Fix bug in configuration handling for HASH_KNOWN_HOSTS and
authorJameson Graef Rollins <jrollins@phys.columbia.edu>
Mon, 16 Jun 2008 18:43:40 +0000 (14:43 -0400)
committerJameson Graef Rollins <jrollins@phys.columbia.edu>
Mon, 16 Jun 2008 18:43:40 +0000 (14:43 -0400)
USER_CONTROLLED_AUTHORIZED_KEYS

etc/monkeysphere-server.conf
etc/monkeysphere.conf
src/common
src/monkeysphere
src/monkeysphere-server

index 82da49783f91fc3faff6c1fd240af84596efa2b1..3915bf46f4168d7c1a25e89148920c75566e3f66 100644 (file)
@@ -20,4 +20,5 @@
 # Whether to add user controlled authorized_keys file to
 # monkeysphere-generated authorized_keys file.  Should be path to file
 # where '%h' will be replaced by the home directory of the user.
+# To not add any user-controlled file, put "-"
 #USER_CONTROLLED_AUTHORIZED_KEYS=%h/.ssh/authorized_keys
index d478b9315843ddb0cd93437494e322dff038d642..003ecf689591c2b61440158564afac854a900e88 100644 (file)
 #REQUIRED_USER_KEY_CAPABILITY="a"
 
 # Path to user-controlled authorized_keys file to add to
-# Monkeysphere-generated authorized_keys file. If empty, then no
-# user-controlled file will be added.
+# Monkeysphere-generated authorized_keys file.
+# To not add any user-controlled file, put "-"
 #USER_CONTROLLED_AUTHORIZED_KEYS=~/.ssh/authorized_keys
 
 # User known_hosts file
 #USER_KNOWN_HOSTS=~/.ssh/known_hosts
 
-# Whether or not to hash the generated known_hosts lines
-# (empty mean "no").
-#HASH_KNOWN_HOSTS=
-
+# Whether or not to hash the generated known_hosts lines.
+# Should be "true" or "false"
+#HASH_KNOWN_HOSTS=true
index 471e75a6143aa23138602c1d2ef85d65802d80fb..c0a903054983c0c1aa130e8c2452eefc83bc9a7f 100644 (file)
@@ -275,7 +275,7 @@ process_user_id() {
                gpg2known_hosts "$keyID" "$userID" >> \
                    "$cacheDir"/"$userIDHash"."$pubKeyID"
                # hash the cache file if specified
-               if [ "$HASH_KNOWN_HOSTS" ] ; then
+               if [ "$HASH_KNOWN_HOSTS" = "true" ] ; then
                    ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
                    rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
                fi
@@ -408,7 +408,7 @@ update_authorized_keys() {
     else
        log "no gpg keys to add."
     fi
-    if [ "$userAuthorizedKeys" -a -s "$userAuthorizedKeys" ] ; then
+    if [ "$userAuthorizedKeys" != "-" -a -s "$userAuthorizedKeys" ] ; then
        log -n "adding user authorized_keys file... "
        cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
        echo "done."
index 79bc352c9a06fbbeea60aea838b79c7ae2b553f3..a6ca62d7949189104cea0978e814b723b160143e 100755 (executable)
@@ -115,7 +115,7 @@ GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
 REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
+USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
 USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
 HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
 
@@ -191,11 +191,8 @@ case $COMMAND in
            failure "$AUTHORIZED_USER_IDS is empty."
        fi
 
-       # set user-controlled authorized_keys file path
-       userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"}
-
        # update authorized_keys
-       update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir"
+       update_authorized_keys "$msAuthorizedKeys" "$USER_CONTROLLED_AUTHORIZED_KEYS" "$userKeysCacheDir"
        ;;
 
     'gen-subkey'|'g')
index 3cc7454faec27528e4e9822020a373010e6e2144..cdb76eef5722c50acaae8bb4ffd79165dcea21cb 100755 (executable)
@@ -111,10 +111,10 @@ MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
 [ -e "$MS_CONF" ] && . "$MS_CONF"
 
 # set empty config variable with defaults
-GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg}
-KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
+GNUPGHOME=${GNUPGHOME:-"${MS_HOME}/gnupg"}
+KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
+USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
 
 export GNUPGHOME