summaryrefslogtreecommitdiff
path: root/src/share/common
blob: 8c21a836f5dbb270a84fba00de0c8eb134f0def1 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Shared sh functions for the monkeysphere
  4. #
  5. # Written by
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # Copyright 2008-2009, released under the GPL, version 3 or later
  11. # all-caps variables are meant to be user supplied (ie. from config
  12. # file) and are considered global
  13. ########################################################################
  14. ### UTILITY FUNCTIONS
  15. # output version info
  16. version() {
  17. cat "${SYSSHAREDIR}/VERSION"
  18. }
  19. # failure function. exits with code 255, unless specified otherwise.
  20. failure() {
  21. [ "$1" ] && echo "$1" >&2
  22. exit ${2:-'255'}
  23. }
  24. # write output to stderr based on specified LOG_LEVEL the first
  25. # parameter is the priority of the output, and everything else is what
  26. # is echoed to stderr. If there is nothing else, then output comes
  27. # from stdin, and is not prefaced by log prefix.
  28. log() {
  29. local priority
  30. local level
  31. local output
  32. local alllevels
  33. local found=
  34. # don't include SILENT in alllevels: it's handled separately
  35. # list in decreasing verbosity (all caps).
  36. # separate with $IFS explicitly, since we do some fancy footwork
  37. # elsewhere.
  38. alllevels="DEBUG${IFS}VERBOSE${IFS}INFO${IFS}ERROR"
  39. # translate lowers to uppers in global log level
  40. LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]")
  41. # just go ahead and return if the log level is silent
  42. if [ "$LOG_LEVEL" = 'SILENT' ] ; then
  43. return
  44. fi
  45. for level in $alllevels ; do
  46. if [ "$LOG_LEVEL" = "$level" ] ; then
  47. found=true
  48. fi
  49. done
  50. if [ -z "$found" ] ; then
  51. # default to INFO:
  52. LOG_LEVEL=INFO
  53. fi
  54. # get priority from first parameter, translating all lower to
  55. # uppers
  56. priority=$(echo "$1" | tr "[:lower:]" "[:upper:]")
  57. shift
  58. # scan over available levels
  59. for level in $alllevels ; do
  60. # output if the log level matches, set output to true
  61. # this will output for all subsequent loops as well.
  62. if [ "$LOG_LEVEL" = "$level" ] ; then
  63. output=true
  64. fi
  65. if [ "$priority" = "$level" -a "$output" = 'true' ] ; then
  66. if [ "$1" ] ; then
  67. echo "$@"
  68. else
  69. cat
  70. fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
  71. fi
  72. done
  73. }
  74. # run command as monkeysphere user
  75. su_monkeysphere_user() {
  76. # our main goal here is to run the given command as the the
  77. # monkeysphere user, but without prompting for any sort of
  78. # authentication. If this is not possible, we should just fail.
  79. # FIXME: our current implementation is overly restrictive, because
  80. # there may be some su PAM configurations that would allow su
  81. # "$MONKEYSPHERE_USER" -c "$@" to Just Work without prompting,
  82. # allowing specific users to invoke commands which make use of
  83. # this user.
  84. # chpst (from runit) would be nice to use, but we don't want to
  85. # introduce an extra dependency just for this. This may be a
  86. # candidate for re-factoring if we switch implementation languages.
  87. case $(id -un) in
  88. # if monkeysphere user, run the command under bash
  89. "$MONKEYSPHERE_USER")
  90. bash -c "$*"
  91. ;;
  92. # if root, su command as monkeysphere user
  93. 'root')
  94. su "$MONKEYSPHERE_USER" -c "$*"
  95. ;;
  96. # otherwise, fail
  97. *)
  98. log error "non-privileged user."
  99. ;;
  100. esac
  101. }
  102. # cut out all comments(#) and blank lines from standard input
  103. meat() {
  104. grep -v -e "^[[:space:]]*#" -e '^$' "$1"
  105. }
  106. # cut a specified line from standard input
  107. cutline() {
  108. head --line="$1" "$2" | tail -1
  109. }
  110. # make a temporary directory
  111. msmktempdir() {
  112. mktemp -d ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX
  113. }
  114. # make a temporary file
  115. msmktempfile() {
  116. mktemp ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX
  117. }
  118. # this is a wrapper for doing lock functions.
