X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=b1cacf9e5c8843b2cdc49d8970dbf906da82a1b7;hb=f81f2c89fac457574ce9a427af6c91ba85461d34;hp=4c8ecdcfc48f991c8fd726e40c5fa7190882b75a;hpb=050302344aba552900a199d76fab57fd49c05795;p=monkeysphere.git

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 4c8ecdc..b1cacf9 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -1,9 +1,10 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # monkeysphere-server: MonkeySphere server admin tool
 #
 # The monkeysphere scripts are written by:
 # Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
 # They are Copyright 2008, and are all released under the GPL, version 3
@@ -19,7 +20,7 @@ export SHARE
 VARLIB="/var/lib/monkeysphere"
 export VARLIB
 
-# date in UTF format if needed
+# UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
 
 # unset some environment variables that could screw things up
@@ -33,7 +34,7 @@ RETURN=0
 ########################################################################
 
 usage() {
-    cat <<EOF
+    cat <<EOF >&2
 usage: $PGRM <subcommand> [options] [args]
 MonkeySphere server admin tool.
 
@@ -66,7 +67,7 @@ EOF
 }
 
 su_monkeysphere_user() {
-    su --preserve-environment "$MONKEYSPHERE_USER" -- -c "$@"
+    su -m "$MONKEYSPHERE_USER" -c "$@"
 }
 
 # function to interact with the host gnupg keyring
@@ -119,7 +120,7 @@ show_server_key() {
 
     # dumping to a file named ' ' so that the ssh-keygen output
     # doesn't claim any potentially bogus hostname(s):
-    tmpkey=$(mktemp -d)
+    tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
     gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
     echo -n "ssh fingerprint: "
     (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
@@ -156,7 +157,7 @@ update_users() {
     for uname in $unames ; do
 	# check all specified users exist
 	if ! getent passwd "$uname" >/dev/null ; then
-	    log "----- unknown user '$uname' -----"
+	    log error "----- unknown user '$uname' -----"
 	    continue
 	fi
 
@@ -172,40 +173,40 @@ update_users() {
 	    fi
 	fi
 
-	log "----- user: $uname -----"
+	log verbose "----- user: $uname -----"
 
         # exit if the authorized_user_ids file is empty
 	if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then
-	    log "Improper permissions on authorized_user_ids file path."
+	    log error "Improper permissions on path '$AUTHORIZED_USER_IDS'."
 	    continue
 	fi
 
 	# check permissions on the authorized_keys file path
 	if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then
-	    log "Improper permissions on authorized_keys file path path."
+	    log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'."
 	    continue
 	fi
 
         # make temporary directory
-        TMPDIR=$(mktemp -d)
+        TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
 
 	# trap to delete temporary directory on exit
-	trap "rm -rf $TMPDIR" EXIT
+	trap "rm -rf $TMPLOC" EXIT
 
         # create temporary authorized_user_ids file
-        TMP_AUTHORIZED_USER_IDS="${TMPDIR}/authorized_user_ids"
+        TMP_AUTHORIZED_USER_IDS="${TMPLOC}/authorized_user_ids"
         touch "$TMP_AUTHORIZED_USER_IDS"
 
         # create temporary authorized_keys file
-        AUTHORIZED_KEYS="${TMPDIR}/authorized_keys"
+        AUTHORIZED_KEYS="${TMPLOC}/authorized_keys"
         touch "$AUTHORIZED_KEYS"
 
         # set restrictive permissions on the temporary files
 	# FIXME: is there a better way to do this?
-        chmod 0700 "$TMPDIR"
+        chmod 0700 "$TMPLOC"
         chmod 0600 "$AUTHORIZED_KEYS"
         chmod 0600 "$TMP_AUTHORIZED_USER_IDS"
-        chown -R "$MONKEYSPHERE_USER" "$TMPDIR"
+        chown -R "$MONKEYSPHERE_USER" "$TMPLOC"
 
 	# if the authorized_user_ids file exists...
 	if [ -s "$authorizedUserIDs" ] ; then
@@ -226,9 +227,8 @@ update_users() {
 
 	# add user-controlled authorized_keys file path if specified
 	if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then
-	    log -n "adding raw authorized_keys file... "
+	    log verbose "adding raw authorized_keys file... "
 	    cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS"
-	    loge "done."
 	fi
 
 	# openssh appears to check the contents of the
@@ -243,7 +243,7 @@ update_users() {
 	mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}"
 
