summaryrefslogtreecommitdiff
path: root/tests
ModeNameSize
-rwxr-xr-xbasic7892logplain
d---------etc69logplain
d---------home67logplain
generated by cgit v1.2.3 (git 2.51.0) at 2026-02-02 05:57:28 +0000
hl">
  • VARLIB="/var/lib/monkeysphere"
  • export VARLIB
  • # date in UTF format if needed
  • DATE=$(date -u '+%FT%T')
  • # unset some environment variables that could screw things up
  • unset GREP_OPTIONS
  • # default return code
  • RETURN=0
  • ########################################################################
  • # FUNCTIONS
  • ########################################################################
  • usage() {
  • cat <<EOF
  • usage: $PGRM <subcommand> [options] [args]
  • MonkeySphere server admin tool.
  • subcommands:
  • update-users (u) [USER]... update user authorized_keys files
  • gen-key (g) [NAME[:PORT]] generate gpg key for the server
  • --length (-l) BITS key length in bits (2048)
  • --expire (-e) EXPIRE date to expire
  • --revoker (-r) FINGERPRINT add a revoker
  • add-hostname (n+) NAME[:PORT] add hostname user ID to server key
  • revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
  • show-key (s) output all server host key information
  • fingerprint (f) output just the key fingerprint
  • publish-key (p) publish server host key to keyserver
  • diagnostics (d) report on server monkeysphere status
  • add-id-certifier (c+) KEYID import and tsign a certification key
  • --domain (-n) DOMAIN limit ID certifications to DOMAIN
  • --trust (-t) TRUST trust level of certifier (full)
  • --depth (-d) DEPTH trust depth for certifier (1)
  • remove-id-certifier (c-) KEYID remove a certification key
  • list-id-certifiers (c) list certification keys
  • gpg-authentication-cmd CMD gnupg-authentication command
  • help (h,?) this help
  • EOF
  • }
  • su_monkeysphere_user() {
  • su --preserve-environment "$MONKEYSPHERE_USER" -- -c "$@"
  • }
  • # function to interact with the host gnupg keyring
  • gpg_host() {
  • local returnCode
  • GNUPGHOME="$GNUPGHOME_HOST"
  • export GNUPGHOME
  • # NOTE: we supress this warning because we need the monkeysphere
  • # user to be able to read the host pubring. we realize this might
  • # be problematic, but it's the simplest solution, without too much
  • # loss of security.
  • gpg --no-permission-warning "$@"
  • returnCode="$?"
  • # always reset the permissions on the host pubring so that the
  • # monkeysphere user can read the trust signatures
  • chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
  • chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
  • return "$returnCode"
  • }
  • # function to interact with the authentication gnupg keyring
  • # FIXME: this function requires basically accepts only a single
  • # argument because of problems with quote expansion. this needs to be
  • # fixed/improved.
  • gpg_authentication() {
  • GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
  • export GNUPGHOME
  • su_monkeysphere_user "gpg $@"
  • }
  • # output just key fingerprint
  • fingerprint_server_key() {
  • gpg_host --list-secret-keys --fingerprint \
  • --with-colons --fixed-list-mode 2> /dev/null | \
  • grep '^fpr:' | head -1 | cut -d: -f10
  • }
  • # output key information
  • show_server_key() {
  • local fingerprint
  • fingerprint=$(fingerprint_server_key)
  • gpg_host --fingerprint --list-secret-key "$fingerprint"
  • }
  • # update authorized_keys for users
  • update_users() {
  • if [ "$1" ] ; then
  • # get users from command line
  • unames="$@"
  • else
  • # or just look at all users if none specified
  • unames=$(getent passwd | cut -d: -f1)
  • fi
  • # set mode
  • MODE="authorized_keys"
  • # set gnupg home
  • GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
  • # check to see if the gpg trust database has been initialized
  • if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then
  • failure "GNUPG trust database uninitialized. Please see MONKEYSPHERE-SERVER(8)."
  • fi
  • # make sure the authorized_keys directory exists
  • mkdir -p "${VARLIB}/authorized_keys"
  • # loop over users
  • for uname in $unames ; do
  • # check all specified users exist
  • if ! getent passwd "$uname" >/dev/null ; then
  • log "----- unknown user '$uname' -----"
  • continue
  • fi
  • # set authorized_user_ids and raw authorized_keys variables,
  • # translating ssh-style path variables
  • authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
  • rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
  • # if neither is found, skip user
  • if [ ! -s "$authorizedUserIDs" ] ; then
  • if [ "$rawAuthorizedKeys" = '-' -o ! -s "$rawAuthorizedKeys" ] ; then
  • continue
  • fi
  • fi
  • log "----- user: $uname -----"
  • # exit if the authorized_user_ids file is empty
  • if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then
  • log "Improper permissions on authorized_user_ids file path."
  • continue
  • fi
  • # check permissions on the authorized_keys file path
  • if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then
  • log "Improper permissions on authorized_keys file path path."
