From 0655d5cbf24a29da4aff7e272e82bfa258b2ceed Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 1 Feb 2009 21:14:22 -0500 Subject: new function to export signatures from core to sphere keyrings. this is so that the sphere does not have to read the core pubring to get the certifier ltsigs, and we can therefore keep tighter permissions on the core keyring files. updated some comments/documentation as well. --- src/monkeysphere-authentication | 18 +++++-------- src/share/ma/add_certifier | 58 +++++++++++++++++++++++++++-------------- src/share/ma/remove_certifier | 8 +++--- src/share/ma/setup | 6 ++--- 4 files changed, 51 insertions(+), 39 deletions(-) (limited to 'src') diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 7c43aa8..2316183 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -85,8 +85,6 @@ su_monkeysphere_user() { # function to interact with the gpg core keyring gpg_core() { - local returnCode - GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME @@ -94,15 +92,7 @@ gpg_core() { # user to be able to read the host pubring. we realize this might # be problematic, but it's the simplest solution, without too much # loss of security. - gpg --no-permission-warning "$@" - returnCode="$?" - - # always reset the permissions on the host pubring so that the - # monkeysphere user can read the trust signatures - chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg" - chmod g+r "${GNUPGHOME_CORE}/pubring.gpg" - - return "$returnCode" + gpg "$@" } # function to interact with the gpg sphere keyring @@ -116,6 +106,12 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# export signatures from core to sphere +gpg_core_sphere_sig_transfer() { + gpg_core --export-options export-local-sigs --export | \ + gpg_sphere --import-options import-local-sigs --import +} + ######################################################################## # MAIN ######################################################################## diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 0c3c647..60a4f9d 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -3,6 +3,20 @@ # Monkeysphere authentication add-certifier subcommand # +# This function adds a certifier whose signatures will be used to +# calculate validity of keys used to connect to user accounts on the +# server. The specified certifier key is first retrieved from the Web +# of Trust with the monkeysphere-user-controlled gpg_sphere keyring. +# Once then new key is retrieved, it is imported into the core +# keyring. The gpg_core then ltsigns the key with the desired trust +# level, and then the key is exported back to the gpg_sphere keyring. +# The gpg_sphere has ultimate owner trust of the core key, so the core +# ltsigs on the new certifier key can then be used by gpg_sphere +# calculate validity for keys inserted in the authorized_keys file. +# +# This is all to keep the monkeysphere user that connects to the +# keyservers from accessing the core secret key. +# # The monkeysphere scripts are written by: # Jameson Rollins # Jamie McClelland @@ -11,9 +25,6 @@ # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. -# retrieve key from web of trust, import it into the host keyring, and -# ltsign the key in the host keyring so that it may certify other keys - add_certifier() { local domain @@ -59,7 +70,7 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi if [ -f "$keyID" ] ; then - echo "Reading key from file '$keyID':" + log info "Reading key from file '$keyID':" importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" # FIXME: if this is tried when the key database is not # up-to-date, i got these errors (using set -x): @@ -96,8 +107,7 @@ if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -echo -echo "key found:" +log info -e "\nkey found:" gpg_sphere "--fingerprint 0x${fingerprint}!" echo "Are you sure you want to add the above key as a" @@ -106,18 +116,24 @@ if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not added." fi -# export the key to the host keyring +# export the key to the core keyring so that the core can sign the +# new certifier key gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import -if [ "$trust" = marginal ]; then - trustval=1 -elif [ "$trust" = full ]; then - trustval=2 -else - failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." -fi - -# ltsign command +case "$trust" in + 'marginal') + trustval=1 + ;; + 'full') + trustval=2 + ;; + *) + failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." + ;; +esac + +# this is the gpg "script" that gpg --edit-key will execute for the +# core to sign certifier. # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <