'update-known_hosts'|'update-known-hosts'|'k')
MODE='known_hosts'
+ # touch the known_hosts file so that the file permission check
+ # below won't fail upon not finding the file
+ (umask 0022 && touch "$KNOWN_HOSTS")
+
# check permissions on the known_hosts file path
- if ! check_key_file_permissions "$USER" "$KNOWN_HOSTS" ; then
- failure "Improper permissions on known_hosts file path."
- fi
+ check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
# if hosts are specified on the command line, process just
# those hosts
cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
# set up environment for testuser
-export HOME="$TEMPDIR"/testuser
-export GNUPGHOME="$HOME"/.gnupg
-export SSH_ASKPASS="$HOME"/.ssh/askpass
-export MONKEYSPHERE_HOME="$HOME"/.monkeysphere
-
-cat <<EOF >> "$HOME"/.ssh/config
-UserKnownHostsFile $HOME/.ssh/known_hosts
-IdentityFile $HOME/.ssh/no-such-identity
-ProxyCommand $HOME/.ssh/proxy-command %h %p $SOCKET
+TESTHOME="$TEMPDIR"/testuser
+export GNUPGHOME="$TESTHOME"/.gnupg
+export SSH_ASKPASS="$TESTHOME"/.ssh/askpass
+export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere
+
+cat <<EOF >> "$TESTHOME"/.ssh/config
+UserKnownHostsFile $TESTHOME/.ssh/known_hosts
+IdentityFile $TESTHOME/.ssh/no-such-identity
+ProxyCommand $TESTHOME/.ssh/proxy-command %h %p $SOCKET
EOF
cat <<EOF >> "$MONKEYSPHERE_HOME"/monkeysphere.conf
-KNOWN_HOSTS=$HOME/.ssh/known_hosts
+KNOWN_HOSTS=$TESTHOME/.ssh/known_hosts
EOF
get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf
### SERVER TESTS
-# setup monkeysphere temp gnupghome directories
+# setup monkeysphere directories
mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host
mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication
mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authorized_keys
# authorized_keys file, this is to make sure that the ssh
# authentication FAILS...
echo "### removing testuser authorized_user_ids and reupdating authorized_keys..."
-rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids
+rm -f "$TESTHOME"/.monkeysphere/authorized_user_ids
monkeysphere-server update-users $(whoami)
# make sure the user can NOT connect