process_user_id "$userID" "$cacheDir" > /dev/null
done
}
+
+# update the cache for userid, and prompt to add file to
+# authorized_user_ids file if the userid is found in gpg
+# and not already in file.
+update_userid() {
+ local userID
+ local cacheDir
+ local userIDKeyCache
+
+ userID="$1"
+ cacheDir="$2"
+
+ log "processing userid: '$userID'"
+ userIDKeyCache=$(process_user_id "$userID" "$cacheDir")
+ if [ -z "$userIDKeyCache" ] ; then
+ return 1
+ fi
+ if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
+ echo "the following userid is not in the authorized_user_ids file:"
+ echo " $userID"
+ read -p "would you like to add? [Y|n]: " OK; OK=${OK:=Y}
+ if [ ${OK/y/Y} = 'Y' ] ; then
+ log -n " adding userid to authorized_user_ids file... "
+ echo "$userID" >> "$AUTHORIZED_USER_IDS"
+ echo "done."
+ fi
+ fi
+}
+
+# retrieve key from web of trust, and set owner trust to "full"
+# if key is found.
+trust_key() {
+ # get the key from the key server
+ gpg --keyserver "$KEYSERVER" --recv-key "$keyID" || failure "could not retrieve key '$keyID'"
+
+ # edit the key to change trust
+ # FIXME: need to figure out how to automate this,
+ # in a batch mode or something.
+ gpg --edit-key "$keyID"
+}
#!/bin/sh
+# monkeysphere: MonkeySphere client tool
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
########################################################################
PGRM=$(basename $0)
Monkeysphere client tool.
subcommands:
- update-known-hosts (k) [HOST]... update known_hosts file
- update-authorized-keys (a) update authorized_keys file
- update-userid (u) [USERID]... add/update userid to
- authorized_user_ids
- help (h,?) this help
+ update-known-hosts (k) [HOST]... update known_hosts file
+ update-authorized-keys (a) update authorized_keys file
+ update-userids (u) [USERID]... add/update userid
+ gen-ae-subkey (g) generate an 'ae' capable subkey
+ help (h,?) this help
EOF
}
log "$msAuthorizedKeys"
;;
- 'update-userid'|'u')
+ 'update-userids'|'u')
if [ -z "$1" ] ; then
failure "you must specify at least one userid."
fi
for userID ; do
- if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
- log "userid '$userID' not in authorized_user_ids file."
- continue
- fi
- log "processing user id: '$userID'"
- process_user_id "$userID" "$userKeysCacheDir" > /dev/null
+ update_userid "$userID" "$userKeysCacheDir"
done
;;
+ 'gen-ae-subkey'|)
+ failure "function not implemented yet."
+ ;;
+
'help'|'h'|'?')
usage
;;
#!/bin/sh
+# monkeysphere-server: MonkeySphere server admin tool
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
########################################################################
PGRM=$(basename $0)
Monkeysphere server admin tool.
subcommands:
- update-users (s) [USER]... update authorized_keys file
- gen-key (g) generate gpg key for the host
- publish-key (p) publish host gpg to keyserver
- trust-key (t) KEYID [KEYID]... mark keyid as trusted
- update-user-userid (u) USER UID [UID]... add/update userid for user
- help (h,?) this help
+ update-users (s) [USER]... update user authorized_keys file
+ gen-key (g) generate gpg key for the server
+ publish-key (p) publish server gpg to keyserver
+ trust-key (t) KEYID [KEYID]... mark keyid as trusted
+ update-user-userids (u) USER UID [UID]... add/update userid for user
+ help (h,?) this help
EOF
}
echo "gpg --send-keys --keyserver $KEYSERVER $keyID"
}
-# trust key
-trust_key() {
- for keyID ; do
- # get the key from the key server
- gpg --keyserver "$KEYSERVER" --recv-key "$keyID" || failure "could not retrieve key '$keyID'"
-
- # edit the key to change trust
- # FIXME: need to figure out how to automate this,
- # in a batch mode or something.
- gpg --edit-key "$keyID"
- done
-}
-
########################################################################
# MAIN
########################################################################
if [ -z "$1" ] ; then
failure "you must specify at least one key to trust."
fi
- trust_key "$@"
+ for keyID ; do
+ trust_key "$keyID"
+ done
;;
- 'update-user-userid'|'u')
+ 'update-user-userids'|'u')
uname="$1"
shift
if [ -z "$uname" ] ; then
if [ -z "$1" ] ; then
failure "you must specify at least one userid."
fi
+ AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
+ userKeysCacheDir="$STAGING_AREA"/"$uname"/user_keys
for userID ; do
- AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
- if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
- log "userid '$userID' not in authorized_user_ids file."
- continue
- fi
- log "processing user id: '$userID'"
- process_user_id "$userID" "$userKeysCacheDir" > /dev/null
+ update_userid "$userID" "$userKeysCacheDir"
done
;;
#!/bin/sh -e
-# MonkeySphere ssh ProxyCommand hook
-# Proxy command script to initiate a monkeysphere known_hosts update
-# before an ssh connection to host is established.
-# Can be added to ~/.ssh/config as follows:
-# ProxyCommand monkeysphere-ssh-proxycommand %h %p
+# monkeysphere-ssh-proxycommand: MonkeySphere ssh ProxyCommand hook
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@fifthhorseman.net>
+#
+# They are Copyright 2008, and are all released under the GPL, version 3
+# or later.
+
+# This is meant to be run as an ssh ProxyCommand to initiate a
+# monkeysphere known_hosts update before an ssh connection to host is
+# established. Can be added to ~/.ssh/config as follows:
+# ProxyCommand monkeysphere-ssh-proxycommand %h %p
HOST="$1"
PORT="$2"
# update the known_hosts file for the host
monkeysphere update-known-hosts "$HOST"
-# make a netcat connection to host for the ssh connection
+# exec a netcat passthrough to host for the ssh connection
exec nc "$HOST" "$PORT"