X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=ce800593da8fec3cf82722393dc9ca7d05a31d3d;hb=38d9be677ee1928e92b6c914a5467fe9bf8bcd4e;hp=4d7acc6cb50276bb7a46ae589d3c6995ed540252;hpb=cc45c7363cf606e433a2c289de4bfa2dfe585c62;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 4d7acc6..ce80059 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -143,13 +143,15 @@ update_users() { log "----- user: $uname -----" + # exit if the authorized_user_ids file is empty if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then - log "Improper permissions on authorized_user_ids file." + log "Improper permissions on authorized_user_ids file path." continue fi + # check permissions on the authorized_keys file path if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then - log "Improper permissions on authorized_keys file." + log "Improper permissions on authorized_keys file path path." continue fi @@ -206,8 +208,7 @@ update_users() { chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" chmod g+r "$AUTHORIZED_KEYS" - # if the resulting authorized_keys file is not empty, move - # it into place + # move the resulting authorized_keys file into place mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}" # destroy temporary directory @@ -342,6 +343,10 @@ EOF fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \ grep '^fpr:' | head -1 | cut -d: -f10) + # export host ownertrust to authentication keyring + log "setting ultimate owner trust for server key..." + echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use @@ -429,9 +434,6 @@ add_certifier() { fi export keyID - # export host ownertrust to authentication keyring - gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust" - # get the key from the key server gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'" @@ -470,7 +472,7 @@ $domain y save EOF -) + ) # ltsign the key echo "$ltsignCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"