export ETC
CACHE="/var/cache/monkeysphere"
export CACHE
+ERR=0
+export ERR
########################################################################
### UTILITY FUNCTIONS
+error() {
+ log "$1"
+ ERR=${2:-'1'}
+}
+
failure() {
echo "$1" >&2
exit ${2:-'1'}
# write output to stderr
log() {
- echo -n "ms: " 1>&2
- echo "$@" 1>&2
+ echo -n "ms: " >&2
+ echo "$@" >&2
}
loge() {
- echo "$@" 1>&2
+ echo "$@" >&2
}
# cut out all comments(#) and blank lines from standard input
}
# remove all lines with specified string from specified file
-remove_file_line() {
+remove_line() {
local file
local string
fi
}
+# translate ssh-style path variables %h and %u
+translate_ssh_variables() {
+ local uname
+ local home
+
+ uname="$1"
+ path="$2"
+
+ # get the user's home directory
+ userHome=$(getent passwd "$uname" | cut -d: -f6)
+
+ # translate ssh-style path variables
+ path=${path/\%u/"$uname"}
+ path=${path/\%h/"$userHome"}
+
+ echo "$path"
+}
+
### CONVERTION UTILITIES
# output the ssh key for a given key ID
key="$2"
echo -n "$key" | tr -d '\n'
- echo " MonkeySphere${DATE}: ${userID}"
+ echo " MonkeySphere${DATE} ${userID}"
}
# convert key from gpg to ssh known_hosts format
# following regexp:
# '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
gpg2ssh "$keyID" | tr -d '\n'
- echo " MonkeySphere${DATE}: ${userID}"
+ echo " MonkeySphere${DATE} ${userID}"
}
### GPG UTILITIES
done
}
-# update the cache for userid, and prompt to add file to
-# authorized_user_ids file if the userid is found in gpg
-# and not already in file.
-update_userid() {
- local userID
-
- userID="$1"
-
- log "processing userid: '$userID'"
-
- # process the user ID to pull it from keyserver
- process_user_id "$userID" | grep -q "^0 "
-
- # check if user ID is in the authorized_user_ids file
- if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
- read -p "user ID not currently authorized. authorize? [Y|n]: " OK; OK=${OK:=Y}
- if [ ${OK/y/Y} = 'Y' ] ; then
- # add if specified
- log -n " adding user ID to authorized_user_ids file... "
- echo "$userID" >> "$AUTHORIZED_USER_IDS"
- loge "done."
- else
- # else do nothing
- log " authorized_user_ids file untouched."
- fi
- fi
-}
-
-# remove a userid from the authorized_user_ids file
-remove_userid() {
- local userID
-
- userID="$1"
-
- log "processing userid: '$userID'"
-
- # check if user ID is in the authorized_user_ids file
- if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
- log " user ID not currently authorized."
- return 1
- fi
-
- # remove user ID from file
- log -n " removing user ID '$userID'... "
- remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$"
- loge "done."
-}
-
# process a host in known_host file
process_host_known_hosts() {
local host
while read -r ok keyid ; do
sshKey=$(gpg2ssh "$keyid")
# remove the old host key line
- remove_file_line "$KNOWN_HOSTS" "$sshKey"
+ remove_line "$KNOWN_HOSTS" "$sshKey"
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
# hash if specified
while read -r ok keyid ; do
sshKey=$(gpg2ssh "$keyid")
# remove the old host key line
- remove_file_line "$AUTHORIZED_KEYS" "$sshKey"
+ remove_line "$AUTHORIZED_KEYS" "$sshKey"
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
process_authorized_user_ids() {
local userid
- cat "$AUTHORIZED_USER_IDS" | meat | \
+ authorizedUserIDs="$1"
+
+ cat "$authorizedUserIDs" | meat | \
while read -r userid ; do
process_uid_authorized_keys "$userid"
done
comment="$key"
fi
- if echo "$comment" | egrep -v -q '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}:' ; then
+ if echo "$comment" | egrep -v -q '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}' ; then
continue
fi
userID=$(echo "$comment" | awk "{ print $2 }")
# FIXME: need to figure out better way to identify host key
# dummy command so as not to publish fakes keys during testing
# eventually:
- #gpg --send-keys --keyserver "$KEYSERVER" $(hostname -f)
- echo "NOT PUBLISHED: gpg --send-keys --keyserver $KEYSERVER $(hostname -f)"
+ #gpg --keyserver "$KEYSERVER" --send-keys $(hostname -f)
+ echo "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development).
+To publish manually, do: gpg --keyserver $KEYSERVER --send-keys $(hostname -f)"
+ return 1
}