  • continue
  • fi
  • # make temporary directory
  • TMPDIR=$(mktemp -d)
  • # trap to delete temporary directory on exit
  • trap "rm -rf $TMPDIR" EXIT
  • # create temporary authorized_user_ids file
  • TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids"
  • touch "$TMP_AUTHORIZED_USER_IDS"
  • # create temporary authorized_keys file
  • AUTHORIZED_KEYS="${TMPDIR}/authorized_keys"
  • touch "$AUTHORIZED_KEYS"
  • # set restrictive permissions on the temporary files
  • # FIXME: is there a better way to do this?
  • chmod 0700 "$TMPDIR"
  • chmod 0600 "$AUTHORIZED_KEYS"
  • chmod 0600 "$TMP_AUTHORIZED_USER_IDS"
  • chown -R "$MONKEYSPHERE_USER" "$TMPDIR"
  • # if the authorized_user_ids file exists...
  • if [ -s "$authorizedUserIDs" ] ; then
  • # copy user authorized_user_ids file to temporary
  • # location
  • cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS"
  • # export needed variables
  • export AUTHORIZED_KEYS
  • export TMP_AUTHORIZED_USER_IDS
  • # process authorized_user_ids file, as monkeysphere
  • # user
  • su_monkeysphere_user \
  • ". ${SHARE}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
  • RETURN="$?"
  • fi
  • # add user-controlled authorized_keys file path if specified
  • if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then
  • log -n "adding raw authorized_keys file... "
  • cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS"
  • loge "done."
  • fi
  • # openssh appears to check the contents of the
  • # authorized_keys file as the user in question, so the
  • # file must be readable by that user at least.
  • # FIXME: is there a better way to do this?
  • chown root "$AUTHORIZED_KEYS"
  • chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
  • chmod g+r "$AUTHORIZED_KEYS"
  • # move the resulting authorized_keys file into place
  • mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
  • # destroy temporary directory
  • rm -rf "$TMPDIR"
  • done
  • }
  • # generate server gpg key
  • gen_key() {
  • local keyType
  • local keyLength
  • local keyUsage
  • local keyExpire
  • local revoker
  • local hostName
  • local userID
  • local keyParameters
  • local fingerprint
  • # set default key parameter values
  • keyType="RSA"
  • keyLength="2048"
  • keyUsage="auth"
  • keyExpire=
  • revoker=
  • # get options
  • TEMP=$(getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@")
  • if [ $? != 0 ] ; then
  • exit 1
  • fi
  • # Note the quotes around `$TEMP': they are essential!
  • eval set -- "$TEMP"
  • while true ; do
  • case "$1" in
  • -l|--length)
  • keyLength="$2"
  • shift 2
  • ;;
  • -e|--expire)
  • keyExpire="$2"
  • shift 2
  • ;;
  • -r|--revoker)
  • revoker="$2"
  • shift 2
  • ;;
  • --)
  • shift
  • ;;
  • *)
  • break
  • ;;
  • esac
  • done
  • hostName=${1:-$(hostname --fqdn)}
  • userID="ssh://${hostName}"
  • # check for presense of key with user ID
  • if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
  • failure "Key for '$userID' already exists"
  • fi
  • # prompt about key expiration if not specified
  • if [ -z "$keyExpire" ] ; then
  • cat <<EOF
  • Please specify how long the key should be valid.
  • 0 = key does not expire
  • <n> = key expires in n days
  • <n>w = key expires in n weeks
  • <n>m = key expires in n months
  • <n>y = key expires in n years
  • EOF
  • while [ -z "$keyExpire" ] ; do
  • read -p "Key is valid for? (0) " keyExpire
  • if ! test_gpg_expire ${keyExpire:=0} ; then
  • echo "invalid value"
  • unset keyExpire
  • fi
  • done
  • elif ! test_gpg_expire "$keyExpire" ; then
  • failure "invalid key expiration value '$keyExpire'."
  • fi
  • # set key parameters
  • keyParameters=$(cat <<EOF
  • Key-Type: $keyType
  • Key-Length: $keyLength
  • Key-Usage: $keyUsage
  • Name-Real: $userID
  • Expire-Date: $keyExpire
  • EOF
  • )
  • # add the revoker field if specified
  • # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
  • # FIXME: key is marked "sensitive"? is this appropriate?
  • if [ "$revoker" ] ; then
  • keyParameters="${keyParameters}"$(cat <<EOF
  • Revoker: 1:$revoker sensitive
  • EOF
  • )
  • fi
  • echo "The following key parameters will be used for the host private key:"
  • echo "$keyParameters"
  • read -p "Generate key? (Y/n) " OK; OK=${OK:=Y}
  • if [ ${OK/y/Y} != 'Y' ] ; then
  • failure "aborting."
  • fi
  • # add commit command
  • keyParameters="${keyParameters}"$(cat <<EOF
  • %commit
  • %echo done
  • EOF
  • )
  • log "generating server key..."
  • echo "$keyParameters" | gpg_host --batch --gen-key
  • # output the server fingerprint