From: Micah Anderson <micah@riseup.net>
Date: Wed, 13 Aug 2008 04:31:11 +0000 (-0400)
Subject: Merge commit 'dkg/master'
X-Git-Tag: monkeysphere_0.8-1~31^2~6
X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=4d54f1d8b9a3d9ee4e6bd0b0d9fdccb99e6a6245;hp=-c;p=monkeysphere.git

Merge commit 'dkg/master'
---

4d54f1d8b9a3d9ee4e6bd0b0d9fdccb99e6a6245
diff --combined src/monkeysphere-server
index 1e5f209,9e025f9..3ca0656
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@@ -32,7 -32,7 +32,7 @@@ RETURN=
  ########################################################################
  
  usage() {
- cat <<EOF
+     cat <<EOF
  usage: $PGRM <subcommand> [options] [args]
  MonkeySphere server admin tool.
  
@@@ -56,7 -56,7 +56,7 @@@ subcommands
  
   gpg-authentication-cmd CMD          gnupg-authentication command
  
 - help (h,?)                          this help
 + -h|--help|help (h,?)                this help
  EOF
  }
  
@@@ -236,7 -236,7 +236,7 @@@ gen_key() 
      revoker=
  
      # get options
 -    TEMP=$(getopt -o l:e:r: -l length:,expire:,revoker: -n "$PGRM" -- "$@")
 +    TEMP=$(getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@")
  
      if [ $? != 0 ] ; then
  	exit 1
@@@ -468,14 -468,14 +468,14 @@@ diagnostics() 
  	    fi
  
  	    # propose changes needed for sshd_config (if any)
- 	    if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+ 	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
  		echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
  		echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
  	    fi
- 	    if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+ 	    if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
  		echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
  		echo "$badhostkeys"
- 		echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+ 		echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
  	    fi
  	fi
      fi
@@@ -489,6 -489,19 +489,19 @@@
  
  # FIXME:  make sure that at least one identity certifier exists
  
+     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+     # Ensure that User ID authentication is enabled:
+     if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+ 	echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+ 	echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+     fi
+     if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+ 	echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+ 	echo "$badauthorizedkeys"
+ 	echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+     fi
+ 
+ 
  }
  
  # retrieve key from web of trust, import it into the host keyring, and
@@@ -699,7 -712,7 +712,7 @@@ case $COMMAND i
  	gpg_authentication_cmd "$@"
  	;;
  
 -    'help'|'h'|'?')
 +    '--help'|'help'|'-h'|'h'|'?')
          usage
          ;;