X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=6d9e6c3a28469880895525d2a51e64667cb8de7c;hb=b0ea15c8e359a908583e08da0663d69e353c77dc;hp=3f127e6f1c0f7dd49a2c08517814350d992ee602;hpb=5eab2f06d17f8a178c6fe61a7bf9fcba349e7680;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 3f127e6..6d9e6c3 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -32,7 +32,7 @@ umask 077 ######################################################################## usage() { -cat < [options] [args] MonkeySphere client tool. @@ -89,9 +89,22 @@ gen_subkey(){ esac done - keyID="$1" + if [ -z "$1" ] ; then + # find all secret keys + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + # if multiple sec keys exist, fail + if (( $(echo "$keyID" | wc -l) > 1 )) ; then + echo "Multiple secret keys found:" + echo "$keyID" + failure "Please specify which primary key to use." + fi + else + keyID="$1" + fi if [ -z "$keyID" ] ; then - failure "You must specify the key ID of your primary key." + failure "You have no secret key available. You should create an OpenPGP +key before joining the monkeysphere. You can do this with: + gpg --gen-key" fi # get key output, and fail if not found @@ -178,7 +191,16 @@ mkdir -p -m 0700 "$MONKEYSPHERE_HOME" # set empty config variables with ones from the environment, or from # config file, or with defaults GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}} -KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}} +KEYSERVER=${MONKEYSPHERE_KEYSERVER:="$KEYSERVER"} +# if keyserver not specified in env or monkeysphere.conf, +# look in gpg.conf +if [ -z "$KEYSERVER" ] ; then + if [ -f "${GNUPGHOME}/gpg.conf" ] ; then + KEYSERVER=$(grep -e "^[[:space:]]*keyserver " "${GNUPGHOME}/gpg.conf" | tail -1 | awk '{ print $2 }') + fi +fi +# if it's still not specified, use the default +KEYSERVER=${KEYSERVER:="subkeys.pgp.net"} CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=${KNOWN_HOSTS:="${HOME}/.ssh/known_hosts"}} HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=${HASH_KNOWN_HOSTS:="true"}} @@ -203,8 +225,9 @@ case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') MODE='known_hosts' + # check permissions on the known_hosts file path if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then - failure "Improper permissions on known_hosts file." + failure "Improper permissions on known_hosts file path." fi # if hosts are specified on the command line, process just @@ -216,8 +239,10 @@ case $COMMAND in # otherwise, if no hosts are specified, process every host # in the user's known_hosts file else + # exit if the known_hosts file does not exist if [ ! -e "$KNOWN_HOSTS" ] ; then - failure "known_hosts file '$KNOWN_HOSTS' does not exist." + log "known_hosts file '$KNOWN_HOSTS' does not exist." + exit fi process_known_hosts @@ -228,13 +253,20 @@ case $COMMAND in 'update-authorized_keys'|'update-authorized-keys'|'a') MODE='authorized_keys' - # fail if the authorized_user_ids file is empty - if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then - failure "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist." + # check permissions on the authorized_user_ids file path + if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then + failure "Improper permissions on authorized_user_ids file path." fi - if ! check_key_file_permissions "$USER" "$AUTHORIZED_USER_IDS" ; then - failure "Improper permissions on authorized_user_ids file." + # check permissions on the authorized_keys file path + if ! check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" ; then + failure "Improper permissions on authorized_keys file path." + fi + + # exit if the authorized_user_ids file is empty + if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then + log "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist." + exit fi # process authorized_user_ids file