X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=06c9c7f313a44001f19b5b696b7f245308323ecc;hb=208f6c2cd469cf46a51b11c0ea58723f4a18f9ab;hp=6279c4561a324fc40dc7a358df409ef9bb06056c;hpb=92c70306aa5f96c8dfa69f2c90dca58908e719f7;p=monkeysphere.git

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 6279c45..06c9c7f 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -51,7 +51,7 @@ gen_key() {
     # set key defaults
     KEY_TYPE=${KEY_TYPE:-"RSA"}
     KEY_LENGTH=${KEY_LENGTH:-"2048"}
-    KEY_USAGE=${KEY_USAGE:-"auth,encrypt"}
+    KEY_USAGE=${KEY_USAGE:-"auth"}
     cat <<EOF
 Please specify how long the key should be valid.
          0 = key does not expire
@@ -106,7 +106,7 @@ EOF
 
     log -n "generating server key... "
     echo "$keyParameters" | gpg --batch --gen-key
-    echo "done."
+    loge "done."
 }
 
 ########################################################################
@@ -127,20 +127,25 @@ MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
 # set empty config variable with defaults
 GNUPGHOME=${GNUPGHOME:-"${MS_HOME}/gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
+CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
 
 export GNUPGHOME
 
+# make sure the monkeysphere home directory exists
+mkdir -p "${MS_HOME}/authorized_user_ids"
 # make sure gpg home exists with proper permissions
 mkdir -p -m 0700 "$GNUPGHOME"
+# make sure the authorized_keys directory exists
+mkdir -p "${CACHE}/authorized_keys"
 
 case $COMMAND in
     'update-users'|'update-user'|'s')
 	if [ "$1" ] ; then
 	    unames="$@"
 	else
-	    unames=$(ls -1 "$MS_HOME"/authorized_user_ids)
+	    unames=$(ls -1 "${MS_HOME}/authorized_user_ids")
 	fi
 
 	for uname in $unames ; do
@@ -149,12 +154,14 @@ case $COMMAND in
 	    log "----- user: $uname -----"
 
 	    # set variables for the user
-	    AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
-	    msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
-	    cacheDir="$CACHE"/"$uname"/user_keys
+	    AUTHORIZED_USER_IDS="${MS_HOME}/authorized_user_ids/${uname}"
+	    # temporary authorized_keys file
+	    AUTHORIZED_KEYS="${CACHE}/authorized_keys/${uname}.tmp"
 
             # make sure user's authorized_user_ids file exists
 	    touch "$AUTHORIZED_USER_IDS"
+	    # make sure the authorized_keys file exists and is clear
+	    > "$AUTHORIZED_KEYS"
 
 	    # skip if the user's authorized_user_ids file is empty
 	    if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
@@ -162,14 +169,23 @@ case $COMMAND in
 		continue
 	    fi
 
-	    # set user-controlled authorized_keys file path
-	    if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" ] ; then
+	    # process authorized_user_ids file
+	    log "processing authorized_user_ids file..."
+	    process_authorized_user_ids
+
+	    # add user-controlled authorized_keys file path if specified
+	    if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" != '-' ] ; then
 		userHome=$(getent passwd "$uname" | cut -d: -f6)
 		userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"}
+		log -n "adding user's authorized_keys file... "
+		cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS"
+		loge "done."
 	    fi
 
-	    # update authorized_keys
-	    update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$cacheDir"
+	    # move the temp authorized_keys file into place
+	    mv -f "${CACHE}/authorized_keys/${uname}.tmp" "${CACHE}/authorized_keys/${uname}"
+
+	    log "authorized_keys file updated."
 	done
 
 	log "----- done. -----"
@@ -206,14 +222,13 @@ case $COMMAND in
 
 	# set variables for the user
 	AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
-	cacheDir="$CACHE"/"$uname"/user_keys
 
         # make sure user's authorized_user_ids file exists
 	touch "$AUTHORIZED_USER_IDS"
 
 	# process the user IDs
 	for userID ; do
-	    update_userid "$userID" "$cacheDir"
+	    update_userid "$userID"
 	done
 
 	log "Run the following to update user's authorized_keys file:"