summaryrefslogtreecommitdiff
path: root/src/share/common
blob: 97f001a1075786066911f7e11b23ac00688f6ee6 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Shared sh functions for the monkeysphere
  4. #
  5. # Written by
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # Copyright 2008-2009, released under the GPL, version 3 or later
  11. # all-caps variables are meant to be user supplied (ie. from config
  12. # file) and are considered global
  13. ########################################################################
  14. ### UTILITY FUNCTIONS
  15. # output version info
  16. version() {
  17. cat "${SYSSHAREDIR}/VERSION"
  18. }
  19. # failure function. exits with code 255, unless specified otherwise.
  20. failure() {
  21. [ "$1" ] && echo "$1" >&2
  22. exit ${2:-'255'}
  23. }
  24. # write output to stderr based on specified LOG_LEVEL the first
  25. # parameter is the priority of the output, and everything else is what
  26. # is echoed to stderr. If there is nothing else, then output comes
  27. # from stdin, and is not prefaced by log prefix.
  28. log() {
  29. local priority
  30. local level
  31. local output
  32. local alllevels
  33. local found=
  34. # don't include SILENT in alllevels: it's handled separately
  35. # list in decreasing verbosity (all caps).
  36. # separate with $IFS explicitly, since we do some fancy footwork
  37. # elsewhere.
  38. alllevels="DEBUG${IFS}VERBOSE${IFS}INFO${IFS}ERROR"
  39. # translate lowers to uppers in global log level
  40. LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]")
  41. # just go ahead and return if the log level is silent
  42. if [ "$LOG_LEVEL" = 'SILENT' ] ; then
  43. return
  44. fi
  45. for level in $alllevels ; do
  46. if [ "$LOG_LEVEL" = "$level" ] ; then
  47. found=true
  48. fi
  49. done
  50. if [ -z "$found" ] ; then
  51. # default to INFO:
  52. LOG_LEVEL=INFO
  53. fi
  54. # get priority from first parameter, translating all lower to
  55. # uppers
  56. priority=$(echo "$1" | tr "[:lower:]" "[:upper:]")
  57. shift
  58. # scan over available levels
  59. for level in $alllevels ; do
  60. # output if the log level matches, set output to true
  61. # this will output for all subsequent loops as well.
  62. if [ "$LOG_LEVEL" = "$level" ] ; then
  63. output=true
  64. fi
  65. if [ "$priority" = "$level" -a "$output" = 'true' ] ; then
  66. if [ "$1" ] ; then
  67. echo "$@"
  68. else
  69. cat
  70. fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
  71. fi
  72. done
  73. }
  74. # run command as monkeysphere user
  75. su_monkeysphere_user() {
  76. # our main goal here is to run the given command as the the
  77. # monkeysphere user, but without prompting for any sort of
  78. # authentication. If this is not possible, we should just fail.
  79. # FIXME: our current implementation is overly restrictive, because
  80. # there may be some su PAM configurations that would allow su
  81. # "$MONKEYSPHERE_USER" -c "$@" to Just Work without prompting,
  82. # allowing specific users to invoke commands which make use of
  83. # this user.
  84. # chpst (from runit) would be nice to use, but we don't want to
  85. # introduce an extra dependency just for this. This may be a
  86. # candidate for re-factoring if we switch implementation languages.
  87. case $(id -un) in
  88. # if monkeysphere user, run the command under bash
  89. "$MONKEYSPHERE_USER")
  90. bash -c "$@"
  91. ;;
  92. # if root, su command as monkeysphere user
  93. 'root')
  94. su "$MONKEYSPHERE_USER" -c "$@"
  95. ;;
  96. # otherwise, fail
  97. *)
  98. log error "non-privileged user."
  99. ;;
  100. esac
  101. }
  102. # cut out all comments(#) and blank lines from standard input
  103. meat() {
  104. grep -v -e "^[[:space:]]*#" -e '^$' "$1"
  105. }
  106. # cut a specified line from standard input
  107. cutline() {
  108. head --line="$1" "$2" | tail -1
  109. }
  110. # make a temporary directory
  111. msmktempdir() {
  112. mktemp -d ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX
  113. }
  114. # make a temporary file
  115. msmktempfile() {
  116. mktemp ${TMPDIR:-/tmp}/monkeysphere.XXXXXXXXXX
  117. }
  118. # this is a wrapper for doing lock functions.