  119. #
  120. # it lets us depend on either lockfile-progs (preferred) or procmail's
  121. # lockfile, and should
  122. lock() {
  123. local use_lockfileprogs=true
  124. local action="$1"
  125. local file="$2"
  126. if ! ( type lockfile-create &>/dev/null ) ; then
  127. if ! ( type lockfile &>/dev/null ); then
  128. failure "Neither lockfile-create nor lockfile are in the path!"
  129. fi
  130. use_lockfileprogs=
  131. fi
  132. case "$action" in
  133. create)
  134. if [ -n "$use_lockfileprogs" ] ; then
  135. lockfile-create "$file" || failure "unable to lock '$file'"
  136. else
  137. lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'"
  138. fi
  139. log debug "lock created on '$file'."
  140. ;;
  141. touch)
  142. if [ -n "$use_lockfileprogs" ] ; then
  143. lockfile-touch --oneshot "$file"
  144. else
  145. : Nothing to do here
  146. fi
  147. log debug "lock touched on '$file'."
  148. ;;
  149. remove)
  150. if [ -n "$use_lockfileprogs" ] ; then
  151. lockfile-remove "$file"
  152. else
  153. rm -f "${file}.lock"
  154. fi
  155. log debug "lock removed on '$file'."
  156. ;;
  157. *)
  158. failure "bad argument for lock subfunction '$action'"
  159. esac
  160. }
  161. # for portability, between gnu date and BSD date.
  162. # arguments should be: number longunits format
  163. # e.g. advance_date 20 seconds +%F
  164. advance_date() {
  165. local gnutry
  166. local number="$1"
  167. local longunits="$2"
  168. local format="$3"
  169. local shortunits
  170. # try things the GNU way first
  171. if date -d "$number $longunits" "$format" &>/dev/null; then
  172. date -d "$number $longunits" "$format"
  173. else
  174. # otherwise, convert to (a limited version of) BSD date syntax:
  175. case "$longunits" in
  176. years)
  177. shortunits=y
  178. ;;
  179. months)
  180. shortunits=m
  181. ;;
  182. weeks)
  183. shortunits=w
  184. ;;
  185. days)
  186. shortunits=d
  187. ;;
  188. hours)
  189. shortunits=H
  190. ;;
  191. minutes)
  192. shortunits=M
  193. ;;
  194. seconds)
  195. shortunits=S
  196. ;;
  197. *)
  198. # this is a longshot, and will likely fail; oh well.
  199. shortunits="$longunits"
  200. esac
  201. date "-v+${number}${shortunits}" "$format"
  202. fi
  203. }
  204. # check that characters are in a string (in an AND fashion).
  205. # used for checking key capability
  206. # check_capability capability a [b...]
  207. check_capability() {
  208. local usage
  209. local capcheck
  210. usage="$1"
  211. shift 1
  212. for capcheck ; do
  213. if echo "$usage" | grep -q -v "$capcheck" ; then
  214. return 1
  215. fi
  216. done
  217. return 0
  218. }
  219. # hash of a file
  220. file_hash() {
  221. if type md5sum &>/dev/null ; then
  222. md5sum "$1"
  223. elif type md5 &>/dev/null ; then
  224. md5 "$1"
  225. else
  226. failure "Neither md5sum nor md5 are in the path!"
  227. fi
  228. }
  229. # convert escaped characters in pipeline from gpg output back into
  230. # original character
  231. # FIXME: undo all escape character translation in with-colons gpg
  232. # output
  233. gpg_unescape() {
  234. sed 's/\\x3a/:/g'
  235. }
  236. # convert nasty chars into gpg-friendly form in pipeline
  237. # FIXME: escape everything, not just colons!
  238. gpg_escape() {
  239. sed 's/:/\\x3a/g'
  240. }
  241. # prompt for GPG-formatted expiration, and emit result on stdout
  242. get_gpg_expiration() {
  243. local keyExpire
  244. keyExpire="$1"
  245. if [ -z "$keyExpire" -a "$PROMPT" != 'false' ]; then
  246. cat >&2 <<EOF
  247. Please specify how long the key should be valid.
  248. 0 = key does not expire
  249. <n> = key expires in n days
  250. <n>w = key expires in n weeks
  251. <n>m = key expires in n months
  252. <n>y = key expires in n years
  253. EOF
  254. while [ -z "$keyExpire" ] ; do
  255. printf "Key is valid for? (0) " >&2
  256. read keyExpire
  257. if ! test_gpg_expire ${keyExpire:=0} ; then
  258. echo "invalid value" >&2
  259. unset keyExpire
  260. fi
  261. done
  262. elif ! test_gpg_expire "$keyExpire" ; then
  263. failure "invalid key expiration value '$keyExpire'."
