projects
/
monkeysphere.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
redirect sample refresh keys cron tab to /dev/null.
[monkeysphere.git]
/
src
/
monkeysphere-server
diff --git
a/src/monkeysphere-server
b/src/monkeysphere-server
index 4d7acc6cb50276bb7a46ae589d3c6995ed540252..ce800593da8fec3cf82722393dc9ca7d05a31d3d 100755
(executable)
--- a/
src/monkeysphere-server
+++ b/
src/monkeysphere-server
@@
-143,13
+143,15
@@
update_users() {
log "----- user: $uname -----"
log "----- user: $uname -----"
+ # exit if the authorized_user_ids file is empty
if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then
if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then
- log "Improper permissions on authorized_user_ids file."
+ log "Improper permissions on authorized_user_ids file
path
."
continue
fi
continue
fi
+ # check permissions on the authorized_keys file path
if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then
if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then
- log "Improper permissions on authorized_keys file."
+ log "Improper permissions on authorized_keys file
path path
."
continue
fi
continue
fi
@@
-206,8
+208,7
@@
update_users() {
chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
chmod g+r "$AUTHORIZED_KEYS"
chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
chmod g+r "$AUTHORIZED_KEYS"
- # if the resulting authorized_keys file is not empty, move
- # it into place
+ # move the resulting authorized_keys file into place
mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
# destroy temporary directory
mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
# destroy temporary directory
@@
-342,6
+343,10
@@
EOF
fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \
grep '^fpr:' | head -1 | cut -d: -f10)
fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \
grep '^fpr:' | head -1 | cut -d: -f10)
+ # export host ownertrust to authentication keyring
+ log "setting ultimate owner trust for server key..."
+ echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
+
# translate the private key to ssh format, and export to a file
# for sshs usage.
# NOTE: assumes that the primary key is the proper key to use
# translate the private key to ssh format, and export to a file
# for sshs usage.
# NOTE: assumes that the primary key is the proper key to use
@@
-429,9
+434,6
@@
add_certifier() {
fi
export keyID
fi
export keyID
- # export host ownertrust to authentication keyring
- gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust"
-
# get the key from the key server
gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'"
# get the key from the key server
gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'"
@@
-470,7
+472,7
@@
$domain
y
save
EOF
y
save
EOF
-)
+
)
# ltsign the key
echo "$ltsignCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
# ltsign the key
echo "$ltsignCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"