  119. #
  120. # it lets us depend on either lockfile-progs (preferred) or procmail's
  121. # lockfile, and should
  122. lock() {
  123. local use_lockfileprogs=true
  124. local action="$1"
  125. local file="$2"
  126. if ! ( type lockfile-create &>/dev/null ) ; then
  127. if ! ( type lockfile &>/dev/null ); then
  128. failure "Neither lockfile-create nor lockfile are in the path!"
  129. fi
  130. use_lockfileprogs=
  131. fi
  132. case "$action" in
  133. create)
  134. if [ -n "$use_lockfileprogs" ] ; then
  135. lockfile-create "$file" || failure "unable to lock '$file'"
  136. else
  137. lockfile -r 20 "${file}.lock" || failure "unable to lock '$file'"
  138. fi
  139. log debug "lock created on '$file'."
  140. ;;
  141. touch)
  142. if [ -n "$use_lockfileprogs" ] ; then
  143. lockfile-touch --oneshot "$file"
  144. else
  145. : Nothing to do here
  146. fi
  147. log debug "lock touched on '$file'."
  148. ;;
  149. remove)
  150. if [ -n "$use_lockfileprogs" ] ; then
  151. lockfile-remove "$file"
  152. else
  153. rm -f "${file}.lock"
  154. fi
  155. log debug "lock removed on '$file'."
  156. ;;
  157. *)
  158. failure "bad argument for lock subfunction '$action'"
  159. esac
  160. }
  161. # for portability, between gnu date and BSD date.
  162. # arguments should be: number longunits format
  163. # e.g. advance_date 20 seconds +%F
  164. advance_date() {
  165. local gnutry
  166. local number="$1"
  167. local longunits="$2"
  168. local format="$3"
  169. local shortunits
  170. # try things the GNU way first
  171. if date -d "$number $longunits" "$format" &>/dev/null; then
  172. date -d "$number $longunits" "$format"
  173. else
  174. # otherwise, convert to (a limited version of) BSD date syntax:
  175. case "$longunits" in
  176. years)
  177. shortunits=y
  178. ;;
  179. months)
  180. shortunits=m
  181. ;;
  182. weeks)
  183. shortunits=w
  184. ;;
  185. days)
  186. shortunits=d
  187. ;;
  188. hours)
  189. shortunits=H
  190. ;;
  191. minutes)
  192. shortunits=M
  193. ;;
  194. seconds)
  195. shortunits=S
  196. ;;
  197. *)
  198. # this is a longshot, and will likely fail; oh well.
  199. shortunits="$longunits"
  200. esac
  201. date "-v+${number}${shortunits}" "$format"
  202. fi
  203. }
  204. # check that characters are in a string (in an AND fashion).
  205. # used for checking key capability
  206. # check_capability capability a [b...]
  207. check_capability() {
  208. local usage
  209. local capcheck
  210. usage="$1"
  211. shift 1
  212. for capcheck ; do
  213. if echo "$usage" | grep -q -v "$capcheck" ; then
  214. return 1
  215. fi
  216. done
  217. return 0
  218. }
  219. # hash of a file
  220. file_hash() {
  221. if type md5sum &>/dev/null ; then
  222. md5sum "$1"
  223. elif type md5 &>/dev/null ; then
  224. md5 "$1"
  225. else
  226. failure "Neither md5sum nor md5 are in the path!"
  227. fi
  228. }
  229. # convert escaped characters in pipeline from gpg output back into
  230. # original character
  231. # FIXME: undo all escape character translation in with-colons gpg
  232. # output
  233. gpg_unescape() {
  234. sed 's/\\x3a/:/g'
  235. }
  236. # convert nasty chars into gpg-friendly form in pipeline
  237. # FIXME: escape everything, not just colons!
  238. gpg_escape() {
  239. sed 's/:/\\x3a/g'
  240. }
  241. # prompt for GPG-formatted expiration, and emit result on stdout
  242. get_gpg_expiration() {
  243. local keyExpire
  244. keyExpire="$1"
  245. if [ -z "$keyExpire" -a "$PROMPT" != 'false' ]; then
  246. cat >&2 <<EOF
  247. Please specify how long the key should be valid.
  248. 0 = key does not expire
  249. <n> = key expires in n days
  250. <n>w = key expires in n weeks
  251. <n>m = key expires in n months
  252. <n>y = key expires in n years
  253. EOF
  254. while [ -z "$keyExpire" ] ; do
  255. printf "Key is valid for? (0) " >&2
  256. read keyExpire
  257. if ! test_gpg_expire ${keyExpire:=0} ; then
  258. echo "invalid value" >&2
  259. unset keyExpire
  260. fi
  261. done
  262. elif ! test_gpg_expire "$keyExpire" ; then
  263. failure "invalid key expiration value '$keyExpire'."