  264. fi
  265. echo "$keyExpire"
  266. }
  267. passphrase_prompt() {
  268. local prompt="$1"
  269. local fifo="$2"
  270. local PASS
  271. if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null 2>/dev/null; then
  272. printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info
  273. printf '(with prompt "%s")\n' "$prompt" | log debug
  274. "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo"
  275. else
  276. read -s -p "$prompt" PASS
  277. # Uses the builtin echo, so should not put the passphrase into
  278. # the process table. I think. --dkg
  279. echo "$PASS" > "$fifo"
  280. fi
  281. }
  282. # remove all lines with specified string from specified file
  283. remove_line() {
  284. local file
  285. local string
  286. local tempfile
  287. file="$1"
  288. string="$2"
  289. if [ -z "$file" -o -z "$string" ] ; then
  290. return 1
  291. fi
  292. if [ ! -e "$file" ] ; then
  293. return 1
  294. fi
  295. # if the string is in the file...
  296. if grep -q -F "$string" "$file" 2>/dev/null ; then
  297. tempfile=$(mktemp "${file}.XXXXXXX") || \
  298. failure "Unable to make temp file '${file}.XXXXXXX'"
  299. # remove the line with the string, and return 0
  300. grep -v -F "$string" "$file" >"$tempfile"
  301. cat "$tempfile" > "$file"
  302. rm "$tempfile"
  303. return 0
  304. # otherwise return 1
  305. else
  306. return 1
  307. fi
  308. }
  309. # remove all lines with MonkeySphere strings from stdin
  310. remove_monkeysphere_lines() {
  311. egrep -v ' MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2} '
  312. }
  313. # translate ssh-style path variables %h and %u
  314. translate_ssh_variables() {
  315. local uname
  316. local home
  317. uname="$1"
  318. path="$2"
  319. # get the user's home directory
  320. userHome=$(get_homedir "$uname")
  321. # translate '%u' to user name
  322. path=${path/\%u/"$uname"}
  323. # translate '%h' to user home directory
  324. path=${path/\%h/"$userHome"}
  325. echo "$path"
  326. }
  327. # test that a string to conforms to GPG's expiration format
  328. test_gpg_expire() {
  329. echo "$1" | egrep -q "^[0-9]+[mwy]?$"
  330. }
  331. # check that a file is properly owned, and that all it's parent
  332. # directories are not group/other writable
  333. check_key_file_permissions() {
  334. local uname
  335. local path
  336. uname="$1"
  337. path="$2"
  338. if [ "$STRICT_MODES" = 'false' ] ; then
  339. log debug "skipping path permission check for '$path' because STRICT_MODES is false..."
  340. return 0
  341. fi
  342. log debug "checking path permission '$path'..."
  343. "${SYSSHAREDIR}/checkperms" "$uname" "$path"
  344. }
  345. # return a list of all users on the system
  346. list_users() {
  347. if type getent &>/dev/null ; then
  348. # for linux and FreeBSD systems
  349. getent passwd | cut -d: -f1
  350. elif type dscl &>/dev/null ; then
  351. # for Darwin systems
  352. dscl localhost -list /Search/Users
  353. else
  354. failure "Neither getent or dscl is in the path! Could not determine list of users."
  355. fi
  356. }
  357. # take one argument, a service name. in response, print a series of
  358. # lines, each with a unique numeric port number that might be
  359. # associated with that service name. (e.g. in: "https", out: "443")
  360. # if nothing is found, print nothing, and return 0.
  361. #
  362. # return 1 if there was an error in the search somehow
  363. get_port_for_service() {
  364. [[ "$1" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$ ]] || \
  365. failure $(printf "This is not a valid service name: '%s'" "$1")
  366. if type getent &>/dev/null ; then
  367. # for linux and FreeBSD systems (getent returns 2 if not found, 0 on success, 1 or 3 on various failures)
  368. (getent services "$service" || if [ "$?" -eq 2 ] ; then true ; else false; fi) | awk '{ print $2 }' | cut -f1 -d/ | sort -u
  369. elif [ -r /etc/services ] ; then
  370. # fall back to /etc/services for systems that don't have getent (MacOS?)
