it's never needed to be run manually, and can therefore be supressed
in the usage/documentation. Also, add setup to the postinst script so
that it's setup on installation.
Also add pipefail to ma, and try to supress unnecessary gpg output,
and redirect other to log debug.
-\fBmonkeysphere-authentication\fP takes various subcommands.
-.TP
-.B setup
-Setup the server for Monkeysphere user authentication. This command
-is idempotent, which means it can be run multiple times to make sure
-the setup is correct, without adversely affecting existing setups.
-`s' may be used in place of `setup'.
+\fBmonkeysphere-authentication\fP takes various subcommands:
.TP
.B update-users [ACCOUNT]...
Rebuild the monkeysphere-controlled authorized_keys files. For each
.TP
.B update-users [ACCOUNT]...
Rebuild the monkeysphere-controlled authorized_keys files. For each
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-id-certifiers'.
.TP
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-id-certifiers'.
.TP
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number
+
+Other commands:
+.TP
+.B setup
+Setup the server for Monkeysphere user authentication. This command
+is idempotent and run automatically by the other commands, and should
+therefore not usually need to be run manually. `s' may be used in
+place of `setup'.
+.TP
.B diagnostics
Review the state of the server with respect to authentication. `d'
may be used in place of `diagnostics'.
.B diagnostics
Review the state of the server with respect to authentication. `d'
may be used in place of `diagnostics'.
(multiple gpg arguments need to be quoted). Use this command with
caution, as modifying the authentication sphere keyring can affect ssh
user authentication.
(multiple gpg arguments need to be quoted). Use this command with
caution, as modifying the authentication sphere keyring can affect ssh
user authentication.
-.TP
-.B help
-Output a brief usage summary. `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
.SH SETUP USER AUTHENTICATION
.SH SETUP USER AUTHENTICATION
\fBmonkeysphere-host\fP takes various subcommands:
.TP
\fBmonkeysphere-host\fP takes various subcommands:
.TP
+.B import-key [NAME[:PORT]]
+Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is
+used to specify the hostname (and port) used in the user ID of the new
+OpenPGP key. If NAME is not specified, then the system
+fully-qualified domain name will be used (ie. `hostname -f'). If PORT
+is not specified, the no port is added to the user ID, which means
+port 22 is assumed. `i' may be used in place of `import-key'.
+.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
in place of `show-key'.
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
in place of `show-key'.
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
-.B import-key [NAME[:PORT]]
-Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is
-used to specify the hostname (and port) used in the user ID of the new
-OpenPGP key. If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f'). If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed. `i' may be used in place of `import-key'.
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number
+
+
+Other commands:
.TP
.B diagnostics
Review the state of the monkeysphere server host key and report on
.TP
.B diagnostics
Review the state of the monkeysphere server host key and report on
there is a valid host key, that the key is published, that the sshd
configuration points to the right place, etc. `d' may be used in
place of `diagnostics'.
there is a valid host key, that the key is published, that the sshd
configuration points to the right place, etc. `d' may be used in
place of `diagnostics'.
-.TP
-.B help
-Output a brief usage summary. `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
.SH SETUP HOST AUTHENTICATION
.SH SETUP HOST AUTHENTICATION
-# import the host ssh key into the monkeysphere, with no expiration
-# FIXME: figure out how to do this best
+# setup monkeysphere authentication
+monkeysphere-authentication setup
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
########################################################################
set -e
########################################################################
set -e
+# set the pipefail option so pipelines fail on first command failure
+set -o pipefail
+
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
Monkeysphere authentication admin tool.
subcommands:
Monkeysphere authentication admin tool.
subcommands:
- setup (s) setup monkeysphere user authentication
update-users (u) [USER]... update user authorized_keys files
add-id-certifier (c+) KEYID import and tsign a certification key
--domain (-n) DOMAIN limit ID certifications to DOMAIN
update-users (u) [USER]... update user authorized_keys files
add-id-certifier (c+) KEYID import and tsign a certification key
--domain (-n) DOMAIN limit ID certifications to DOMAIN
| grep ^fpr: | cut -d: -f10
}
| grep ^fpr: | cut -d: -f10
}
-# fail if authentication has not been setup
-check_no_setup() {
- # FIXME: what is the right test to do here?
- [ -d "$MADATADIR" ] \
- || failure "This host appears to have not yet been set up for Monkeysphere authentication.
-Please run 'monkeysphere-authentication setup' first."
