fi
if [ "$priority" = "$level" -a "$output" = 'true' ] ; then
if [ "$1" ] ; then
- echo -n "ms: " >&2
- echo "$@" >&2
+ echo "$@"
else
- cat >&2
- fi
+ cat
+ fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
fi
done
}
local action="$1"
local file="$2"
- if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then
- if ! ( which lockfile >/dev/null ); then
+ if ! ( type lockfile-create &>/dev/null ) ; then
+ if ! ( type lockfile &>/dev/null ); then
failure "Neither lockfile-create nor lockfile are in the path!"
fi
use_lockfileprogs=
local shortunits
# try things the GNU way first
- if date -d "$number $longunits" "$format" >/dev/null 2>&1; then
+ if date -d "$number $longunits" "$format" &>/dev/null; then
date -d "$number $longunits" "$format"
else
# otherwise, convert to (a limited version of) BSD date syntax:
# hash of a file
file_hash() {
- md5sum "$1" 2> /dev/null
+ if type md5sum &>/dev/null ; then
+ md5sum "$1"
+ elif type md5 &>/dev/null ; then
+ md5 "$1"
+ else
+ failure "Neither md5sum nor md5 are in the path!"
+ fi
}
# convert escaped characters in pipeline from gpg output back into
<n>y = key expires in n years
EOF
while [ -z "$keyExpire" ] ; do
- read -p "Key is valid for? (0) " keyExpire
+ printf "Key is valid for? (0) " >&2
+ read keyExpire
if ! test_gpg_expire ${keyExpire:=0} ; then
echo "invalid value" >&2
unset keyExpire
local fifo="$2"
local PASS
- if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then
+ if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then
+ printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info
+ printf '(with prompt "%s")\n' "$prompt" | log debug
"${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo"
else
read -s -p "$prompt" PASS
fi
# if the string is in the file...
- if grep -q -F "$string" "$file" 2> /dev/null ; then
+ if grep -q -F "$string" "$file" 2>/dev/null ; then
tempfile=$(mktemp "${file}.XXXXXXX") || \
failure "Unable to make temp file '${file}.XXXXXXX'"
file="$1"
- if [ -z "$file" ] ; then
+ # return error if file does not exist
+ if [ ! -e "$file" ] ; then
return 1
fi
- if [ ! -e "$file" ] ; then
- return 1
+ # just return ok if the file is empty, since there aren't any
+ # lines to remove
+ if [ ! -s "$file" ] ; then
+ return 0
fi
tempfile=$(mktemp "${file}.XXXXXXX") || \
path="$2"
# get the user's home directory
- userHome=$(getent passwd "$uname" | cut -d: -f6)
+ userHome=$(get_homedir "$uname")
# translate '%u' to user name
path=${path/\%u/"$uname"}
log debug "checking path permission '$path'..."
+ # rewrite path if it points to a symlink
+ if [ -h "$path" ] ; then
+ path=$(readlink -f "$path")
+ log debug "checking path symlink '$path'..."
+ fi
+
# return 255 if cannot stat file
if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
log error "could not stat path '$path'."
# return 2 if path has group or other writability
if is_write "$gAccess" || is_write "$oAccess" ; then
log error "improper group or other writability on path '$path':"
- log error " group: $gAccess, other: $oAcess"
+ log error " group: $gAccess, other: $oAccess"
return 2
fi
fi
}
+# return a list of all users on the system
+list_users() {
+ if type getent &>/dev/null ; then
+ # for linux and FreeBSD systems
+ getent passwd | cut -d: -f1
+ elif type dscl &>/dev/null ; then
+ # for Darwin systems
+ dscl localhost -list /Search/Users
+ else
+ failure "Neither getent or dscl is in the path! Could not determine list of users."
+ fi
+}
+
+# return the path to the home directory of a user
+get_homedir() {
+ local uname=${1:-`whoami`}
+ eval "echo ~${uname}"
+}
+
### CONVERSION UTILITIES
# output the ssh key for a given key ID
keyID="$1"
- gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null
+ gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
}
# output known_hosts line from ssh key
ssh2known_hosts() {
local host
+ local port
local key
- host="$1"
+ # FIXME this does not properly deal with IPv6 hosts using the
+ # standard port (because it's unclear whether their final
+ # colon-delimited address section is a port number or an address
+ # string)
+ host=${1%:*}
+ port=${1##*:}
key="$2"
- echo -n "$host "
- echo -n "$key" | tr -d '\n'
- echo " MonkeySphere${DATE}"
+ # specify the host and port properly for new ssh known_hosts
+ # format
+ if [ "$port" != "$host" ] ; then
+ host="[${host}]:${port}"
+ fi
+ printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
}
# output authorized_keys line from ssh key
userID="$1"
key="$2"
- echo -n "$key" | tr -d '\n'
- echo " MonkeySphere${DATE} ${userID}"
+ printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
}
# convert key from gpg to ssh known_hosts format
gpg2known_hosts() {
local host
local keyID
+ local key
host="$1"
keyID="$2"
+ key=$(gpg2ssh "$keyID")
+
# NOTE: it seems that ssh-keygen -R removes all comment fields from
# all lines in the known_hosts file. why?
# NOTE: just in case, the COMMENT can be matched with the
# following regexp:
# '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
- echo -n "$host "
- gpg2ssh "$keyID" | tr -d '\n'
- echo " MonkeySphere${DATE}"
+ printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
}
# convert key from gpg to ssh authorized_keys format
gpg2authorized_keys() {
local userID
local keyID
+ local key
userID="$1"
keyID="$2"
+ key=$(gpg2ssh "$keyID")
+
# NOTE: just in case, the COMMENT can be matched with the
# following regexp:
# '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
- gpg2ssh "$keyID" | tr -d '\n'
- echo " MonkeySphere${DATE} ${userID}"
+ printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
}
### GPG UTILITIES
echo 1,2,3,4,5 | \
gpg --quiet --batch --with-colons \
--command-fd 0 --keyserver "$KEYSERVER" \
- --search ="$userID" > /dev/null 2>&1
+ --search ="$userID" &>/dev/null
returnCode="$?"
return "$returnCode"
# hash from stdin to stdout
tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
- ssh-keygen -H -f "$tmpfile" 2> /dev/null
+ ssh-keygen -H -f "$tmpfile" 2>/dev/null
cat "$tmpfile" >> "$KNOWN_HOSTS"
rm -f "$tmpfile" "${tmpfile}.old"
else
(umask 0022 && touch "$KNOWN_HOSTS")
# check permissions on the known_hosts file path
- check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
+ check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
# create a lockfile on known_hosts:
lock create "$KNOWN_HOSTS"
log debug " $AUTHORIZED_KEYS"
# check permissions on the authorized_keys file path
- check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
+ check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
# create a lockfile on authorized_keys
lock create "$AUTHORIZED_KEYS"
log debug " $authorizedUserIDs"
# check permissions on the authorized_user_ids file path
- check_key_file_permissions "$USER" "$authorizedUserIDs" || failure
+ check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure
- if ! meat "$authorizedUserIDs" > /dev/null ; then
+ if ! meat "$authorizedUserIDs" >/dev/null ; then
log debug " no user IDs to process."
return
fi