  371. # FIXME: doesn't handle aliases like "null" (or "http"?), which don't show up at the beginning of the line.
  372. awk $(printf '/^%s[[:space:]]/{ print $2 }' "$1") /etc/services | cut -f1 -d/ | sort -u
  373. else
  374. return 1
  375. fi
  376. }
  377. # return the path to the home directory of a user
  378. get_homedir() {
  379. local uname=${1:-`whoami`}
  380. eval "echo ~${uname}"
  381. }
  382. # return the primary group of a user
  383. get_primary_group() {
  384. local uname=${1:-`whoami`}
  385. groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }'
  386. }
  387. ### CONVERSION UTILITIES
  388. # output the ssh key for a given key ID
  389. gpg2ssh() {
  390. local keyID
  391. keyID="$1"
  392. gpg --export --no-armor "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
  393. }
  394. # output known_hosts line from ssh key
  395. ssh2known_hosts() {
  396. local host
  397. local port
  398. local key
  399. # FIXME this does not properly deal with IPv6 hosts using the
  400. # standard port (because it's unclear whether their final
  401. # colon-delimited address section is a port number or an address
  402. # string)
  403. host=${1%:*}
  404. port=${1##*:}
  405. key="$2"
  406. # specify the host and port properly for new ssh known_hosts
  407. # format
  408. if [ "$port" != "$host" ] ; then
  409. host="[${host}]:${port}"
  410. fi
  411. printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
  412. }
  413. # output authorized_keys line from ssh key
  414. ssh2authorized_keys() {
  415. local userID="$1"
  416. local key="$2"
  417. if [[ "$AUTHORIZED_KEYS_OPTIONS" ]]; then
  418. printf "%s %s MonkeySphere%s %s\n" "$AUTHORIZED_KEYS_OPTIONS" "$key" "$DATE" "$userID"
  419. else
  420. printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
  421. fi
  422. }
  423. # convert key from gpg to ssh known_hosts format
  424. gpg2known_hosts() {
  425. local host
  426. local keyID
  427. local key
  428. host="$1"
  429. keyID="$2"
  430. key=$(gpg2ssh "$keyID")
  431. # NOTE: it seems that ssh-keygen -R removes all comment fields from
  432. # all lines in the known_hosts file. why?
  433. # NOTE: just in case, the COMMENT can be matched with the
  434. # following regexp:
  435. # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
  436. printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
  437. }
  438. # convert key from gpg to ssh authorized_keys format
  439. gpg2authorized_keys() {
  440. local userID
  441. local keyID
  442. local key
  443. userID="$1"
  444. keyID="$2"
  445. key=$(gpg2ssh "$keyID")
  446. # NOTE: just in case, the COMMENT can be matched with the
  447. # following regexp:
  448. # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
  449. printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
  450. }
  451. ### GPG UTILITIES
  452. # script to determine if gpg version is equal to or greater than specified version
  453. is_gpg_version_greater_equal() {
  454. local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }')
  455. local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \
  456. | tr '.' ' ' | sort -g -k1 -k2 -k3 \
  457. | tail -1 | tr ' ' '.')
  458. [[ "$gpgVersion" == "$latest" ]]
  459. }
  460. # retrieve all keys with given user id from keyserver
  461. # FIXME: need to figure out how to retrieve all matching keys
  462. # (not just first N (5 in this case))
  463. gpg_fetch_userid() {
  464. local returnCode=0
  465. local userID
  466. if [ "$CHECK_KEYSERVER" != 'true' ] ; then
  467. return 0
  468. fi
  469. userID="$1"
  470. log verbose " checking keyserver $KEYSERVER... "
  471. echo 1,2,3,4,5 | \
  472. gpg --quiet --batch --with-colons \
  473. --command-fd 0 --keyserver "$KEYSERVER" \
  474. --search ="$userID" &>/dev/null
  475. returnCode="$?"