  264. fi
  265. echo "$keyExpire"
  266. }
  267. passphrase_prompt() {
  268. local prompt="$1"
  269. local fifo="$2"
  270. local PASS
  271. if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null 2>/dev/null; then
  272. printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info
  273. printf '(with prompt "%s")\n' "$prompt" | log debug
  274. "${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo"
  275. else
  276. read -s -p "$prompt" PASS
  277. # Uses the builtin echo, so should not put the passphrase into
  278. # the process table. I think. --dkg
  279. echo "$PASS" > "$fifo"
  280. fi
  281. }
  282. # remove all lines with specified string from specified file
  283. remove_line() {
  284. local file
  285. local string
  286. local tempfile
  287. file="$1"
  288. string="$2"
  289. if [ -z "$file" -o -z "$string" ] ; then
  290. return 1
  291. fi
  292. if [ ! -e "$file" ] ; then
  293. return 1
  294. fi
  295. # if the string is in the file...
  296. if grep -q -F "$string" "$file" 2>/dev/null ; then
  297. tempfile=$(mktemp "${file}.XXXXXXX") || \
  298. failure "Unable to make temp file '${file}.XXXXXXX'"
  299. # remove the line with the string, and return 0
  300. grep -v -F "$string" "$file" >"$tempfile"
  301. cat "$tempfile" > "$file"
  302. rm "$tempfile"
  303. return 0
  304. # otherwise return 1
  305. else
  306. return 1
  307. fi
  308. }
  309. # remove all lines with MonkeySphere strings in file
  310. remove_monkeysphere_lines() {
  311. local file
  312. local tempfile
  313. file="$1"
  314. # return error if file does not exist
  315. if [ ! -e "$file" ] ; then
  316. return 1
  317. fi
  318. # just return ok if the file is empty, since there aren't any
  319. # lines to remove
  320. if [ ! -s "$file" ] ; then
  321. return 0
  322. fi
  323. tempfile=$(mktemp "${file}.XXXXXXX") || \
  324. failure "Could not make temporary file '${file}.XXXXXXX'."
  325. egrep -v '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' \
  326. "$file" >"$tempfile"
  327. cat "$tempfile" > "$file"
  328. rm "$tempfile"
  329. }
  330. # translate ssh-style path variables %h and %u
  331. translate_ssh_variables() {
  332. local uname
  333. local home
  334. uname="$1"
  335. path="$2"
  336. # get the user's home directory
  337. userHome=$(get_homedir "$uname")
  338. # translate '%u' to user name
  339. path=${path/\%u/"$uname"}
  340. # translate '%h' to user home directory
  341. path=${path/\%h/"$userHome"}
  342. echo "$path"
  343. }
  344. # test that a string to conforms to GPG's expiration format
  345. test_gpg_expire() {
  346. echo "$1" | egrep -q "^[0-9]+[mwy]?$"
  347. }
  348. # check that a file is properly owned, and that all it's parent
  349. # directories are not group/other writable
  350. check_key_file_permissions() {
  351. local uname
  352. local path
  353. uname="$1"
  354. path="$2"
  355. if [ "$STRICT_MODES" = 'false' ] ; then
  356. log debug "skipping path permission check for '$path' because STRICT_MODES is false..."
  357. return 0
  358. fi
  359. log debug "checking path permission '$path'..."
  360. "${SYSSHAREDIR}/checkperms" "$uname" "$path"
  361. }
  362. # return a list of all users on the system
  363. list_users() {
  364. if type getent &>/dev/null ; then
  365. # for linux and FreeBSD systems
  366. getent passwd | cut -d: -f1
  367. elif type dscl &>/dev/null ; then
  368. # for Darwin systems
  369. dscl localhost -list /Search/Users
  370. else
  371. failure "Neither getent or dscl is in the path! Could not determine list of users."