-}
-
# export signatures from core to sphere
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
# export signatures from core to sphere
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
gpg_core --export-options export-local-sigs --export | \
- gpg_sphere "--import-options import-local-sigs --import"
+ gpg_sphere "--import-options import-local-sigs --import" \
+ 2>&1 | log debug
}
########################################################################
}
########################################################################
case $COMMAND in
'setup'|'setup'|'s')
source "${MASHAREDIR}/setup"
case $COMMAND in
'setup'|'setup'|'s')
source "${MASHAREDIR}/setup"
;;
'update-users'|'update-user'|'u')
;;
'update-users'|'update-user'|'u')
+ source "${MASHAREDIR}/setup"
+ setup
source "${MASHAREDIR}/update_users"
update_users "$@"
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
source "${MASHAREDIR}/update_users"
update_users "$@"
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+ source "${MASHAREDIR}/setup"
+ setup
source "${MASHAREDIR}/add_certifier"
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
source "${MASHAREDIR}/add_certifier"
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+ source "${MASHAREDIR}/setup"
+ setup
source "${MASHAREDIR}/remove_certifier"
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
source "${MASHAREDIR}/remove_certifier"
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+ source "${MASHAREDIR}/setup"
+ setup
source "${MASHAREDIR}/list_certifiers"
source "${MASHAREDIR}/list_certifiers"
+ source "${MASHAREDIR}/setup"
+ setup
source "${MASHAREDIR}/diagnostics"
diagnostics
;;
'gpg-cmd')
source "${MASHAREDIR}/diagnostics"
diagnostics
;;
'gpg-cmd')
+ source "${MASHAREDIR}/setup"
+ setup
GNUPGHOME="$GNUPGHOME_HOST" gpg "$@"
}
GNUPGHOME="$GNUPGHOME_HOST" gpg "$@"
}
-# command to list the info about the host key, in colon format
+# command to list the info about the host key, in colon format, to
+# stdout
gpg_host_list() {
gpg_host --list-keys --with-colons --fixed-list-mode \
--with-fingerprint --with-fingerprint \
gpg_host_list() {
gpg_host --list-keys --with-colons --fixed-list-mode \
--with-fingerprint --with-fingerprint \
# FIXME: should we supress all the edit script spew? or pipe it
# through log debug?
gpg_host_edit() {
# FIXME: should we supress all the edit script spew? or pipe it
# through log debug?
gpg_host_edit() {
- gpg_host --quiet --command-fd 0 --edit-key \
- "0x${HOST_FINGERPRINT}!" "$@"
+ gpg_host --quiet --command-fd 0 --no-tty --edit-key \
+ "0x${HOST_FINGERPRINT}!" "$@" 2>&1 | log debug
}
# export the host public key to the monkeysphere gpg pub key file
}
# export the host public key to the monkeysphere gpg pub key file
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."
if echo "$ltsignCommand" | \
# core ltsigns the newly imported certifier key
log debug "executing core ltsign script..."
if echo "$ltsignCommand" | \
- gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+ gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \
+ 2>&1 | log debug ; then
# transfer the new sigs back to the sphere keyring
gpg_core_sphere_sig_transfer
# update the sphere trustdb
log debug "updating sphere trustdb..."
# transfer the new sigs back to the sphere keyring
gpg_core_sphere_sig_transfer
# update the sphere trustdb
log debug "updating sphere trustdb..."
- gpg_sphere "--check-trustdb"
+ gpg_sphere "--check-trustdb" 2>&1 | log debug
log info "Identity certifier added."
else
log info "Identity certifier added."
else
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
PEM2OPENPGP_USAGE_FLAGS=certify \
PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
PEM2OPENPGP_USAGE_FLAGS=certify \
PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
+ | gpg_core --import 2>&1 | log debug \
|| failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
|| failure "Could not import new key for Monkeysphere authentication trust core"
# get fingerprint of core key. should definitely not be empty at this point
# export the core key to the sphere keyring
log debug "exporting core pub key to sphere keyring..."
# export the core key to the sphere keyring
log debug "exporting core pub key to sphere keyring..."
- gpg_core --export | gpg_sphere --import
+ gpg_core --quiet --export | gpg_sphere "--quiet --import"
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "setting ultimate owner trust on core key in gpg_sphere..."
# ensure that the authentication sphere checker has absolute ownertrust on the expected key.
log debug "setting ultimate owner trust on core key in gpg_sphere..."
- printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust
- gpg_sphere --export-ownertrust | log debug
+ printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust"
+ gpg_sphere "--export-ownertrust" 2>&1 | log debug
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
# check the owner trust
log debug "checking gpg_sphere owner trust set properly..."
local ORIG_TRUST
- if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then
+ if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings."
fi
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
# our preferences are reasonable (i.e. 3 marginal OR 1 fully
# trusted certifications are sufficient to grant full validity.
log debug "checking trust model for authentication ..."
- local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \
+ local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+ | gpg_host --import 2>&1 | log debug
# load the new host fpr into the fpr variable. this is so we can
# create the gpg pub key file. we have to do this from the secret key
# load the new host fpr into the fpr variable. this is so we can
# create the gpg pub key file. we have to do this from the secret key
# export to gpg public key to file
update_gpg_pub_file
# export to gpg public key to file
update_gpg_pub_file
+log info "host key imported:"
+
# show info about new key
show_key
# show info about new key
show_key
log debug "extending without prompting."
fi
log debug "extending without prompting."
fi
-log info "setting host key expiration to ${extendTo}:"
+log info "setting host key expiration to ${extendTo}."
log debug "executing host expire script..."
gpg_host_edit expire <<EOF
log debug "executing host expire script..."
gpg_host_edit expire <<EOF