########################################################################
PGRM=$(basename $0)
-SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
-export SHARE
-. "${SHARE}/common" || exit 1
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/common" || exit 1
# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')
usage() {
cat <<EOF >&2
usage: $PGRM <subcommand> [options] [args]
-MonkeySphere client tool.
+Monkeysphere client tool.
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
keyExpire=
# get options
- TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@")
+ TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
if [ $? != 0 ] ; then
exit 1
)
log verbose "generating subkey..."
- fifoDir=$(mktemp -d)
+ fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
log verbose "done."
}
-function subkey_to_ssh_agent() {
+subkey_to_ssh_agent() {
# try to add all authentication subkeys to the agent:
local sshaddresponse
if ! test_gnu_dummy_s2k_extension ; then
failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
-You may want to consider patching or upgrading.
+You may want to consider patching or upgrading to GnuTLS 2.6 or later.
For more details, see:
http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html"
You might want to 'monkeysphere gen-subkey'"
fi
- workingdir=$(mktemp -d)
+ workingdir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
umask 077
mkfifo "$workingdir/passphrase"
keysuccess=1
unset AUTHORIZED_KEYS
# load global config
-[ -r "${ETC}/monkeysphere.conf" ] && . "${ETC}/monkeysphere.conf"
+[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] && . "${SYSCONFIGDIR}/monkeysphere.conf"
# set monkeysphere home directory
MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"}
'update-known_hosts'|'update-known-hosts'|'k')
MODE='known_hosts'
+ # touch the known_hosts file so that the file permission check
+ # below won't fail upon not finding the file
+ (umask 0022 && touch "$KNOWN_HOSTS")
+
# check permissions on the known_hosts file path
- if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then
- failure "Improper permissions on known_hosts file path."
- fi
+ check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
# if hosts are specified on the command line, process just
# those hosts
MODE='authorized_keys'
# check permissions on the authorized_user_ids file path
- if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then
- failure "Improper permissions on authorized_user_ids file path."
- fi
+ check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" || failure
# check permissions on the authorized_keys file path
- if ! check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" ; then
- failure "Improper permissions on authorized_keys file path."
- fi
+ check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
# exit if the authorized_user_ids file is empty
if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then
projects / monkeysphere.git / blobdiff