X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-authentication;h=4485bd4ffcdfcbbd92fd8152badaea6fd3071686;hb=be606510fb37cac8ca7eddadf719efb0598a2ed2;hp=4aaf02d41d18b19dfe28445689cc604d9b245aa5;hpb=d27b1e18de6b23968ec59d7b39a798869f415065;p=monkeysphere.git

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 4aaf02d..4485bd4 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -12,20 +12,25 @@
 # version 3 or later.
 
 ########################################################################
+set -e
+
 PGRM=$(basename $0)
 
 SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
 # sharedir for authentication functions
 MASHAREDIR="${SYSSHAREDIR}/ma"
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for authentication functions
+MADATADIR="${SYSDATADIR}/authentication"
 
 # temp directory to enable atomic moves of authorized_keys files
-MATMPDIR="${SYSDATADIR}/tmp"
+MATMPDIR="${MADATADIR}/tmp"
 export MSTMPDIR
 
 # UTC date in ISO 8601 format if needed
@@ -80,8 +85,6 @@ su_monkeysphere_user() {
 
 # function to interact with the gpg core keyring
 gpg_core() {
-    local returnCode
-
     GNUPGHOME="$GNUPGHOME_CORE"
     export GNUPGHOME
 
@@ -89,15 +92,7 @@ gpg_core() {
     # user to be able to read the host pubring.  we realize this might
     # be problematic, but it's the simplest solution, without too much
     # loss of security.
-    gpg --no-permission-warning "$@"
-    returnCode="$?"
-
-    # always reset the permissions on the host pubring so that the
-    # monkeysphere user can read the trust signatures
-    chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg"
-    chmod g+r "${GNUPGHOME_CORE}/pubring.gpg"
-    
-    return "$returnCode"
+    gpg "$@"
 }
 
 # function to interact with the gpg sphere keyring
@@ -111,6 +106,12 @@ gpg_sphere() {
     su_monkeysphere_user "gpg $@"
 }
 
+# export signatures from core to sphere
+gpg_core_sphere_sig_transfer() {
+    gpg_core --export-options export-local-sigs --export | \
+	gpg_sphere --import-options import-local-sigs --import
+}
+
 ########################################################################
 # MAIN
 ########################################################################
@@ -135,8 +136,9 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"}
-GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"}
+GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
+GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
+CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"}
 
 # export variables needed in su invocation
 export DATE
@@ -149,6 +151,7 @@ export REQUIRED_USER_KEY_CAPABILITY
 export GNUPGHOME_CORE
 export GNUPGHOME_SPHERE
 export GNUPGHOME
+export CORE_KEYLENGTH
 
 # get subcommand
 COMMAND="$1"