  372. fi
  373. }
  374. # return the path to the home directory of a user
  375. get_homedir() {
  376. local uname=${1:-`whoami`}
  377. eval "echo ~${uname}"
  378. }
  379. # return the primary group of a user
  380. get_primary_group() {
  381. local uname=${1:-`whoami`}
  382. groups "$uname" | sed 's/^..* : //' | awk '{ print $1 }'
  383. }
  384. ### CONVERSION UTILITIES
  385. # output the ssh key for a given key ID
  386. gpg2ssh() {
  387. local keyID
  388. keyID="$1"
  389. gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
  390. }
  391. # output known_hosts line from ssh key
  392. ssh2known_hosts() {
  393. local host
  394. local port
  395. local key
  396. # FIXME this does not properly deal with IPv6 hosts using the
  397. # standard port (because it's unclear whether their final
  398. # colon-delimited address section is a port number or an address
  399. # string)
  400. host=${1%:*}
  401. port=${1##*:}
  402. key="$2"
  403. # specify the host and port properly for new ssh known_hosts
  404. # format
  405. if [ "$port" != "$host" ] ; then
  406. host="[${host}]:${port}"
  407. fi
  408. printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
  409. }
  410. # output authorized_keys line from ssh key
  411. ssh2authorized_keys() {
  412. local userID
  413. local key
  414. userID="$1"
  415. key="$2"
  416. printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
  417. }
  418. # convert key from gpg to ssh known_hosts format
  419. gpg2known_hosts() {
  420. local host
  421. local keyID
  422. local key
  423. host="$1"
  424. keyID="$2"
  425. key=$(gpg2ssh "$keyID")
  426. # NOTE: it seems that ssh-keygen -R removes all comment fields from
  427. # all lines in the known_hosts file. why?
  428. # NOTE: just in case, the COMMENT can be matched with the
  429. # following regexp:
  430. # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
  431. printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
  432. }
  433. # convert key from gpg to ssh authorized_keys format
  434. gpg2authorized_keys() {
  435. local userID
  436. local keyID
  437. local key
  438. userID="$1"
  439. keyID="$2"
  440. key=$(gpg2ssh "$keyID")
  441. # NOTE: just in case, the COMMENT can be matched with the
  442. # following regexp:
  443. # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
  444. printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
  445. }
  446. ### GPG UTILITIES
  447. # script to determine if gpg version is equal to or greater than specified version
  448. is_gpg_version_greater_equal() {
  449. local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }')
  450. local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \
  451. | tr '.' ' ' | sort -g -k1 -k2 -k3 \
  452. | tail -1 | tr ' ' '.')
  453. [[ "$gpgVersion" == "$latest" ]]
  454. }
  455. # retrieve all keys with given user id from keyserver
  456. # FIXME: need to figure out how to retrieve all matching keys
  457. # (not just first N (5 in this case))
  458. gpg_fetch_userid() {
  459. local returnCode=0
  460. local userID
  461. if [ "$CHECK_KEYSERVER" != 'true' ] ; then
  462. return 0
  463. fi
  464. userID="$1"
  465. log verbose " checking keyserver $KEYSERVER... "
  466. echo 1,2,3,4,5 | \
  467. gpg --quiet --batch --with-colons \
  468. --command-fd 0 --keyserver "$KEYSERVER" \
  469. --search ="$userID" &>/dev/null
  470. returnCode="$?"
  471. return "$returnCode"
  472. }
  473. ########################################################################
  474. ### PROCESSING FUNCTIONS
  475. # userid and key policy checking
  476. # the following checks policy on the returned keys
  477. # - checks that full key has appropriate valididy (u|f)
  478. # - checks key has specified capability (REQUIRED_KEY_CAPABILITY)
  479. # - checks that requested user ID has appropriate validity
  480. # (see /usr/share/doc/gnupg/DETAILS.gz)
  481. # output is one line for every found key, in the following format:
  482. #
  483. # flag:sshKey
  484. #
  485. # "flag" is an acceptability flag, 0 = ok, 1 = bad
  486. # "sshKey" is the translated gpg key
  487. #
  488. # all log output must go to stderr, as stdout is used to pass the
  489. # flag:sshKey to the calling function.
  490. process_user_id() {
  491. local returnCode=0
  492. local userID
  493. local requiredCapability
  494. local requiredPubCapability
  495. local gpgOut
  496. local type
  497. local validity
  498. local keyid
  499. local uidfpr
  500. local usage
  501. local keyOK
  502. local uidOK
  503. local lastKey
  504. local lastKeyOK
  505. local fingerprint
  506. userID="$1"
  507. # set the required key capability based on the mode
  508. requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
  509. requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
  510. # fetch the user ID if necessary/requested
  511. gpg_fetch_userid "$userID"
  512. # output gpg info for (exact) userid and store
  513. gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
  514. --with-fingerprint --with-fingerprint \
  515. ="$userID" 2>/dev/null) || returnCode="$?"
  516. # if the gpg query return code is not 0, return 1
  517. if [ "$returnCode" -ne 0 ] ; then
  518. log verbose " no primary keys found."
  519. return 1
  520. fi
  521. # loop over all lines in the gpg output and process.