  476. if [ "$returnCode" != 0 ] ; then
  477. log error "Failure ($returnCode) searching keyserver $KEYSERVER for user id '$userID'"
  478. fi
  479. return "$returnCode"
  480. }
  481. ########################################################################
  482. ### PROCESSING FUNCTIONS
  483. # userid and key policy checking
  484. # the following checks policy on the returned keys
  485. # - checks that full key has appropriate valididy (u|f)
  486. # - checks key has specified capability (REQUIRED_KEY_CAPABILITY)
  487. # - checks that requested user ID has appropriate validity
  488. # (see /usr/share/doc/gnupg/DETAILS.gz)
  489. # output is one line for every found key, in the following format:
  490. #
  491. # flag:sshKey
  492. #
  493. # "flag" is an acceptability flag, 0 = ok, 1 = bad
  494. # "sshKey" is the relevant OpenPGP key, in the form accepted by OpenSSH
  495. #
  496. # all log output must go to stderr, as stdout is used to pass the
  497. # flag:sshKey to the calling function.
  498. process_user_id() {
  499. local returnCode=0
  500. local userID="$1"
  501. local requiredCapability
  502. local requiredPubCapability
  503. local gpgOut
  504. local type
  505. local validity
  506. local keyid
  507. local uidfpr
  508. local usage
  509. local keyOK
  510. local uidOK
  511. local lastKey
  512. local lastKeyOK
  513. local fingerprint
  514. # set the required key capability based on the mode
  515. requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
  516. requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
  517. # fetch the user ID if necessary/requested
  518. gpg_fetch_userid "$userID"
  519. # output gpg info for (exact) userid and store
  520. gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
  521. --with-fingerprint --with-fingerprint \
  522. ="$userID" 2>/dev/null) || returnCode="$?"
  523. # if the gpg query return code is not 0, return 1
  524. if [ "$returnCode" -ne 0 ] ; then
  525. log verbose " no primary keys found."
  526. return 1
  527. fi
  528. # loop over all lines in the gpg output and process.
  529. echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
  530. while IFS=: read -r type validity keyid uidfpr usage ; do
  531. # process based on record type
  532. case $type in
  533. 'pub') # primary keys
  534. # new key, wipe the slate
  535. keyOK=
  536. uidOK=
  537. lastKey=pub
  538. lastKeyOK=
  539. fingerprint=
  540. log verbose " primary key found: $keyid"
  541. # if overall key is not valid, skip
  542. if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
  543. log debug " - unacceptable primary key validity ($validity)."
  544. continue
  545. fi
  546. # if overall key is disabled, skip
  547. if check_capability "$usage" 'D' ; then
  548. log debug " - key disabled."
  549. continue
  550. fi
  551. # if overall key capability is not ok, skip
  552. if ! check_capability "$usage" $requiredPubCapability ; then
  553. log debug " - unacceptable primary key capability ($usage)."
  554. continue
  555. fi
  556. # mark overall key as ok
  557. keyOK=true
  558. # mark primary key as ok if capability is ok
  559. if check_capability "$usage" $requiredCapability ; then
  560. lastKeyOK=true
  561. fi
  562. ;;
  563. 'uid') # user ids
  564. if [ "$lastKey" != pub ] ; then
  565. log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!"
  566. continue
  567. fi
  568. # if an acceptable user ID was already found, skip
  569. if [ "$uidOK" = 'true' ] ; then
  570. continue
  571. fi
  572. # if the user ID does matches...
  573. if [ "$(echo "$uidfpr" | gpg_unescape)" = "$userID" ] ; then
  574. # and the user ID validity is ok
  575. if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
  576. # mark user ID acceptable
  577. uidOK=true
  578. else
  579. log debug " - unacceptable user ID validity ($validity)."
  580. fi
  581. else
  582. continue
  583. fi
  584. # output a line for the primary key
  585. # 0 = ok, 1 = bad
  586. if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
  587. log verbose " * acceptable primary key."
  588. if [ -z "$sshKey" ] ; then
  589. log verbose " ! primary key could not be translated (not RSA?)."
  590. else
  591. echo "0:${sshKey}"
  592. fi
  593. else
  594. log debug " - unacceptable primary key."
  595. if [ -z "$sshKey" ] ; then
  596. log debug " ! primary key could not be translated (not RSA?)."
