X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=bfd5db84477cc40c5c3c9e044ebbd241cd7a0e98;hb=15637a9ab9b4fe7ea537988f5cc145d35948d783;hp=560d249867d780183f9b070ed341c099bf948963;hpb=b92675786ac883551528b3870c71c98066d60c0f;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 560d249..bfd5db8 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -31,10 +31,12 @@ usage: $PGRM [args] MonkeySphere server admin tool. subcommands: - update-users (s) [USER]... update users authorized_keys files gen-key (g) [HOSTNAME] generate gpg key for the server + show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server key to keyserver trust-keys (t) KEYID... mark keyids as trusted + + update-users (s) [USER]... update users authorized_keys files update-user-userids (u) USER UID... add/update user IDs for a user remove-user-userids (r) USER UID... remove user IDs for a user help (h,?) this help @@ -51,7 +53,7 @@ gen_key() { # set key defaults KEY_TYPE=${KEY_TYPE:-"RSA"} KEY_LENGTH=${KEY_LENGTH:-"2048"} - KEY_USAGE=${KEY_USAGE:-"auth,encrypt"} + KEY_USAGE=${KEY_USAGE:-"auth"} cat < "$AUTHORIZED_KEYS" + AUTHORIZED_KEYS=$(mktemp) # skip if the user's authorized_user_ids file is empty - if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - log "authorized_user_ids file for '$uname' is empty." + if [ ! -s "$authorizedUserIDs" ] ; then + log "authorized_user_ids file '$authorizedUserIDs' is empty." continue fi # process authorized_user_ids file log "processing authorized_user_ids file..." - process_authorized_user_ids + process_authorized_user_ids "$authorizedUserIDs" # add user-controlled authorized_keys file path if specified if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" != '-' ] ; then - userHome=$(getent passwd "$uname" | cut -d: -f6) - userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"} - log -n "adding user's authorized_keys file... " - cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS" - loge "done." + userAuthorizedKeys=$(translate_ssh_variables "$uname" "$USER_CONTROLLED_AUTHORIZED_KEYS") + if [ -f "$userAuthorizedKeys" ] ; then + log -n "adding user's authorized_keys file... " + cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS" + loge "done." + fi fi # move the temp authorized_keys file into place - mv -f "${CACHE}/authorized_keys/${uname}.tmp" "${CACHE}/authorized_keys/${uname}" + mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}" log "authorized_keys file updated." done @@ -195,6 +212,10 @@ case $COMMAND in gen_key "$1" ;; + 'show-fingerprint'|'f') + fingerprint_server_key + ;; + 'publish-key'|'p') publish_server_key ;; @@ -220,15 +241,16 @@ case $COMMAND in failure "You must specify at least one user ID." fi - # set variables for the user - AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" + # set authorized_user_ids variable, + # translate ssh-style path variables + authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") # make sure user's authorized_user_ids file exists - touch "$AUTHORIZED_USER_IDS" + touch "$authorizedUserIDs" # process the user IDs for userID ; do - update_userid "$userID" + update_userid "$userID" "$authorizedUserIDs" done log "Run the following to update user's authorized_keys file:" @@ -245,15 +267,18 @@ case $COMMAND in failure "You must specify at least one user ID." fi - # set variables for the user - AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" + # set authorized_user_ids variable, + # translate ssh-style path variables + authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") # make sure user's authorized_user_ids file exists - touch "$AUTHORIZED_USER_IDS" + if [ ! -f "$authorizedUserIDs" ] ; then + failure "authorized_user_ids file '$authorizedUserIDs' does not exist." + fi # process the user IDs for userID ; do - remove_userid "$userID" + remove_userid "$userID" "$authorizedUserIDs" done log "Run the following to update user's authorized_keys file:"