#!/bin/sh # monkeysphere: MonkeySphere client tool # # The monkeysphere scripts are written by: # Jameson Rollins <jrollins@fifthhorseman.net> # # They are Copyright 2008, and are all released under the GPL, version 3 # or later. ######################################################################## PGRM=$(basename $0) SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} export SHAREDIR . "${SHAREDIR}/common" GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf} [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" # date in UTF format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up GREP_OPTIONS= ######################################################################## # FUNCTIONS ######################################################################## usage() { cat <<EOF usage: $PGRM <subcommand> [args] Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file update-userids (u) [USERID]... add/update userid gen-ae-subkey (g) KEYID generate an 'ae' capable subkey help (h,?) this help EOF } # generate a subkey with the 'a' and 'e' usage flags set gen_ae_subkey(){ local keyID local gpgOut local userID log "warning: this function is still not working." keyID="$1" # set subkey defaults SUBKEY_TYPE=${KEY_TYPE:-"RSA"} SUBKEY_LENGTH=${KEY_LENGTH:-"1024"} SUBKEY_USAGE=${KEY_USAGE:-"encrypt,auth"} gpgOut=$(gpg --fixed-list-mode --list-keys --with-colons \ "$keyID" 2> /dev/null) # return 1 if there only "tru" lines are output from gpg if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then loge " key not found." return 1 fi userID=$(echo "$gpgOut" | grep "^uid:" | cut -d: -f10) # set key parameters keyParameters=$(cat <<EOF Subkey-Type: $SUBKEY_TYPE Subkey-Length: $SUBKEY_LENGTH Subkey-Usage: $SUBKEY_USAGE Name-Real: $userID EOF ) log "The following key parameters will be used:" echo "$keyParameters" read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi # add commit command keyParameters="${keyParameters}"$(cat <<EOF %commit %echo done EOF ) echo "generating subkey..." echo "$keyParameters" | gpg --batch --gen-key } ######################################################################## # MAIN ######################################################################## COMMAND="$1" [ "$COMMAND" ] || failure "Type '$PGRM help' for usage." shift # set ms home directory MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere} # load configuration file MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf} [ -e "$MS_CONF" ] && . "$MS_CONF" # set empty config variable with defaults AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids} GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg} KEYSERVER=${KEYSERVER:-subkeys.pgp.net} REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"} USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys} USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts} HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-} export GNUPGHOME # stagging locations hostKeysCacheDir="$MS_HOME"/host_keys userKeysCacheDir="$MS_HOME"/user_keys msAuthorizedKeys="$MS_HOME"/authorized_keys # make sure gpg home exists with proper permissions mkdir -p -m 0700 "$GNUPGHOME" case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') MODE='known_hosts' # touch the known_hosts file to make sure it exists touch "$USER_KNOWN_HOSTS" # if hosts are specified on the command line, process just # those hosts if [ "$1" ] ; then for host ; do process_host "$host" "$hostKeysCacheDir" done # otherwise, if no hosts are specified, process the user # known_hosts file else if [ ! -s "$USER_KNOWN_HOSTS" ] ; then failure "known_hosts file '$USER_KNOWN_HOSTS' is empty." fi log "processing known_hosts file..." process_known_hosts "$USER_KNOWN_HOSTS" "$hostKeysCacheDir" fi ;; 'update-authorized_keys'|'update-authorized-keys'|'a') MODE='authorized_keys' # make sure authorized_user_ids file exists if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then log "authorized_user_ids file is empty or does not exist." exit fi # set user-controlled authorized_keys file path userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"} # update authorized_keys update_authorized_keys "$userKeysCacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys" ;; 'update-userids'|'u') if [ -z "$1" ] ; then failure "you must specify at least one userid." fi for userID ; do update_userid "$userID" "$userKeysCacheDir" done ;; 'gen-ae-subkey'|'g') keyID="$1" if [ -z "$keyID" ] ; then failure "you must specify keyid of primary key." fi gen_ae_subkey "$keyID" ;; 'help'|'h'|'?') usage ;; *) failure "Unknown command: '$COMMAND' Type 'cereal-admin help' for usage." ;; esac