  522. echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
  523. while IFS=: read -r type validity keyid uidfpr usage ; do
  524. # process based on record type
  525. case $type in
  526. 'pub') # primary keys
  527. # new key, wipe the slate
  528. keyOK=
  529. uidOK=
  530. lastKey=pub
  531. lastKeyOK=
  532. fingerprint=
  533. log verbose " primary key found: $keyid"
  534. # if overall key is not valid, skip
  535. if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
  536. log debug " - unacceptable primary key validity ($validity)."
  537. continue
  538. fi
  539. # if overall key is disabled, skip
  540. if check_capability "$usage" 'D' ; then
  541. log debug " - key disabled."
  542. continue
  543. fi
  544. # if overall key capability is not ok, skip
  545. if ! check_capability "$usage" $requiredPubCapability ; then
  546. log debug " - unacceptable primary key capability ($usage)."
  547. continue
  548. fi
  549. # mark overall key as ok
  550. keyOK=true
  551. # mark primary key as ok if capability is ok
  552. if check_capability "$usage" $requiredCapability ; then
  553. lastKeyOK=true
  554. fi
  555. ;;
  556. 'uid') # user ids
  557. if [ "$lastKey" != pub ] ; then
  558. log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!"
  559. continue
  560. fi
  561. # if an acceptable user ID was already found, skip
  562. if [ "$uidOK" = 'true' ] ; then
  563. continue
  564. fi
  565. # if the user ID does matches...
  566. if [ "$(echo "$uidfpr" | gpg_unescape)" = "$userID" ] ; then
  567. # and the user ID validity is ok
  568. if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
  569. # mark user ID acceptable
  570. uidOK=true
  571. else
  572. log debug " - unacceptable user ID validity ($validity)."
  573. fi
  574. else
  575. continue
  576. fi
  577. # output a line for the primary key
  578. # 0 = ok, 1 = bad
  579. if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
  580. log verbose " * acceptable primary key."
  581. if [ -z "$sshKey" ] ; then
  582. log error " ! primary key could not be translated (not RSA?)."
  583. else
  584. echo "0:${sshKey}"
  585. fi
  586. else
  587. log debug " - unacceptable primary key."
  588. if [ -z "$sshKey" ] ; then
  589. log debug " ! primary key could not be translated (not RSA?)."
  590. else
  591. echo "1:${sshKey}"
  592. fi
  593. fi
  594. ;;
  595. 'sub') # sub keys
  596. # unset acceptability of last key
  597. lastKey=sub
  598. lastKeyOK=
  599. fingerprint=
  600. # don't bother with sub keys if the primary key is not valid
  601. if [ "$keyOK" != true ] ; then
  602. continue
  603. fi
  604. # don't bother with sub keys if no user ID is acceptable:
  605. if [ "$uidOK" != true ] ; then
  606. continue
  607. fi
  608. # if sub key validity is not ok, skip
  609. if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
  610. log debug " - unacceptable sub key validity ($validity)."
  611. continue
  612. fi
  613. # if sub key capability is not ok, skip
  614. if ! check_capability "$usage" $requiredCapability ; then
  615. log debug " - unacceptable sub key capability ($usage)."
  616. continue
  617. fi
  618. # mark sub key as ok
  619. lastKeyOK=true
  620. ;;
  621. 'fpr') # key fingerprint
  622. fingerprint="$uidfpr"
  623. sshKey=$(gpg2ssh "$fingerprint")
  624. # if the last key was the pub key, skip
  625. if [ "$lastKey" = pub ] ; then
  626. continue
  627. fi
  628. # output a line for the sub key
  629. # 0 = ok, 1 = bad
  630. if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
  631. log verbose " * acceptable sub key."
  632. if [ -z "$sshKey" ] ; then
  633. log error " ! sub key could not be translated (not RSA?)."
  634. else
  635. echo "0:${sshKey}"
  636. fi
  637. else
  638. log debug " - unacceptable sub key."
  639. if [ -z "$sshKey" ] ; then
  640. log debug " ! sub key could not be translated (not RSA?)."
