projects
/
monkeysphere.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge commit 'micah/master'
[monkeysphere.git]
/
src
/
monkeysphere-server
diff --git
a/src/monkeysphere-server
b/src/monkeysphere-server
index 6279c4561a324fc40dc7a358df409ef9bb06056c..560d249867d780183f9b070ed341c099bf948963 100755
(executable)
--- a/
src/monkeysphere-server
+++ b/
src/monkeysphere-server
@@
-106,7
+106,7
@@
EOF
log -n "generating server key... "
echo "$keyParameters" | gpg --batch --gen-key
log -n "generating server key... "
echo "$keyParameters" | gpg --batch --gen-key
-
echo
"done."
+
loge
"done."
}
########################################################################
}
########################################################################
@@
-127,20
+127,25
@@
MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
# set empty config variable with defaults
GNUPGHOME=${GNUPGHOME:-"${MS_HOME}/gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
# set empty config variable with defaults
GNUPGHOME=${GNUPGHOME:-"${MS_HOME}/gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
+CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
export GNUPGHOME
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
export GNUPGHOME
+# make sure the monkeysphere home directory exists
+mkdir -p "${MS_HOME}/authorized_user_ids"
# make sure gpg home exists with proper permissions
mkdir -p -m 0700 "$GNUPGHOME"
# make sure gpg home exists with proper permissions
mkdir -p -m 0700 "$GNUPGHOME"
+# make sure the authorized_keys directory exists
+mkdir -p "${CACHE}/authorized_keys"
case $COMMAND in
'update-users'|'update-user'|'s')
if [ "$1" ] ; then
unames="$@"
else
case $COMMAND in
'update-users'|'update-user'|'s')
if [ "$1" ] ; then
unames="$@"
else
- unames=$(ls -1 "$
MS_HOME"/authorized_user_ids
)
+ unames=$(ls -1 "$
{MS_HOME}/authorized_user_ids"
)
fi
for uname in $unames ; do
fi
for uname in $unames ; do
@@
-149,12
+154,14
@@
case $COMMAND in
log "----- user: $uname -----"
# set variables for the user
log "----- user: $uname -----"
# set variables for the user
- AUTHORIZED_USER_IDS="$
MS_HOME"/authorized_user_ids/"$uname
"
- msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
- cacheDir="$CACHE"/"$uname"/user_keys
+ AUTHORIZED_USER_IDS="$
{MS_HOME}/authorized_user_ids/${uname}
"
+ # temporary authorized_keys file
+ AUTHORIZED_KEYS="${CACHE}/authorized_keys/${uname}.tmp"
# make sure user's authorized_user_ids file exists
touch "$AUTHORIZED_USER_IDS"
# make sure user's authorized_user_ids file exists
touch "$AUTHORIZED_USER_IDS"
+ # make sure the authorized_keys file exists and is clear
+ > "$AUTHORIZED_KEYS"
# skip if the user's authorized_user_ids file is empty
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
# skip if the user's authorized_user_ids file is empty
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
@@
-162,14
+169,23
@@
case $COMMAND in
continue
fi
continue
fi
- # set user-controlled authorized_keys file path
- if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" ] ; then
+ # process authorized_user_ids file
+ log "processing authorized_user_ids file..."
+ process_authorized_user_ids
+
+ # add user-controlled authorized_keys file path if specified
+ if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" != '-' ] ; then
userHome=$(getent passwd "$uname" | cut -d: -f6)
userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"}
userHome=$(getent passwd "$uname" | cut -d: -f6)
userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"}
+ log -n "adding user's authorized_keys file... "
+ cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS"
+ loge "done."
fi
fi
- # update authorized_keys
- update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$cacheDir"
+ # move the temp authorized_keys file into place
+ mv -f "${CACHE}/authorized_keys/${uname}.tmp" "${CACHE}/authorized_keys/${uname}"
+
+ log "authorized_keys file updated."
done
log "----- done. -----"
done
log "----- done. -----"
@@
-206,14
+222,13
@@
case $COMMAND in
# set variables for the user
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
# set variables for the user
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
- cacheDir="$CACHE"/"$uname"/user_keys
# make sure user's authorized_user_ids file exists
touch "$AUTHORIZED_USER_IDS"
# process the user IDs
for userID ; do
# make sure user's authorized_user_ids file exists
touch "$AUTHORIZED_USER_IDS"
# process the user IDs
for userID ; do
- update_userid "$userID"
"$cacheDir"
+ update_userid "$userID"
done
log "Run the following to update user's authorized_keys file:"
done
log "Run the following to update user's authorized_keys file:"