X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-authentication;h=a33de1e56b41e0b3a302a68a0644a81ae8a5ba00;hb=f3ef901ec68efe813ea5fbe9a55e80f0aaf3ee93;hp=7c43aa8790ddde36fba98f4ebc0e6404c95ba22f;hpb=89e447e2001c0406fab6d2e6ca300a19d492435b;p=monkeysphere.git diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 7c43aa8..a33de1e 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -70,45 +70,17 @@ subcommands: EOF } -# function to run command as monkeysphere user -su_monkeysphere_user() { - # if the current user is the monkeysphere user, then just eval - # command - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - eval "$@" - - # otherwise su command as monkeysphere user - else - su "$MONKEYSPHERE_USER" -c "$@" - fi -} - # function to interact with the gpg core keyring gpg_core() { - local returnCode - GNUPGHOME="$GNUPGHOME_CORE" export GNUPGHOME - # NOTE: we supress this warning because we need the monkeysphere - # user to be able to read the host pubring. we realize this might - # be problematic, but it's the simplest solution, without too much - # loss of security. - gpg --no-permission-warning "$@" - returnCode="$?" - - # always reset the permissions on the host pubring so that the - # monkeysphere user can read the trust signatures - chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg" - chmod g+r "${GNUPGHOME_CORE}/pubring.gpg" - - return "$returnCode" + gpg "$@" } # function to interact with the gpg sphere keyring -# FIXME: this function requires basically accepts only a single -# argument because of problems with quote expansion. this needs to be -# fixed/improved. +# FIXME: this function requires only a single argument because of +# problems with quote expansion. this needs to be fixed/improved. gpg_sphere() { GNUPGHOME="$GNUPGHOME_SPHERE" export GNUPGHOME @@ -116,6 +88,22 @@ gpg_sphere() { su_monkeysphere_user "gpg $@" } +# load the core fingerprint into the fingerprint variable, using the +# gpg host secret key +core_fingerprint() { + log debug "determining core key fingerprint..." + gpg_core --quiet --list-secret-key \ + --with-colons --fixed-list-mode --with-fingerprint \ + | grep ^fpr: | cut -d: -f10 +} + +# export signatures from core to sphere +gpg_core_sphere_sig_transfer() { + log debug "exporting core local sigs to sphere..." + gpg_core --export-options export-local-sigs --export | \ + gpg_sphere --import-options import-local-sigs --import +} + ######################################################################## # MAIN ######################################################################## @@ -142,6 +130,7 @@ CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"} GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"} +CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"} # export variables needed in su invocation export DATE @@ -154,6 +143,7 @@ export REQUIRED_USER_KEY_CAPABILITY export GNUPGHOME_CORE export GNUPGHOME_SPHERE export GNUPGHOME +export CORE_KEYLENGTH # get subcommand COMMAND="$1" @@ -186,7 +176,7 @@ case $COMMAND in list_certifiers "$@" ;; - 'expert'|'e') + 'expert') SUBCOMMAND="$1" shift case "$SUBCOMMAND" in