  641. else
  642. echo "1:${sshKey}"
  643. fi
  644. fi
  645. ;;
  646. esac
  647. done | sort -t: -k1 -n -r
  648. # NOTE: this last sort is important so that the "good" keys (key
  649. # flag '0') come last. This is so that they take precedence when
  650. # being processed in the key files over "bad" keys (key flag '1')
  651. }
  652. # output all valid keys for specified user ID literal
  653. keys_for_userid() {
  654. local userID
  655. local noKey=
  656. local nKeys
  657. local nKeysOK
  658. local ok
  659. local sshKey
  660. local tmpfile
  661. userID="$1"
  662. log verbose "processing: $userID"
  663. nKeys=0
  664. nKeysOK=0
  665. IFS=$'\n'
  666. for line in $(process_user_id "${userID}") ; do
  667. # note that key was found
  668. nKeys=$((nKeys+1))
  669. ok=$(echo "$line" | cut -d: -f1)
  670. sshKey=$(echo "$line" | cut -d: -f2)
  671. if [ -z "$sshKey" ] ; then
  672. continue
  673. fi
  674. # if key OK, output key to stdout
  675. if [ "$ok" -eq '0' ] ; then
  676. # note that key was found ok
  677. nKeysOK=$((nKeysOK+1))
  678. printf '%s\n' "$sshKey"
  679. fi
  680. done
  681. # if at least one key was found...
  682. if [ "$nKeys" -gt 0 ] ; then
  683. # if ok keys were found, return 0
  684. if [ "$nKeysOK" -gt 0 ] ; then
  685. return 0
  686. # else return 2
  687. else
  688. return 2
  689. fi
  690. # if no keys were found, return 1
  691. else
  692. return 1
  693. fi
  694. }
  695. # process a single host in the known_host file
  696. process_host_known_hosts() {
  697. local host
  698. local userID
  699. local noKey=
  700. local nKeys
  701. local nKeysOK
  702. local ok
  703. local sshKey
  704. local tmpfile
  705. # set the key processing mode
  706. export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY"
  707. host="$1"
  708. userID="ssh://${host}"
  709. log verbose "processing: $host"
  710. nKeys=0
  711. nKeysOK=0
  712. IFS=$'\n'
  713. for line in $(process_user_id "${userID}") ; do
  714. # note that key was found
  715. nKeys=$((nKeys+1))
  716. ok=$(echo "$line" | cut -d: -f1)
  717. sshKey=$(echo "$line" | cut -d: -f2)
  718. if [ -z "$sshKey" ] ; then
  719. continue
  720. fi
  721. # remove any old host key line, and note if removed nothing is
  722. # removed
  723. remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true
  724. # if key OK, add new host line
  725. if [ "$ok" -eq '0' ] ; then
  726. # note that key was found ok
  727. nKeysOK=$((nKeysOK+1))
  728. # hash if specified
  729. if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
  730. # FIXME: this is really hackish cause ssh-keygen won't
  731. # hash from stdin to stdout
  732. tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
  733. ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
  734. ssh-keygen -H -f "$tmpfile" 2>/dev/null
  735. cat "$tmpfile" >> "$KNOWN_HOSTS"
  736. rm -f "$tmpfile" "${tmpfile}.old"
  737. else
  738. ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
  739. fi
  740. # log if this is a new key to the known_hosts file
  741. if [ "$noKey" ] ; then
  742. log info "* new key for $host added to known_hosts file."
  743. fi
  744. fi
  745. done
  746. # if at least one key was found...
  747. if [ "$nKeys" -gt 0 ] ; then
  748. # if ok keys were found, return 0
  749. if [ "$nKeysOK" -gt 0 ] ; then
  750. return 0
  751. # else return 2
  752. else
  753. return 2
  754. fi
  755. # if no keys were found, return 1
  756. else
  757. return 1
  758. fi
  759. }
  760. # update the known_hosts file for a set of hosts listed on command
  761. # line
  762. update_known_hosts() {
  763. local returnCode=0
  764. local nHosts
  765. local nHostsOK
  766. local nHostsBAD
  767. local fileCheck
  768. local host
  769. local newUmask
  770. # the number of hosts specified on command line
  771. nHosts="$#"
  772. nHostsOK=0
  773. nHostsBAD=0
  774. # touch the known_hosts file so that the file permission check
  775. # below won't fail upon not finding the file
  776. if [ ! -f "$KNOWN_HOSTS" ]; then
  777. # make sure to create any files or directories with the appropriate write bits turned off:
  778. newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
  779. [ -d $(dirname "$KNOWN_HOSTS") ] \
  780. || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
  781. || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
  782. # make sure to create this file with the appropriate bits turned off:
  783. (umask "$newUmask" && touch "$KNOWN_HOSTS") \
  784. || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
  785. fi
  786. # check permissions on the known_hosts file path
  787. check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
  788. || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
  789. # create a lockfile on known_hosts:
  790. lock create "$KNOWN_HOSTS"
  791. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  792. trap "lock remove $KNOWN_HOSTS" EXIT
  793. # note pre update file checksum
  794. fileCheck=$(file_hash "$KNOWN_HOSTS")
  795. for host ; do
  796. # process the host
  797. process_host_known_hosts "$host" || returnCode="$?"
