3 ########################################################################
6 SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
10 GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf}
11 [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG"
13 # date in UTF format if needed
14 DATE=$(date -u '+%FT%T')
16 # unset some environment variables that could screw things up
19 ########################################################################
21 ########################################################################
25 usage: $PGRM <subcommand> [args]
26 Monkeysphere client tool.
29 update-known-hosts (k) [HOST]... update known_hosts file
30 update-authorized-keys (a) update authorized_keys file
31 update-userid (u) [USERID]... add/update userid to
38 ########################################################################
40 ########################################################################
43 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
46 # set ms home directory
47 MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere}
49 # load configuration file
50 MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
51 [ -e "$MS_CONF" ] && . "$MS_CONF"
53 # set empty config variable with defaults
54 AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids}
55 GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg}
56 KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
57 REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
58 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
59 USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts}
60 HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-}
65 hostKeysCacheDir="$MS_HOME"/host_keys
66 userKeysCacheDir="$MS_HOME"/user_keys
67 msAuthorizedKeys="$MS_HOME"/authorized_keys
69 # make sure gpg home exists with proper permissions
70 mkdir -p -m 0700 "$GNUPGHOME"
73 'update-known-hosts'|'k')
76 # touch the known_hosts file to make sure it exists
77 touch "$USER_KNOWN_HOSTS"
79 # if hosts are specified on the command line, process just
83 process_host "$host" "$hostKeysCacheDir"
86 # otherwise, if no hosts are specified, process the user
89 if [ ! -s "$USER_KNOWN_HOSTS" ] ; then
90 failure "known_hosts file '$USER_KNOWN_HOSTS' is empty."
92 log "processing known_hosts file..."
93 process_known_hosts "$USER_KNOWN_HOSTS" "$hostKeysCacheDir"
97 'update-authorized-keys'|'a')
98 MODE='authorized_keys'
100 log "processing authorized_user_ids file..."
102 # make sure authorized_user_ids file exists
103 if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
104 log "authorized_user_ids file is empty or does not exist."
108 process_authorized_ids "$AUTHORIZED_USER_IDS" "$userKeysCacheDir"
110 # write output key file
111 log "writing monkeysphere authorized_keys file... "
112 touch "$msAuthorizedKeys"
113 if [ "$(ls "$userKeysCacheDir")" ] ; then
114 log -n "adding gpg keys... "
115 cat "$userKeysCacheDir"/* > "$msAuthorizedKeys"
118 log "no gpg keys to add."
120 if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" ] ; then
121 userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"}
122 if [ -s "$userAuthorizedKeys" ] ; then
123 log -n "adding user authorized_keys file... "
124 cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
128 log "monkeysphere authorized_keys file generated:"
129 log "$msAuthorizedKeys"
133 if [ -z "$1" ] ; then
134 failure "you must specify at least one userid."
137 if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
138 log "userid '$userID' not in authorized_user_ids file."
141 log "processing user id: '$userID'"
142 process_user_id "$userID" "$userKeysCacheDir" > /dev/null
151 failure "Unknown command: '$COMMAND'
152 Type 'cereal-admin help' for usage."