X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fcommon;h=96fea7721ac3fdc31e7b922b82871a1cf4c4acda;hb=4465c13b93d3d4bc1cb59c5506775b4fc0274058;hp=773c11fe9fe42a6e3ef21ba5ecc9f856fb64500e;hpb=f85639e234d72429a2d848b1b875d615a47bf120;p=monkeysphere.git diff --git a/src/share/common b/src/share/common index 773c11f..96fea77 100644 --- a/src/share/common +++ b/src/share/common @@ -23,6 +23,21 @@ export SYSCONFIGDIR # monkeysphere version VERSION=__VERSION__ +# default log level +LOG_LEVEL="INFO" + +# default keyserver +KEYSERVER="pool.sks-keyservers.net" + +# whether or not to check keyservers by defaul +CHECK_KEYSERVER="true" + +# default monkeysphere user +MONKEYSPHERE_USER="monkeysphere" + +# default about whether or not to prompt +PROMPT="true" + ######################################################################## ### UTILITY FUNCTIONS @@ -92,6 +107,20 @@ log() { # run command as monkeysphere user su_monkeysphere_user() { + # our main goal here is to run the given command as the the + # monkeysphere user, but without prompting for any sort of + # authentication. If this is not possible, we should just fail. + + # FIXME: our current implementation is overly restrictive, because + # there may be some su PAM configurations that would allow su + # "$MONKEYSPHERE_USER" -c "$@" to Just Work without prompting, + # allowing specific users to invoke commands which make use of + # this user. + + # chpst (from runit) would be nice to use, but we don't want to + # introduce an extra dependency just for this. This may be a + # candidate for re-factoring if we switch implementation languages. + case $(id -un) in # if monkeysphere user, run the command under bash "$MONKEYSPHERE_USER") @@ -120,6 +149,11 @@ cutline() { head --line="$1" "$2" | tail -1 } +# make a temporary directly +msmktempdir() { + mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX +} + # this is a wrapper for doing lock functions. # # it lets us depend on either lockfile-progs (preferred) or procmail's @@ -781,6 +815,9 @@ process_host_known_hosts() { local sshKey local tmpfile + # set the key processing mode + export MODE='known_hosts' + host="$1" userID="ssh://${host}" @@ -860,6 +897,13 @@ update_known_hosts() { nHostsOK=0 nHostsBAD=0 + # touch the known_hosts file so that the file permission check + # below won't fail upon not finding the file + (umask 0022 && touch "$KNOWN_HOSTS") + + # check permissions on the known_hosts file path + check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure + # create a lockfile on known_hosts: lock create "$KNOWN_HOSTS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -914,6 +958,11 @@ update_known_hosts() { process_known_hosts() { local hosts + # exit if the known_hosts file does not exist + if [ ! -e "$KNOWN_HOSTS" ] ; then + failure "known_hosts file '$KNOWN_HOSTS' does not exist." + fi + log debug "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') @@ -937,6 +986,9 @@ process_uid_authorized_keys() { local ok local sshKey + # set the key processing mode + export MODE='authorized_keys' + userID="$1" log verbose "processing: $userID" @@ -998,6 +1050,9 @@ update_authorized_keys() { nIDsOK=0 nIDsBAD=0 + # check permissions on the authorized_keys file path + check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure + # create a lockfile on authorized_keys lock create "$AUTHORIZED_KEYS" # FIXME: we're discarding any pre-existing EXIT trap; is this bad? @@ -1063,6 +1118,14 @@ process_authorized_user_ids() { authorizedUserIDs="$1" + # exit if the authorized_user_ids file is empty + if [ ! -e "$authorizedUserIDs" ] ; then + failure "authorized_user_ids file '$authorizedUserIDs' does not exist." + fi + + # check permissions on the authorized_user_ids file path + check_key_file_permissions "$USER" "$authorizedUserIDs" || failure + log debug "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then