X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=ff4423ba11107365afb2343f46232baf35bf1b22;hb=07cb14cdb80ef060e63ba2713ef70b67db9f5783;hp=aaeda117a0efd54d6a8ae7dcf4089fa7fe37fed8;hpb=f049fa104308997359dcd4eb7fd68cabe06a43ba;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index aaeda11..ff4423b 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -15,7 +15,7 @@ SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} export SHAREDIR . "${SHAREDIR}/common" -GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf} +GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"} [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" # date in UTF format if needed @@ -31,12 +31,13 @@ GREP_OPTIONS= usage() { cat < [args] -Monkeysphere client tool. +MonkeySphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file + update-userids (u) [USERID]... add/update user IDs + remove-userids (r) [USERID]... remove user IDs update-authorized_keys (a) update authorized_keys file - update-userids (u) [USERID]... add/update userid gen-ae-subkey (g) KEYID generate an 'ae' capable subkey help (h,?) this help @@ -63,7 +64,7 @@ gen_ae_subkey(){ # return 1 if there only "tru" lines are output from gpg if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then - loge " key not found." + log " key not found." return 1 fi @@ -78,7 +79,7 @@ Name-Real: $userID EOF ) - log "The following key parameters will be used:" + echo "The following key parameters will be used:" echo "$keyParameters" read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} @@ -107,36 +108,44 @@ COMMAND="$1" shift # set ms home directory -MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere} +MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"} # load configuration file -MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf} +MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"} [ -e "$MS_CONF" ] && . "$MS_CONF" # set empty config variable with defaults -AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids} -GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg} -KEYSERVER=${KEYSERVER:-subkeys.pgp.net} -REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"} -USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys} -USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts} -HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-} +AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} +GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} +KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} +REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"} +REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} +USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"} +USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} +HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"} export GNUPGHOME # stagging locations -hostKeysCacheDir="$MS_HOME"/host_keys -userKeysCacheDir="$MS_HOME"/user_keys -msAuthorizedKeys="$MS_HOME"/authorized_keys +hostKeysCacheDir="${MS_HOME}/host_keys" +userKeysCacheDir="${MS_HOME}/user_keys" +msAuthorizedKeys="${MS_HOME}/authorized_keys" # make sure gpg home exists with proper permissions mkdir -p -m 0700 "$GNUPGHOME" +# make sure the user monkeysphere home directory exists +mkdir -p -m 0700 "$MS_HOME" +mkdir -p "$hostKeysCacheDir" +mkdir -p "$userKeysCacheDir" +touch "$AUTHORIZED_USER_IDS" + case $COMMAND in 'update-known_hosts'|'update-known-hosts'|'k') MODE='known_hosts' # touch the known_hosts file to make sure it exists + # ssh-keygen complains if it doesn't exist touch "$USER_KNOWN_HOSTS" # if hosts are specified on the command line, process just @@ -146,8 +155,8 @@ case $COMMAND in process_host "$host" "$hostKeysCacheDir" done - # otherwise, if no hosts are specified, process the user - # known_hosts file + # otherwise, if no hosts are specified, process every user + # in the user's known_hosts file else if [ ! -s "$USER_KNOWN_HOSTS" ] ; then failure "known_hosts file '$USER_KNOWN_HOSTS' is empty." @@ -157,29 +166,41 @@ case $COMMAND in fi ;; + 'update-userids'|'update-userid'|'u') + if [ -z "$1" ] ; then + failure "you must specify at least one userid." + fi + for userID ; do + update_userid "$userID" "$userKeysCacheDir" + done + log "run the following to update your monkeysphere authorized_keys file:" + log "$PGRM update-authorized_keys" + ;; + + 'remove-userids'|'remove-userid'|'r') + if [ -z "$1" ] ; then + failure "you must specify at least one userid." + fi + for userID ; do + remove_userid "$userID" + done + log "run the following to update your monkeysphere authorized_keys file:" + log "$PGRM update-authorized_keys" + ;; + 'update-authorized_keys'|'update-authorized-keys'|'a') MODE='authorized_keys' - # make sure authorized_user_ids file exists + # fail if the authorized_user_ids file is empty if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - log "authorized_user_ids file is empty or does not exist." - exit + failure "$AUTHORIZED_USER_IDS is empty." fi # set user-controlled authorized_keys file path userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"} # update authorized_keys - update_authorized_keys "$userKeysCacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys" - ;; - - 'update-userids'|'u') - if [ -z "$1" ] ; then - failure "you must specify at least one userid." - fi - for userID ; do - update_userid "$userID" "$userKeysCacheDir" - done + update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir" ;; 'gen-ae-subkey'|'g') @@ -196,6 +217,6 @@ case $COMMAND in *) failure "Unknown command: '$COMMAND' -Type 'cereal-admin help' for usage." +Type '$PGRM help' for usage." ;; esac