  597. else
  598. echo "1:${sshKey}"
  599. fi
  600. fi
  601. ;;
  602. 'sub') # sub keys
  603. # unset acceptability of last key
  604. lastKey=sub
  605. lastKeyOK=
  606. fingerprint=
  607. # don't bother with sub keys if the primary key is not valid
  608. if [ "$keyOK" != true ] ; then
  609. continue
  610. fi
  611. # don't bother with sub keys if no user ID is acceptable:
  612. if [ "$uidOK" != true ] ; then
  613. continue
  614. fi
  615. # if sub key validity is not ok, skip
  616. if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
  617. log debug " - unacceptable sub key validity ($validity)."
  618. continue
  619. fi
  620. # if sub key capability is not ok, skip
  621. if ! check_capability "$usage" $requiredCapability ; then
  622. log debug " - unacceptable sub key capability ($usage)."
  623. continue
  624. fi
  625. # mark sub key as ok
  626. lastKeyOK=true
  627. ;;
  628. 'fpr') # key fingerprint
  629. fingerprint="$uidfpr"
  630. sshKey=$(gpg2ssh "$fingerprint")
  631. # if the last key was the pub key, skip
  632. if [ "$lastKey" = pub ] ; then
  633. continue
  634. fi
  635. # output a line for the sub key
  636. # 0 = ok, 1 = bad
  637. if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
  638. log verbose " * acceptable sub key."
  639. if [ -z "$sshKey" ] ; then
  640. log error " ! sub key could not be translated (not RSA?)."
  641. else
  642. echo "0:${sshKey}"
  643. fi
  644. else
  645. log debug " - unacceptable sub key."
  646. if [ -z "$sshKey" ] ; then
  647. log debug " ! sub key could not be translated (not RSA?)."
  648. else
  649. echo "1:${sshKey}"
  650. fi
  651. fi
  652. ;;
  653. esac
  654. done | sort -t: -k1 -n -r
  655. # NOTE: this last sort is important so that the "good" keys (key
  656. # flag '0') come last. This is so that they take precedence when
  657. # being processed in the key files over "bad" keys (key flag '1')
  658. }
  659. process_keys_for_file() {
  660. local keyFile="$1"
  661. local userID="$2"
  662. local host
  663. local ok
  664. local sshKey
  665. local noKey=
  666. log verbose "processing: $userID"
  667. log debug "key file: $keyFile"
  668. IFS=$'\n'
  669. for line in $(process_user_id "$userID") ; do
  670. ok=${line%%:*}
  671. sshKey=${line#*:}
  672. if [ -z "$sshKey" ] ; then
  673. continue
  674. fi
  675. # remove the old host key line
  676. if [[ "$keyFile" != '-' ]] ; then
  677. case "$FILE_TYPE" in
  678. ('authorized_keys')
  679. remove_line "$keyFile" "$sshKey" || noKey=true
  680. ;;
  681. ('known_hosts')
  682. host=${userID#ssh://}
  683. remove_line "$keyFile" "${host}.*${sshKey}" || noKey=true
  684. ;;
  685. esac
  686. fi
  687. # if key OK, add new host line
  688. if [ "$ok" -eq '0' ] ; then
  689. case "$FILE_TYPE" in
  690. ('raw')
  691. echo "$sshKey" | log debug
  692. if [[ "$keyFile" == '-' ]] ; then
  693. echo "$sshKey"
  694. else
  695. echo "$sshKey" >>"$keyFile"
  696. fi
  697. ;;
  698. ('authorized_keys')
  699. ssh2authorized_keys "$userID" "$sshKey" | log debug
  700. if [[ "$keyFile" == '-' ]] ; then
  701. ssh2authorized_keys "$userID" "$sshKey"
  702. else
  703. ssh2authorized_keys "$userID" "$sshKey" >> "$keyFile"
  704. fi
  705. ;;
  706. ('known_hosts')
  707. host=${userID#ssh://}
  708. ssh2known_hosts "$host" "$sshKey" | log debug
  709. # hash if specified
  710. if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
  711. if (type ssh-keygen >/dev/null) ; then
  712. # FIXME: this is really hackish cause
  713. # ssh-keygen won't hash from stdin to
  714. # stdout
  715. tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
  716. ssh2known_hosts "$host" "$sshKey" \
  717. > "$tmpfile"
  718. ssh-keygen -H -f "$tmpfile" 2>/dev/null
  719. if [[ "$keyFile" == '-' ]] ; then
  720. cat "$tmpfile"
  721. else
  722. cat "$tmpfile" >> "$keyFile"
  723. fi
  724. rm -f "$tmpfile" "${tmpfile}.old"
  725. # FIXME: we could do this without needing
  726. # ssh-keygen. hashed known_hosts looks
  727. # like: |1|X|Y where 1 means SHA1 (nothing
  728. # else is defined in openssh sources), X
  729. # is the salt (same length as the digest
  730. # output), base64-encoded, and Y is the
  731. # digested hostname (also base64-encoded).