  798. # note the result
  799. case "$returnCode" in
  800. 0)
  801. nHostsOK=$((nHostsOK+1))
  802. ;;
  803. 2)
  804. nHostsBAD=$((nHostsBAD+1))
  805. ;;
  806. esac
  807. # touch the lockfile, for good measure.
  808. lock touch "$KNOWN_HOSTS"
  809. done
  810. # remove the lockfile and the trap
  811. lock remove "$KNOWN_HOSTS"
  812. trap - EXIT
  813. # note if the known_hosts file was updated
  814. if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then
  815. log debug "known_hosts file updated."
  816. fi
  817. # if an acceptable host was found, return 0
  818. if [ "$nHostsOK" -gt 0 ] ; then
  819. return 0
  820. # else if no ok hosts were found...
  821. else
  822. # if no bad host were found then no hosts were found at all,
  823. # and return 1
  824. if [ "$nHostsBAD" -eq 0 ] ; then
  825. return 1
  826. # else if at least one bad host was found, return 2
  827. else
  828. return 2
  829. fi
  830. fi
  831. }
  832. # process hosts from a known_hosts file
  833. process_known_hosts() {
  834. local hosts
  835. # exit if the known_hosts file does not exist
  836. if [ ! -e "$KNOWN_HOSTS" ] ; then
  837. failure "known_hosts file '$KNOWN_HOSTS' does not exist."
  838. fi
  839. log debug "processing known_hosts file:"
  840. log debug " $KNOWN_HOSTS"
  841. hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
  842. if [ -z "$hosts" ] ; then
  843. log debug "no hosts to process."
  844. return
  845. fi
  846. # take all the hosts from the known_hosts file (first
  847. # field), grep out all the hashed hosts (lines starting
  848. # with '|')...
  849. update_known_hosts $hosts
  850. }
  851. # process uids for the authorized_keys file
  852. process_uid_authorized_keys() {
  853. local userID
  854. local nKeys
  855. local nKeysOK
  856. local ok
  857. local sshKey
  858. # set the key processing mode
  859. export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY"
  860. userID="$1"
  861. log verbose "processing: $userID"
  862. nKeys=0
  863. nKeysOK=0
  864. IFS=$'\n'
  865. for line in $(process_user_id "$userID") ; do
  866. # note that key was found
  867. nKeys=$((nKeys+1))
  868. ok=$(echo "$line" | cut -d: -f1)
  869. sshKey=$(echo "$line" | cut -d: -f2)
  870. if [ -z "$sshKey" ] ; then
  871. continue
  872. fi
  873. # remove the old host key line
  874. remove_line "$AUTHORIZED_KEYS" "$sshKey"
  875. # if key OK, add new host line
  876. if [ "$ok" -eq '0' ] ; then
  877. # note that key was found ok
  878. nKeysOK=$((nKeysOK+1))
  879. ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
  880. fi
  881. done
  882. # if at least one key was found...
  883. if [ "$nKeys" -gt 0 ] ; then
  884. # if ok keys were found, return 0
  885. if [ "$nKeysOK" -gt 0 ] ; then
  886. return 0
  887. # else return 2
  888. else
  889. return 2
  890. fi
  891. # if no keys were found, return 1
  892. else
  893. return 1
  894. fi
  895. }
  896. # update the authorized_keys files from a list of user IDs on command
  897. # line
  898. update_authorized_keys() {
  899. local returnCode=0
  900. local userID
  901. local nIDs
  902. local nIDsOK
  903. local nIDsBAD
  904. local fileCheck
  905. # the number of ids specified on command line
  906. nIDs="$#"
  907. nIDsOK=0
  908. nIDsBAD=0
  909. log debug "updating authorized_keys file:"
  910. log debug " $AUTHORIZED_KEYS"
  911. # check permissions on the authorized_keys file path
  912. check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
  913. # create a lockfile on authorized_keys
  914. lock create "$AUTHORIZED_KEYS"
  915. # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
  916. trap "lock remove $AUTHORIZED_KEYS" EXIT
  917. # note pre update file checksum
  918. fileCheck="$(file_hash "$AUTHORIZED_KEYS")"
  919. # remove any monkeysphere lines from authorized_keys file
  920. remove_monkeysphere_lines "$AUTHORIZED_KEYS"
  921. for userID ; do
  922. # process the user ID, change return code if key not found for
  923. # user ID
  924. process_uid_authorized_keys "$userID" || returnCode="$?"
