X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=a9c9d5856002acf42e99c4f757e347a7d3967536;hb=fe0e35fa72edb5bbb9e2026b8e5c920a5c3f6a86;hp=79bc352c9a06fbbeea60aea838b79c7ae2b553f3;hpb=b6983d7cb86f450ebd7fafcb254011fd7099c246;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 79bc352..a9c9d58 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -53,7 +53,7 @@ gen_subkey(){ keyID="$1" - gpgOut=$(gpg --fixed-list-mode --list-keys --with-colons \ + gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \ "$keyID" 2> /dev/null) # return 1 if there only "tru" lines are output from gpg @@ -90,8 +90,9 @@ save EOF ) - echo "generating subkey..." + log "generating subkey..." echo "$editCommands" | gpg --expert --command-fd 0 --edit-key "$keyID" + log "done." } ######################################################################## @@ -113,27 +114,22 @@ MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"} AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} -REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"} +CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} +REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"} REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} -USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"} -USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} +KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} +AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"} HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"} export GNUPGHOME -# stagging locations -hostKeysCacheDir="${MS_HOME}/host_keys" -userKeysCacheDir="${MS_HOME}/user_keys" -msAuthorizedKeys="${MS_HOME}/authorized_keys" - # make sure gpg home exists with proper permissions mkdir -p -m 0700 "$GNUPGHOME" # make sure the user monkeysphere home directory exists mkdir -p -m 0700 "$MS_HOME" -mkdir -p "$hostKeysCacheDir" -mkdir -p "$userKeysCacheDir" touch "$AUTHORIZED_USER_IDS" +touch "$AUTHORIZED_KEYS" case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') @@ -141,23 +137,25 @@ case $COMMAND in # touch the known_hosts file to make sure it exists # ssh-keygen complains if it doesn't exist - touch "$USER_KNOWN_HOSTS" + touch "$KNOWN_HOSTS" # if hosts are specified on the command line, process just # those hosts if [ "$1" ] ; then for host ; do - process_host "$host" "$hostKeysCacheDir" + process_host_known_hosts "$host" done + log "known_hosts file updated." # otherwise, if no hosts are specified, process every user # in the user's known_hosts file else - if [ ! -s "$USER_KNOWN_HOSTS" ] ; then - failure "known_hosts file '$USER_KNOWN_HOSTS' is empty." + if [ ! -s "$KNOWN_HOSTS" ] ; then + failure "known_hosts file '$KNOWN_HOSTS' is empty." fi log "processing known_hosts file..." - process_known_hosts "$hostKeysCacheDir" + process_known_hosts + log "known_hosts file updated." fi ;; @@ -166,7 +164,7 @@ case $COMMAND in failure "you must specify at least one userid." fi for userID ; do - update_userid "$userID" "$userKeysCacheDir" + update_userid "$userID" "$AUTHORIZED_USER_IDS" done log "Run the following to update your monkeysphere authorized_keys file:" log "$PGRM update-authorized_keys" @@ -177,7 +175,7 @@ case $COMMAND in failure "you must specify at least one userid." fi for userID ; do - remove_userid "$userID" + remove_userid "$userID" "$AUTHORIZED_USER_IDS" done log "Run the following to update your monkeysphere authorized_keys file:" log "$PGRM update-authorized_keys" @@ -191,11 +189,10 @@ case $COMMAND in failure "$AUTHORIZED_USER_IDS is empty." fi - # set user-controlled authorized_keys file path - userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"} - - # update authorized_keys - update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir" + # process authorized_user_ids file + log "processing authorized_user_ids file..." + process_authorized_user_ids "$AUTHORIZED_USER_IDS" + log "authorized_keys file updated." ;; 'gen-subkey'|'g')