X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fmonkeysphere;h=8ddfe7fdc93513d5552c93f40407206777f85825;hb=9ce83dcd98305f63c3e3df9bd9ba82291800c43e;hp=2227b9156741ab25941c4296fac5b4e1f8c06027;hpb=06fc008910dc3f8df8c1a6185f49f22854f8f74b;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 2227b91..8ddfe7f 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -32,7 +32,7 @@ umask 077 ######################################################################## usage() { -cat < [options] [args] MonkeySphere client tool. @@ -89,28 +89,36 @@ gen_subkey(){ esac done - keyID="$1" + if [ -z "$1" ] ; then + # find all secret keys + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + # if multiple sec keys exist, fail + if (( $(echo "$keyID" | wc -l) > 1 )) ; then + echo "Multiple secret keys found:" + echo "$keyID" + failure "Please specify which primary key to use." + fi + else + keyID="$1" + fi if [ -z "$keyID" ] ; then - failure "You must specify the key ID of your primary key." + failure "You have no secret key available. You should create an OpenPGP +key before joining the monkeysphere. You can do this with: + gpg --gen-key" fi - gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \ - "$keyID" 2> /dev/null) - - # fail if there only "tru" lines are output from gpg, which - # indicates the key was not found. - if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then - failure "Key ID '$keyID' not found." - fi + # get key output, and fail if not found + gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \ + "$keyID") || failure - # fail if multiple pub lines are returned, which means the id given - # is not unique - if [ $(echo "$gpgOut" | grep '^pub:' | wc -l) -gt '1' ] ; then + # fail if multiple sec lines are returned, which means the id + # given is not unique + if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then failure "Key ID '$keyID' is not unique." fi # prompt if an authentication subkey already exists - if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then + if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then echo "An authentication subkey already exists for key '$keyID'." read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then @@ -208,8 +216,9 @@ case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') MODE='known_hosts' + # check permissions on the known_hosts file path if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then - failure "Improper permissions on known_hosts file." + failure "Improper permissions on known_hosts file path." fi # if hosts are specified on the command line, process just @@ -221,8 +230,10 @@ case $COMMAND in # otherwise, if no hosts are specified, process every host # in the user's known_hosts file else - if [ ! -s "$KNOWN_HOSTS" ] ; then - failure "known_hosts file '$KNOWN_HOSTS' is empty or does not exist." + # exit if the known_hosts file does not exist + if [ ! -e "$KNOWN_HOSTS" ] ; then + log "known_hosts file '$KNOWN_HOSTS' does not exist." + exit fi process_known_hosts @@ -233,13 +244,20 @@ case $COMMAND in 'update-authorized_keys'|'update-authorized-keys'|'a') MODE='authorized_keys' - # fail if the authorized_user_ids file is empty - if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - failure "authorized_user_ids file '$AUTHORIZED_USER_IDS' is empty or does not exist." + # check permissions on the authorized_user_ids file path + if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then + failure "Improper permissions on authorized_user_ids file path." fi - if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then - failure "Improper permissions on authorized_user_ids file." + # check permissions on the authorized_keys file path + if ! check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" ; then + failure "Improper permissions on authorized_keys file path." + fi + + # exit if the authorized_user_ids file is empty + if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then + log "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist." + exit fi # process authorized_user_ids file