  925. # note the result
  926. case "$returnCode" in
  927. 0)
  928. nIDsOK=$((nIDsOK+1))
  929. ;;
  930. 2)
  931. nIDsBAD=$((nIDsBAD+1))
  932. ;;
  933. esac
  934. # touch the lockfile, for good measure.
  935. lock touch "$AUTHORIZED_KEYS"
  936. done
  937. # remove the lockfile and the trap
  938. lock remove "$AUTHORIZED_KEYS"
  939. # remove the trap
  940. trap - EXIT
  941. # note if the authorized_keys file was updated
  942. if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then
  943. log debug "authorized_keys file updated."
  944. fi
  945. # if an acceptable id was found, return 0
  946. if [ "$nIDsOK" -gt 0 ] ; then
  947. return 0
  948. # else if no ok ids were found...
  949. else
  950. # if no bad ids were found then no ids were found at all, and
  951. # return 1
  952. if [ "$nIDsBAD" -eq 0 ] ; then
  953. return 1
  954. # else if at least one bad id was found, return 2
  955. else
  956. return 2
  957. fi
  958. fi
  959. }
  960. # process an authorized_user_ids file for authorized_keys
  961. process_authorized_user_ids() {
  962. local line
  963. local nline
  964. local userIDs
  965. authorizedUserIDs="$1"
  966. # exit if the authorized_user_ids file is empty
  967. if [ ! -e "$authorizedUserIDs" ] ; then
  968. failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
  969. fi
  970. log debug "processing authorized_user_ids file:"
  971. log debug " $authorizedUserIDs"
  972. # check permissions on the authorized_user_ids file path
  973. check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure
  974. if ! meat "$authorizedUserIDs" >/dev/null ; then
  975. log debug " no user IDs to process."
  976. return
  977. fi
  978. nline=0
  979. # extract user IDs from authorized_user_ids file
  980. IFS=$'\n'
  981. for line in $(meat "$authorizedUserIDs") ; do
  982. userIDs["$nline"]="$line"
  983. nline=$((nline+1))
  984. done
  985. update_authorized_keys "${userIDs[@]}"
  986. }
  987. # takes a gpg key or keys on stdin, and outputs a list of
  988. # fingerprints, one per line:
  989. list_primary_fingerprints() {
  990. local fake=$(msmktempdir)
  991. trap "rm -rf $fake" EXIT
  992. GNUPGHOME="$fake" gpg --no-tty --quiet --import
  993. GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \
  994. awk -F: '/^fpr:/{ print $10 }'
  995. trap - EXIT
  996. rm -rf "$fake"
  997. }
  998. check_cruft_file() {
  999. local loc="$1"
  1000. local version="$2"
  1001. if [ -e "$loc" ] ; then
  1002. printf "! The file '%s' is no longer used by\n monkeysphere (as of version %s), and can be removed.\n\n" "$loc" "$version" | log info
  1003. fi
  1004. }
  1005. check_upgrade_dir() {
  1006. local loc="$1"
  1007. local version="$2"
  1008. if [ -d "$loc" ] ; then
  1009. printf "The presence of directory '%s' indicates that you have\nnot yet completed a monkeysphere upgrade.\nYou should probably run the following script:\n %s/transitions/%s\n\n" "$loc" "$SYSSHAREDIR" "$version" | log info
  1010. fi
  1011. }
  1012. ## look for cruft from old versions of the monkeysphere, and notice if
  1013. ## upgrades have not been run:
  1014. report_cruft() {
  1015. check_upgrade_dir "${SYSCONFIGDIR}/gnupg-host" 0.23
  1016. check_upgrade_dir "${SYSCONFIGDIR}/gnupg-authentication" 0.23
  1017. check_cruft_file "${SYSCONFIGDIR}/gnupg-authentication.conf" 0.23
  1018. check_cruft_file "${SYSCONFIGDIR}/gnupg-host.conf" 0.23
  1019. local found=
  1020. for foo in "${SYSDATADIR}/backup-from-"*"-transition" ; do
  1021. if [ -d "$foo" ] ; then
  1022. printf "! %s\n" "$foo" | log info
  1023. found=true
  1024. fi
  1025. done
  1026. if [ "$found" ] ; then
  1027. printf "The directories above are backups left over from a monkeysphere transition.\nThey may contain copies of sensitive data (host keys, certifier lists), but\nthey are no longer needed by monkeysphere.\nYou may remove them at any time.\n\n" | log info
  1028. fi
  1029. }