 	# destroy temporary directory
-	rm -rf "$TMPDIR"
+	rm -rf "$TMPLOC"
     done
 }
 
@@ -267,7 +267,7 @@ gen_key() {
     revoker=
 
     # get options
-    TEMP=$(getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@")
+    TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed!  Does your getopt support GNU-style long options?"
 
     if [ $? != 0 ] ; then
 	exit 1
@@ -299,7 +299,7 @@ gen_key() {
 	esac
     done
 
-    hostName=${1:-$(hostname --fqdn)}
+    hostName=${1:-$(hostname -f)}
     userID="ssh://${hostName}"
 
     # check for presense of key with user ID
@@ -346,7 +346,7 @@ EOF
 EOF
 )
 
-    log "generating server key..."
+    log verbose "generating server key..."
     echo "$keyParameters" | gpg_host --batch --gen-key
 
     # output the server fingerprint
@@ -356,7 +356,7 @@ EOF
     fingerprint=$(fingerprint_server_key)
 
     # export host ownertrust to authentication keyring
-    log "setting ultimate owner trust for server key..."
+    log verbose "setting ultimate owner trust for server key..."
     echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
 
     # translate the private key to ssh format, and export to a file
@@ -365,7 +365,7 @@ EOF
     (umask 077 && \
 	gpg_host --export-secret-key "$fingerprint" | \
 	openpgp2ssh "$fingerprint" > "${VARLIB}/ssh_host_rsa_key")
-    log "Private SSH host key output to file: ${VARLIB}/ssh_host_rsa_key"
+    log info "Private SSH host key output to file: ${VARLIB}/ssh_host_rsa_key"
 }
 
 # extend the lifetime of a host key:
@@ -469,7 +469,7 @@ revoke_hostname() {
     echo "WARNING: There is a known bug in this function."
     echo "This function has been known to occasionally revoke the wrong user ID."
     echo "Please see the following bug report for more information:"
-    echo "http://monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
+    echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
     read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
 	failure "aborting."
@@ -545,6 +545,7 @@ publish_server_key() {
     gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
 }
 
+
 diagnostics() {
 #  * check on the status and validity of the key and public certificates
     local seckey
@@ -558,6 +559,7 @@ diagnostics() {
     local fingerprint
     local badhostkeys
     local sshd_config
+    local problemsfound=0
 
     # FIXME: what's the correct, cross-platform answer?
     sshd_config=/etc/ssh/sshd_config
@@ -566,15 +568,27 @@ diagnostics() {
     curdate=$(date +%s)
     # warn when anything is 2 months away from expiration
     warnwindow='2 months'
-    warndate=$(date +%s -d "$warnwindow")
+    warndate=$(advance_date $warnwindow +%s)
+
+    if ! id monkeysphere >/dev/null ; then
+	echo "! No monkeysphere user found!  Please create a monkeysphere system user."
+	problemsfound=$(($problemsfound+1))
+    fi
+
+    if ! [ -d "$VARLIB" ] ; then
+	echo "! no $VARLIB directory found.  Please create it."
+	problemsfound=$(($problemsfound+1))
+    fi
 
     echo "Checking host GPG key..."
     if (( "$keysfound" < 1 )); then
 	echo "! No host key found."
 	echo " - Recommendation: run 'monkeysphere-server gen-key'"
+	problemsfound=$(($problemsfound+1))
     elif (( "$keysfound" > 1 )); then
 	echo "! More than one host key found?"
 	# FIXME: recommend a way to resolve this
+	problemsfound=$(($problemsfound+1))
     else
 	create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
 	expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
@@ -584,9 +598,11 @@ diagnostics() {
 	    if (( "$expire"  < "$curdate" )); then
 		echo "! Host key is expired."
 		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+		problemsfound=$(($problemsfound+1))
 	    elif (( "$expire" < "$warndate" )); then
-		echo "! Host key expires in less than $warnwindow:" $(date -d "$(( $expire - $curdate )) seconds" +%F)
+		echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
 		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	fi
 
@@ -594,6 +610,7 @@ diagnostics() {
 	if [ "$create" ] && (( "$create" > "$curdate" )); then
 	    echo "! Host key was created in the future(?!). Is your clock correct?"
 	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+	    problemsfound=$(($problemsfound+1))
 	fi
 