  732. # see hostfile.{c,h} in openssh sources.
  733. else
  734. failure "Cannot hash known_hosts as requested"
  735. fi
  736. # log if this is a new key to the known_hosts file
  737. if [ "$noKey" ] ; then
  738. log info "* new key will be added to known_hosts file."
  739. fi
  740. else
  741. if [[ "$keyFile" == '-' ]] ; then
  742. ssh2known_hosts "$host" "$sshKey"
  743. else
  744. ssh2known_hosts "$host" "$sshKey" >>"$keyFile"
  745. fi
  746. fi
  747. ;;
  748. esac
  749. fi
  750. done
  751. }
  752. # process an authorized_user_ids file on stdin for authorized_keys
  753. process_authorized_user_ids() {
  754. local authorizedKeys="$1"
  755. declare -i nline=0
  756. local line
  757. declare -a userIDs
  758. declare -a koptions
  759. # extract user IDs from authorized_user_ids file
  760. IFS=$'\n'
  761. while read line ; do
  762. case "$line" in
  763. ("#"*)
  764. continue
  765. ;;
  766. (" "*|$'\t'*)
  767. if [[ -z ${koptions[${nline}]} ]]; then
  768. koptions[${nline}]=$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')
  769. else
  770. koptions[${nline}]="${koptions[${nline}]},$(echo $line | sed 's/^[ ]*//;s/[ ]$//;')"
  771. fi
  772. ;;
  773. (*)
  774. ((nline++))
  775. userIDs[${nline}]="$line"
  776. unset koptions[${nline}] || true
  777. ;;
  778. esac
  779. done
  780. for i in $(seq 1 $nline); do
  781. AUTHORIZED_KEYS_OPTIONS="${koptions[$i]}" FILE_TYPE='authorized_keys' process_keys_for_file "$authorizedKeys" "${userIDs[$i]}" || returnCode="$?"
  782. done
  783. }
  784. # takes a gpg key or keys on stdin, and outputs a list of
  785. # fingerprints, one per line:
  786. list_primary_fingerprints() {
  787. local fake=$(msmktempdir)
  788. trap "rm -rf $fake" EXIT
  789. GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
  790. GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
  791. awk -F: '/^fpr:/{ print $10 }'
  792. trap - EXIT
  793. rm -rf "$fake"
  794. }
  795. # takes an OpenPGP key or set of keys on stdin, a fingerprint or other
  796. # key identifier as $1, and outputs the gpg-formatted information for
  797. # the requested keys from the material on stdin
  798. get_cert_info() {
  799. local fake=$(msmktempdir)
  800. trap "rm -rf $fake" EXIT
  801. GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null
  802. GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1"
  803. trap - EXIT
  804. rm -rf "$fake"
  805. }
  806. check_cruft_file() {
  807. local loc="$1"
  808. local version="$2"
  809. if [ -e "$loc" ] ; then
  810. printf "! The file '%s' is no longer used by\n monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info
  811. fi
  812. }
  813. check_upgrade_dir() {
  814. local loc="$1"
  815. local version="$2"
  816. if [ -d "$loc" ] ; then
  817. printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info
  818. fi
  819. }
  820. ## look for cruft from old versions of the monkeysphere, and notice if
  821. ## upgrades have not been run:
  822. report_cruft() {
  823. check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23
  824. check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23
  825. check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23
  826. check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23
  827. local found=
  828. for foo in "${SYSDATADIR}/backup-from-"*"-transition" ; do
  829. if [ -d "$foo" ] ; then
  830. printf "! %s\n" "$foo" | log info
  831. found=true
  832. fi
  833. done
  834. if [ "$found" ] ; then
  835. printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info
  836. fi
  837. }