# all-caps variables are meant to be user supplied (ie. from config
# file) and are considered global
-########################################################################
-### COMMON VARIABLES
-
-# managed directories
-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
-export SYSCONFIGDIR
-
-# default log level
-LOG_LEVEL="INFO"
-
-# default keyserver
-KEYSERVER="pool.sks-keyservers.net"
-
-# whether or not to check keyservers by defaul
-CHECK_KEYSERVER="true"
-
-# default monkeysphere user
-MONKEYSPHERE_USER="monkeysphere"
-
-# default about whether or not to prompt
-PROMPT="true"
-
########################################################################
### UTILITY FUNCTIONS
file="$1"
- if [ -z "$file" ] ; then
+ # return error if file does not exist
+ if [ ! -e "$file" ] ; then
return 1
fi
- if [ ! -e "$file" ] ; then
- return 1
+ # just return ok if the file is empty, since there aren't any
+ # lines to remove
+ if [ ! -s "$file" ] ; then
+ return 0
fi
tempfile=$(mktemp "${file}.XXXXXXX") || \
# return 1 if path has invalid owner
if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
- log error "improper ownership on path '$path'."
+ log error "improper ownership on path '$path':"
+ log error " $owner != ($uname|root)"
return 1
fi
# return 2 if path has group or other writability
if is_write "$gAccess" || is_write "$oAccess" ; then
- log error "improper group or other writability on path '$path'."
+ log error "improper group or other writability on path '$path':"
+ log error " group: $gAccess, other: $oAcess"
return 2
fi
# return zero if all clear, or go to next path
if [ "$path" = '/' ] ; then
+ log debug "path ok."
return 0
else
check_key_file_permissions "$uname" $(dirname "$path")
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log verbose " * acceptable primary key."
if [ -z "$sshKey" ] ; then
- log error " ! primary key could not be translated (not RSA or DSA?)."
+ log error " ! primary key could not be translated (not RSA?)."
else
echo "0:${sshKey}"
fi
else
log debug " - unacceptable primary key."
if [ -z "$sshKey" ] ; then
- log debug " ! primary key could not be translated (not RSA or DSA?)."
+ log debug " ! primary key could not be translated (not RSA?)."
else
echo "1:${sshKey}"
fi
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log verbose " * acceptable sub key."
if [ -z "$sshKey" ] ; then
- log error " ! sub key could not be translated (not RSA or DSA?)."
+ log error " ! sub key could not be translated (not RSA?)."
else
echo "0:${sshKey}"
fi
else
log debug " - unacceptable sub key."
if [ -z "$sshKey" ] ; then
- log debug " ! sub key could not be translated (not RSA or DSA?)."
+ log debug " ! sub key could not be translated (not RSA?)."
else
echo "1:${sshKey}"
fi
(umask 0022 && touch "$KNOWN_HOSTS")
# check permissions on the known_hosts file path
- check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
+ check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
# create a lockfile on known_hosts:
lock create "$KNOWN_HOSTS"
failure "known_hosts file '$KNOWN_HOSTS' does not exist."
fi
- log debug "processing known_hosts file..."
+ log debug "processing known_hosts file:"
+ log debug " $KNOWN_HOSTS"
hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
nIDsOK=0
nIDsBAD=0
+ log debug "updating authorized_keys file:"
+ log debug " $AUTHORIZED_KEYS"
+
# check permissions on the authorized_keys file path
- check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
+ check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
# create a lockfile on authorized_keys
lock create "$AUTHORIZED_KEYS"
failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
fi
- # check permissions on the authorized_user_ids file path
- check_key_file_permissions "$USER" "$authorizedUserIDs" || failure
+ log debug "processing authorized_user_ids file:"
+ log debug " $authorizedUserIDs"
- log debug "processing authorized_user_ids file..."
+ # check permissions on the authorized_user_ids file path
+ check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure
if ! meat "$authorizedUserIDs" > /dev/null ; then
log debug " no user IDs to process."