3 # rhesus: monkeysphere authorized_keys update script
6 # Jameson Rollins <jrollins@fifthhorseman.net>
8 # Copyright 2008, released under the GPL, version 3 or later
10 ##################################################
12 #. /etc/monkeysphere/monkeysphere.conf
13 . ~/ms/monkeysphere.conf
15 #AUTH_KEYS_DIR_BASE=/var/lib/monkeysphere/authorized_keys/
16 AUTH_KEYS_DIR_BASE=~/ms/authorized_keys
19 ##################################################
35 grep -v -e "^[[:space:]]*#" -e '^$' "$1"
39 head --line="$1" | tail -1
49 # user name of user to update
51 if ! id "$USERNAME" > /dev/null ; then
52 failure "User '$USERNAME' does not exist."
55 AUTH_USER_IDS="$AUTH_USER_IDS_DIR"/"$USERNAME"
56 if [ ! -e "$AUTH_USER_IDS" ] ; then
57 failure "No auth_user_ids file for user '$USERNAME'."
60 AUTH_KEYS_DIR="$AUTH_KEYS_DIR_BASE"/"$USERNAME"/keys
61 AUTH_KEYS_FILE="$AUTH_KEYS_DIR_BASE"/authorized_keys
63 # make sure the gnupg home exists with proper permissions
65 chmod 0700 "$GNUPGHOME"
67 # find number of user ids in auth_user_ids file
68 NLINES=$(meat "$AUTH_USER_IDS" | wc -l)
70 # clean out keys file and remake keys directory
71 rm -rf "$AUTH_KEYS_DIR"
72 mkdir -p "$AUTH_KEYS_DIR"
74 # loop through all user ids, and generate ssh keys
75 for (( N=1; N<=$NLINES; N=N+1 )) ; do
77 USERID=$(meat "$AUTH_USER_IDS" | cutline "$N" )
78 USERID_HASH=$(echo "$USERID" | sha1sum | awk '{ print $1 }')
80 KEYFILE="$AUTH_KEYS_DIR"/"$USERID_HASH"
82 # search for key on keyserver
83 echo -n "ms: finding key for '$USERID'..."
84 RETURN=$(echo 1 | gpg --quiet --batch --command-fd 0 --with-colons --keyserver "$KEYSERVER" --search ="$USERID" 2> /dev/null)
86 # if the key was found...
87 if [ "$RETURN" ] ; then
90 # checking key attributes
91 # see /usr/share/doc/gnupg/DETAILS.gz:
93 PUB_INFO=$(gpg --fixed-list-mode --with-colons --list-keys --with-fingerprint ="$USERID" | grep '^pub:')
97 # # if not an authorization key exit
98 # if echo "$PUB_INFO" | cut -d: -f12 | grep -v -q '[aA]' ; then
99 # echo "not an authorization key --> SKIPPING"
103 # if key is not fully trusted exit
104 # (this includes not revoked or expired)
106 TRUST=$(echo "$PUB_INFO" | cut -d: -f2)
115 echo -n "unacceptable trust" ;;
117 echo -n "fully trusted"
118 # convert pgp key to ssh key, and write to cache file
119 echo " -> generating ssh key..."
120 gpgkey2ssh "$KEYID" | sed -e "s/COMMENT/$USERID/" > "$KEYFILE"
124 echo -n "unknown trust" ;;
130 if [ $(ls "$AUTH_KEYS_DIR") ] ; then
131 echo "ms: writing ms authorized_keys file..."
132 cat "$AUTH_KEYS_DIR"/* > "$AUTH_KEYS_FILE"
134 echo "ms: no gpg keys to add to authorized_keys file."
136 if [ -s ~"$USERNAME"/.ssh/authorized_keys ] ; then
137 echo "ms: adding user authorized_keys..."
138 cat ~"$USERNAME"/.ssh/authorized_keys >> "$AUTH_KEYS_FILE"