         # check for UserID expiration:
@@ -605,14 +622,17 @@ diagnostics() {
 	    if [ "$create" ] && (( "$create" > "$curdate" )); then
 		echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
 		echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	    if [ "$expire" ] ; then
 		if (( "$expire" < "$curdate" )); then
 		    echo "! User ID '$uid' is expired."
-			# FIXME: recommend a way to resolve this
+		    # FIXME: recommend a way to resolve this
+		    problemsfound=$(($problemsfound+1))
 		elif (( "$expire" < "$warndate" )); then
-		    echo "! User ID '$uid' expires in less than $warnwindow:" $(date -d "$(( $expire - $curdate )) seconds" +%F)		
+		    echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
 		    # FIXME: recommend a way to resolve this
+		    problemsfound=$(($problemsfound+1))
 		fi
 	    fi
 	done
@@ -632,20 +652,24 @@ diagnostics() {
 	echo "Checking host SSH key..."
 	if [ ! -s "${VARLIB}/ssh_host_rsa_key" ] ; then
 	    echo "! The host key as prepared for SSH (${VARLIB}/ssh_host_rsa_key) is missing or empty."
+	    problemsfound=$(($problemsfound+1))
 	else
-	    if [ $(stat -c '%a' "${VARLIB}/ssh_host_rsa_key") != 600 ] ; then
+	    if [ $(ls -l "${VARLIB}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
 		echo "! Permissions seem wrong for ${VARLIB}/ssh_host_rsa_key -- should be 0600."
+		problemsfound=$(($problemsfound+1))
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
 	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
 		echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
 		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+		problemsfound=$(($problemsfound+1))
 	    fi
-	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! $sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
 		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+		problemsfound=$(($problemsfound+1))
 	    fi
 	fi
     fi
@@ -659,17 +683,29 @@ diagnostics() {
 
 # FIXME:  make sure that at least one identity certifier exists
 
+# FIXME: look at the timestamps on the monkeysphere-generated
+# authorized_keys files -- warn if they seem out-of-date.
+
     echo
     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
     # Ensure that User ID authentication is enabled:
     if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
 	echo "! $sshd_config does not point to monkeysphere authorized keys."
 	echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+	problemsfound=$(($problemsfound+1))
     fi
-    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
 	echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
 	echo "$badauthorizedkeys"
 	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+	problemsfound=$(($problemsfound+1))
+    fi
+
+    if [ "$problemsfound" -gt 0 ]; then
+	echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
+	echo "  monkeysphere-server diagnostics"
+    else
+	echo "Everything seems to be in order!"
     fi
 }
 
@@ -690,7 +726,7 @@ add_certifier() {
     depth=1
 
     # get options
-    TEMP=$(getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@")
+    TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed!  Does your getopt support GNU-style long options?"
 
     if [ $? != 0 ] ; then
 	exit 1
@@ -724,12 +760,38 @@ add_certifier() {
 
     keyID="$1"
     if [ -z "$keyID" ] ; then
-	failure "You must specify the key ID of a key to add."
+	failure "You must specify the key ID of a key to add, or specify a file to read the key from."
     fi
+    if [ -f "$keyID" ] ; then
+	echo "Reading key from file '$keyID':"
+	importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
+	# FIXME: if this is tried when the key database is not
+	# up-to-date, i got these errors (using set -x):
+
+# ++ su -m monkeysphere -c '\''gpg --import'\''
+# Warning: using insecure memory!
+# gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+# gpg: Total number processed: 1
+# gpg:               imported: 1  (RSA: 1)
+# gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied
+# gpg: failed to rebuild keyring cache: Permission denied
+# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+# gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+# gpg: next trustdb check due at 2009-01-10'
+# + failure 'could not read key from '\''/root/dkg.gpg'\'''
+# + echo 'could not read key from '\''/root/dkg.gpg'\'''
+
+	keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
+	if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
+	    failure "Expected there to be a single gpg key in the file."
+	fi
+    else
+        # get the key from the key server
+	gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+    fi
+
     export keyID
 
-    # get the key from the key server
-    gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'"
 
     # get the full fingerprint of a key ID
     fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
@@ -856,8 +918,9 @@ unset MONKEYSPHERE_USER
 
 # set empty config variable with ones from the environment, or with
 # defaults
+LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}}
-AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.config/monkeysphere/authorized_user_ids"}}
+AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
 RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
 
@@ -871,6 +934,7 @@ GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${VARLIB}/gnu
 export DATE
 export MODE
 export MONKEYSPHERE_USER
+export LOG_LEVEL
 export KEYSERVER
 export CHECK_KEYSERVER
 export REQUIRED_USER_KEY_CAPABILITY