X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=8139387cca858152a2b9a2da42becbddabb04468;hb=2c6c9e84ef5417987d90d45d28be6894df5afe35;hp=e3ffc4b13878023fb267eba1fc86e2e0fefcdfff;hpb=bb2427c28bf40179c4881b22c23f23f9bea78f55;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index e3ffc4b..8139387 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -4,6 +4,7 @@ # # The monkeysphere scripts are written by: # Jameson Rollins +# Jamie McClelland # Daniel Kahn Gillmor # # They are Copyright 2008, and are all released under the GPL, version 3 @@ -19,7 +20,7 @@ export SHARE VARLIB="/var/lib/monkeysphere" export VARLIB -# date in UTF format if needed +# UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up @@ -156,7 +157,7 @@ update_users() { for uname in $unames ; do # check all specified users exist if ! getent passwd "$uname" >/dev/null ; then - log info "----- unknown user '$uname' -----" + log error "----- unknown user '$uname' -----" continue fi @@ -172,17 +173,17 @@ update_users() { fi fi - log info "----- user: $uname -----" + log verbose "----- user: $uname -----" # exit if the authorized_user_ids file is empty if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then - log error "Improper permissions on authorized_user_ids file path." + log error "Improper permissions on path '$AUTHORIZED_USER_IDS'." continue fi # check permissions on the authorized_keys file path if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then - log error "Improper permissions on authorized_keys file path path." + log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'." continue fi @@ -226,7 +227,7 @@ update_users() { # add user-controlled authorized_keys file path if specified if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then - log info "adding raw authorized_keys file... " + log verbose "adding raw authorized_keys file... " cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" fi @@ -345,7 +346,7 @@ EOF EOF ) - log info "generating server key..." + log verbose "generating server key..." echo "$keyParameters" | gpg_host --batch --gen-key # output the server fingerprint @@ -355,7 +356,7 @@ EOF fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring - log info "setting ultimate owner trust for server key..." + log verbose "setting ultimate owner trust for server key..." echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # translate the private key to ssh format, and export to a file @@ -567,6 +568,14 @@ diagnostics() { warnwindow='2 months' warndate=$(date +%s -d "$warnwindow") + if ! id monkeysphere >/dev/null ; then + echo "! No monkeysphere user found! Please create a monkeysphere system user." + fi + + if ! [ -d "$VARLIB" ] ; then + echo "! no $VARLIB directory found. Please create it." + fi + echo "Checking host GPG key..." if (( "$keysfound" < 1 )); then echo "! No host key found." @@ -857,7 +866,7 @@ unset MONKEYSPHERE_USER # defaults LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}} KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}} -AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.config/monkeysphere/authorized_user_ids"}} +AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}} RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}} MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}