src/monkeysphere

   1 #!/bin/sh
   2
   3 ########################################################################
   4 PGRM=$(basename $0)
   5
   6 SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
   7 export SHAREDIR
   8 . "${SHAREDIR}/common"
   9
  10 GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf}
  11 [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG"
  12
  13 # date in UTF format if needed
  14 DATE=$(date -u '+%FT%T')
  15
  16 # unset some environment variables that could screw things up
  17 GREP_OPTIONS=
  18
  19 ########################################################################
  20 # FUNCTIONS
  21 ########################################################################
  22
  23 usage() {
  24 cat <<EOF
  25 usage: $PGRM <subcommand> [args]
  26 Monkeysphere client tool.
  27
  28 subcommands:
  29   update-known-hosts (k) [HOST]...           update known_hosts file
  30   update-authorized-keys (a)                 update authorized_keys file
  31   update-userid (u) [USERID]...              add/update userid to
  32                                                authorized_user_ids
  33   help (h,?)                                 this help
  34
  35 EOF
  36 }
  37
  38 ########################################################################
  39 # MAIN
  40 ########################################################################
  41
  42 COMMAND="$1"
  43 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
  44 shift
  45
  46 # set ms home directory
  47 MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere}
  48
  49 # load configuration file
  50 MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
  51 [ -e "$MS_CONF" ] && . "$MS_CONF"
  52
  53 # set empty config variable with defaults
  54 AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids}
  55 GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg}
  56 KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
  57 REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
  58 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
  59 USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts}
  60 HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-}
  61
  62 export GNUPGHOME
  63
  64 # stagging locations
  65 hostKeysCacheDir="$MS_HOME"/host_keys
  66 userKeysCacheDir="$MS_HOME"/user_keys
  67 msAuthorizedKeys="$MS_HOME"/authorized_keys
  68
  69 # make sure gpg home exists with proper permissions
  70 mkdir -p -m 0700 "$GNUPGHOME"
  71
  72 case $COMMAND in
  73     'update-known-hosts'|'k')
  74         MODE='known_hosts'
  75
  76         # touch the known_hosts file to make sure it exists
  77         touch "$USER_KNOWN_HOSTS"
  78
  79         # if hosts are specified on the command line, process just
  80         # those hosts
  81         if [ "$1" ] ; then
  82             for host ; do
  83                 process_host "$host" "$hostKeysCacheDir"
  84             done
  85
  86         # otherwise, if no hosts are specified, process the user
  87         # known_hosts file
  88         else
  89             if [ ! -s "$USER_KNOWN_HOSTS" ] ; then
  90                 failure "known_hosts file '$USER_KNOWN_HOSTS' is empty."
  91             fi
  92             log "processing known_hosts file..."
  93             process_known_hosts "$USER_KNOWN_HOSTS" "$hostKeysCacheDir"
  94         fi
  95         ;;
  96
  97     'update-authorized-keys'|'a')
  98         MODE='authorized_keys'
  99
 100         log "processing authorized_user_ids file..."
 101
 102         # make sure authorized_user_ids file exists
 103         if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
 104             log "authorized_user_ids file is empty or does not exist."
 105             exit
 106         fi
 107
 108         process_authorized_ids "$AUTHORIZED_USER_IDS" "$userKeysCacheDir"
 109
 110         # write output key file
 111         log "writing monkeysphere authorized_keys file... "
 112         touch "$msAuthorizedKeys"
 113         if [ "$(ls "$userKeysCacheDir")" ] ; then
 114             log -n "adding gpg keys... "
 115             cat "$userKeysCacheDir"/* > "$msAuthorizedKeys"
 116             echo "done."
 117         else
 118         log "no gpg keys to add."
 119         fi
 120         if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" ] ; then
 121             userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"}
 122             if [ -s "$userAuthorizedKeys" ] ; then
 123                 log -n "adding user authorized_keys file... "
 124                 cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
 125                 echo "done."
 126             fi
 127         fi
 128         log "monkeysphere authorized_keys file generated:"
 129         log "$msAuthorizedKeys"
 130         ;;
 131
 132     'update-userid'|'u')
 133         if [ -z "$1" ] ; then
 134             failure "you must specify at least one userid."
 135         fi
 136         for userID ; do
 137             if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
 138                 log "userid '$userID' not in authorized_user_ids file."
 139                 continue
 140             fi
 141             log "processing user id: '$userID'"
 142             process_user_id "$userID" "$userKeysCacheDir" > /dev/null
 143         done
 144         ;;
 145
 146     'help'|'h'|'?')
 147         usage
 148         ;;
 149
 150     *)
 151         failure "Unknown command: '$COMMAND'
 152 Type 'cereal-admin help' for usage."
 153         ;;
 154 esac