user as well)
+
+# FIXME: propose adding a revoker to the host key if none exist (do we
+#   have a way to do that after key generation?)
+
+    # Ensure that the ssh_host_rsa_key file is present and non-empty:
+    echo
+    echo "Checking host SSH key..."
+    if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
+	echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
+	problemsfound=$(($problemsfound+1))
+    else
+	if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
+	    echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
+	    problemsfound=$(($problemsfound+1))
+	fi
+
+	# propose changes needed for sshd_config (if any)
+	if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
+	    echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
+	    echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
+	    problemsfound=$(($problemsfound+1))
+	fi
+	if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
+	    echo "! $sshd_config refers to some non-monkeysphere host keys:"
+	    echo "$badhostkeys"
+	    echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+	    problemsfound=$(($problemsfound+1))
+	fi
+
+        # FIXME: test (with ssh-keyscan?) that the running ssh
+        # daemon is actually offering the monkeysphere host key.
+
+    fi
+fi
+
+# FIXME: look at the ownership/privileges of the various keyrings,
+#    directories housing them, etc (what should those values be?  can
+#    we make them as minimal as possible?)
+
+# FIXME: look to see that the ownertrust rules are set properly on the
+#    authentication keyring
+
+# FIXME: make sure that at least one identity certifier exists
+
+# FIXME: look at the timestamps on the monkeysphere-generated
+# authorized_keys files -- warn if they seem out-of-date.
+
+# FIXME: check for a cronjob that updates monkeysphere-generated
+# authorized_keys?
+
+echo
+echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+# Ensure that User ID authentication is enabled:
+if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
+    echo "! $sshd_config does not point to monkeysphere authorized keys."
+    echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'"
+    problemsfound=$(($problemsfound+1))
+fi
+if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then
+    echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
+    echo "$badauthorizedkeys"
+    echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+    problemsfound=$(($problemsfound+1))
+fi
+
+if [ "$problemsfound" -gt 0 ]; then
+    echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
+    echo "  monkeysphere-server diagnostics"
+else
+    echo "Everything seems to be in order!"
+fi
diff --git a/src/subcommands/mh/extend-key b/src/subcommands/mh/extend-key
new file mode 100755
index 0000000..755fe13
--- /dev/null
+++ b/src/subcommands/mh/extend-key
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host extend-key subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# extend the lifetime of a host key:
+
+local fpr=$(fingerprint_server_key)
+local extendTo="$1"
+
+# get the new expiration date
+extendTo=$(get_gpg_expiration "$extendTo")
+
+gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF 
+expire
+$extendTo
+save
+EOF
+
+echo
+echo "NOTE: Host key expiration date adjusted, but not yet published."
+echo "Run '$PGRM publish-key' to publish the new expiration date."
diff --git a/src/subcommands/mh/publish-key b/src/subcommands/mh/publish-key
new file mode 100755
index 0000000..792d858
--- /dev/null
+++ b/src/subcommands/mh/publish-key
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host publish-key subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# publish server key to keyserver
+
+read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
+if [ ${OK/y/Y} != 'Y' ] ; then
+    failure "key not published."
+fi
+
+# find the key fingerprint
+fingerprint=$(fingerprint_server_key)
+
+# publish host key
+gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
diff --git a/src/subcommands/mh/revoke-hostname b/src/subcommands/mh/revoke-hostname
new file mode 100755
index 0000000..decac86
--- /dev/null
+++ b/src/subcommands/mh/revoke-hostname
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host revoke-hostname subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# revoke hostname user ID from host key
+
+local userID
+local fingerprint
+local tmpuidMatch
+local line
+local uidIndex
+local message
+local revuidCommand
+
+if [ -z "$1" ] ; then
+    failure "You must specify a hostname to revoke."
+fi
+
+echo "WARNING: There is a known bug in this function."
+echo "This function has been known to occasionally revoke the wrong user ID."
+echo "Please see the following bug report for more information:"
+echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
+read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
+if [ ${OK/y/Y} != 'Y' ] ; then
+    failure "aborting."
+fi
+
+userID="ssh://${1}"
+
+fingerprint=$(fingerprint_server_key)
+
+# match to only ultimately trusted user IDs
+tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+# find the index of the requsted user ID
+# NOTE: this is based on circumstantial evidence that the order of
+# this output is the appropriate index
+if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
+    | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+    uidIndex=${line%%:*}
+else
+    failure "No non-revoked user ID '$userID' is found."
+fi
+
+echo "The following host key user ID will be revoked:"
+echo "  $userID"
+read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+if [ ${OK/y/Y} != 'Y' ] ; then
+    failure "User ID not revoked."
+fi
+
+message="Hostname removed by monkeysphere-server $DATE"
+
+# edit-key script command to revoke user ID
+revuidCommand=$(cat <<EOF
+$uidIndex
+revuid
+y
+4
+$message
+
+y
+save
+EOF
+    )	
+
+# execute edit-key script
+if echo "$revuidCommand" | \
+    gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+
+    # update the trustdb for the authentication keyring
+    gpg_authentication "--check-trustdb"
+
+    show_server_key
+
+    echo
+    echo "NOTE: User ID revoked, but revocation not published."
+    echo "Run '$PGRM publish-key' to publish the revocation."
+else
+    failure "Problem revoking user ID."
+fi
diff --git a/src/subcommands/mh/revoke-key b/src/subcommands/mh/revoke-key
new file mode 100755
index 0000000..b4ce401
--- /dev/null
+++ b/src/subcommands/mh/revoke-key
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host revoke-key subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# revoke host key
+
+# FIXME: implement!
+failure "not implemented yet!"
diff --git a/src/subcommands/mh/show-key b/src/subcommands/mh/show-key
new file mode 100755
index 0000000..c62ec16
--- /dev/null
+++ b/src/subcommands/mh/show-key
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Monkeysphere host show-key subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+local fingerprintPGP
+local fingerprintSSH
+local ret=0
+
+# FIXME: you shouldn't have to be root to see the host key fingerprint
+if is_root ; then
+    check_host_keyring
+    fingerprintPGP=$(fingerprint_server_key)
+    gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+    echo "OpenPGP fingerprint: $fingerprintPGP"
+else
+    log info "You must be root to see host OpenPGP fingerprint."
+    ret='1'
+fi
+
+if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+    fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+	awk '{ print $1, $2, $4 }')
+    echo "ssh fingerprint: $fingerprintSSH"
+else
+    log info "SSH host key not found."
+    ret='1'
+fi
+
+return $ret
-- 
cgit v1.2.3