unset GREP_OPTIONS
# default return code
-ERR=0
+RETURN=0
+
+# set the file creation mask to be only owner rw
+umask 077
########################################################################
# FUNCTIONS
usage() {
cat <<EOF
-usage: $PGRM <subcommand> [args]
+usage: $PGRM <subcommand> [options] [args]
MonkeySphere client tool.
subcommands:
# generate a subkey with the 'a' usage flags set
# FIXME: this needs some tweaking to clean it up
gen_subkey(){
+ local keyLength
+ local keyExpire
local keyID
local gpgOut
local userID
- keyID="$1"
+ # set default key parameter values
+ keyLength=
+ keyExpire=
- gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \
- "$keyID" 2> /dev/null)
+ # get options
+ TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@")
- # fail if there only "tru" lines are output from gpg, which
- # indicates the key was not found.
- if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
- failure "Key ID '$keyID' not found."
+ if [ $? != 0 ] ; then
+ exit 1
fi
- # fail if multiple pub lines are returned, which means the id given
- # is not unique
- if [ $(echo "$gpgOut" | grep '^pub:' | wc -l) -gt '1' ] ; then
+ # Note the quotes around `$TEMP': they are essential!
+ eval set -- "$TEMP"
+
+ while true ; do
+ case "$1" in
+ -l|--length)
+ keyLength="$2"
+ shift 2
+ ;;
+ -e|--expire)
+ keyExpire="$2"
+ shift 2
+ ;;
+ --)
+ shift
+ ;;
+ *)
+ break
+ ;;
+ esac
+ done
+
+ keyID="$1"
+ if [ -z "$keyID" ] ; then
+ failure "You must specify the key ID of your primary key."
+ fi
+
+ # get key output, and fail if not found
+ gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \
+ "$keyID") || failure
+
+ # fail if multiple sec lines are returned, which means the id
+ # given is not unique
+ if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then
failure "Key ID '$keyID' is not unique."
fi
# prompt if an authentication subkey already exists
- if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then
+ if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then
echo "An authentication subkey already exists for key '$keyID'."
read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
if [ "${OK/y/Y}" != 'Y' ] ; then
fi
# set subkey defaults
- KEY_TYPE="RSA"
- KEY_LENGTH=${KEY_LENGTH:-}
- KEY_USAGE="auth"
# prompt about key expiration if not specified
- if [ -z "$KEY_EXPIRE" ] ; then
+ if [ -z "$keyExpire" ] ; then
cat <<EOF
Please specify how long the key should be valid.
0 = key does not expire
<n>m = key expires in n months
<n>y = key expires in n years
EOF
- while [ -z "$KEY_EXPIRE" ] ; do
- read -p "Key is valid for? (0) " KEY_EXPIRE
- if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then
+ while [ -z "$keyExpire" ] ; do
+ read -p "Key is valid for? (0) " keyExpire
+ if ! test_gpg_expire ${keyExpire:=0} ; then
echo "invalid value"
- unset KEY_EXPIRE
+ unset keyExpire
fi
done
- elif ! test_gpg_expire "$KEY_EXPIRE" ; then
- failure "invalid key expiration value '$KEY_EXPIRE'."
+ elif ! test_gpg_expire "$keyExpire" ; then
+ failure "invalid key expiration value '$keyExpire'."
fi
# generate the list of commands that will be passed to edit-key
E
A
Q
-$KEY_LENGTH
-$KEY_EXPIRE
+$keyLength
+$keyExpire
save
EOF
)
[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
shift
-# unset option variables
-unset KEY_LENGTH
-unset KEY_EXPIRE
-
-# get options for key generation and add-certifier functions
-TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@")
-
-if [ $? != 0 ] ; then
- usage
- exit 1
-fi
-
-# Note the quotes around `$TEMP': they are essential!
-eval set -- "$TEMP"
-
-while true ; do
- case "$1" in
- -l|--length)
- KEY_LENGTH="$2"
- shift 2
- ;;
- -e|--expire)
- KEY_EXPIRE="$2"
- shift 2
- ;;
- --)
- shift
- ;;
- *)
- break
- ;;
- esac
-done
-
case $COMMAND in
'update-known_hosts'|'update-known-hosts'|'k')
MODE='known_hosts'
+ if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then
+ failure "Improper permissions on known_hosts file."
+ fi
+
# if hosts are specified on the command line, process just
# those hosts
if [ "$1" ] ; then
update_known_hosts "$@"
- ERR="$?"
+ RETURN="$?"
# otherwise, if no hosts are specified, process every host
# in the user's known_hosts file
fi
process_known_hosts
- ERR="$?"
+ RETURN="$?"
fi
;;
# fail if the authorized_user_ids file is empty
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
- failure "$AUTHORIZED_USER_IDS is empty or does not exist."
+ failure "authorized_user_ids file '$AUTHORIZED_USER_IDS' is empty or does not exist."
+ fi
+
+ if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then
+ failure "Improper permissions on authorized_user_ids file."
fi
# process authorized_user_ids file
process_authorized_user_ids "$AUTHORIZED_USER_IDS"
- ERR="$?"
+ RETURN="$?"
;;
'gen-subkey'|'g')
- keyID="$1"
- if [ -z "$keyID" ] ; then
- failure "You must specify the key ID of your primary key."
- fi
- gen_subkey "$keyID"
+ gen_subkey "$@"
;;
'help'|'h'|'?')
;;
esac
-exit "$ERR"
+exit "$RETURN"