From: Matt Goins Date: Mon, 27 Oct 2008 02:41:12 +0000 (-0400) Subject: Merge commit 'jrollins/master' X-Git-Tag: monkeysphere_0.23~172 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=af267413bbf572b3d63c26bbb64bc15d566e78c5;hp=b1244f1dc98230fc04bde76a89e88d7fa0d08053;p=monkeysphere.git Merge commit 'jrollins/master' --- diff --git a/debian/changelog b/debian/changelog index ad795e7..9aa2b0a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +monkeysphere (0.17-1) experimental; urgency=low + + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + + -- Jameson Graef Rollins Sun, 26 Oct 2008 21:49:17 -0400 + monkeysphere (0.16-1) experimental; urgency=low [ Daniel Kahn Gillmor ] diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 0c56279..fb71081 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -170,32 +170,8 @@ update_users() { continue fi - # set authorized_user_ids and raw authorized_keys variables, - # translating ssh-style path variables - authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") - rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS") - - # if neither is found, skip user - if [ ! -s "$authorizedUserIDs" ] ; then - if [ "$rawAuthorizedKeys" = '-' -o ! -s "$rawAuthorizedKeys" ] ; then - continue - fi - fi - log verbose "----- user: $uname -----" - # exit if the authorized_user_ids file is empty - if ! check_key_file_permissions "$uname" "$AUTHORIZED_USER_IDS" ; then - log error "Improper permissions on path '$AUTHORIZED_USER_IDS'." - continue - fi - - # check permissions on the authorized_keys file path - if ! check_key_file_permissions "$uname" "$RAW_AUTHORIZED_KEYS" ; then - log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'." - continue - fi - # make temporary directory TMPLOC=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) @@ -217,39 +193,60 @@ update_users() { chmod 0600 "$TMP_AUTHORIZED_USER_IDS" chown -R "$MONKEYSPHERE_USER" "$TMPLOC" - # if the authorized_user_ids file exists... + # process authorized_user_ids file + # translating ssh-style path variables + authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS") if [ -s "$authorizedUserIDs" ] ; then - # copy user authorized_user_ids file to temporary - # location - cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS" - - # export needed variables - export AUTHORIZED_KEYS - export TMP_AUTHORIZED_USER_IDS - - # process authorized_user_ids file, as monkeysphere - # user - su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" - RETURN="$?" + # check permissions on the authorized_user_ids file path + if check_key_file_permissions "$uname" "$authorizedUserIDs" ; then + # copy user authorized_user_ids file to temporary + # location + cat "$authorizedUserIDs" > "$TMP_AUTHORIZED_USER_IDS" + + # export needed variables + export AUTHORIZED_KEYS + export TMP_AUTHORIZED_USER_IDS + + # process authorized_user_ids file, as monkeysphere + # user + su_monkeysphere_user \ + ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" + RETURN="$?" + else + log error "Improper permissions on path '$AUTHORIZED_USER_IDS'." + fi fi - # add user-controlled authorized_keys file path if specified + # add user-controlled authorized_keys file if specified + # translate ssh-style path variables + rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS") if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then - log verbose "adding raw authorized_keys file... " - cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" + # check permissions on the authorized_keys file path + if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then + log verbose "adding raw authorized_keys file... " + cat "$rawAuthorizedKeys" >> "$AUTHORIZED_KEYS" + else + log error "Improper permissions on path '$RAW_AUTHORIZED_KEYS'. Not added to authorized_keys file." + fi fi - # openssh appears to check the contents of the - # authorized_keys file as the user in question, so the - # file must be readable by that user at least. - # FIXME: is there a better way to do this? - chown root "$AUTHORIZED_KEYS" - chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" - chmod g+r "$AUTHORIZED_KEYS" + # move the new authorized_keys file into place + if [ -s "$AUTHORIZED_KEYS" ] ; then + # openssh appears to check the contents of the + # authorized_keys file as the user in question, so the + # file must be readable by that user at least. + # FIXME: is there a better way to do this? + chown root "$AUTHORIZED_KEYS" + chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS" + chmod g+r "$AUTHORIZED_KEYS" + + mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}" + else + rm -f "${SYSDATADIR}/authorized_keys/${uname}" + fi - # move the resulting authorized_keys file into place - mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}" + # unset the trap + trap - EXIT # destroy temporary directory rm -rf "$TMPLOC" diff --git a/website/bugs/authorized_keys-options.mdwn b/website/bugs/authorized_keys-options.mdwn index a066318..4e7a838 100644 --- a/website/bugs/authorized_keys-options.mdwn +++ b/website/bugs/authorized_keys-options.mdwn @@ -1,7 +1,5 @@ [[meta title="Monkeysphere support for options in authorized_keys"]] -# Monkeysphere support for options within `authorized_keys` # - OpenSSH [allows users to control the capabilities granted to remote key-based logins](http://www.hackinglinuxexposed.com/articles/20030109.html) by diff --git a/website/bugs/authorized_keys_not_cleared.mdwn b/website/bugs/authorized_keys_not_cleared.mdwn index 7246997..4ba347b 100644 --- a/website/bugs/authorized_keys_not_cleared.mdwn +++ b/website/bugs/authorized_keys_not_cleared.mdwn @@ -18,3 +18,7 @@ bytes. However, it just remained untouched, and the old keys persisted. This seems like a potential security problem. + +--- + +[[bugs/done]] on 2008-10-26 in c8ab71b24b566967fdb39818d071f6548dc056c8 diff --git a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn index 8181437..3c7e804 100644 --- a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn +++ b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn @@ -19,3 +19,19 @@ revoked, so probably monkeysphere needs to be looking at gpg's computed validity from the public keyring instead of the secret keyring to be able to get the "r" flag from field 2, in addition to the "e" flag from field 12. + +--- + +So the problem is that there is no field 2 for secret keys. From +/usr/share/doc/gnupg/DETAILS.gz: + + 2. Field: A letter describing the calculated trust. This is a single + letter, but be prepared that additional information may follow + in some future versions. (not used for secret keys) + +Why would secret keys not have this field? They have validity too, +right? This doesn't make any sense. I verify that indeed there is no +output in field 2 for secret keys. I would say this is a bug in gpg, +but it's clearly done on purpose. Any ideas? + +-- jrollins diff --git a/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn b/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn deleted file mode 100644 index 2dac579..0000000 --- a/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn +++ /dev/null @@ -1,33 +0,0 @@ -In `~/.ssh/config`, i have: - - HashKnownHosts No - -But when `monkeysphere-ssh-proxycommand` adds new hosts to -`~/.ssh/known_hosts`, they appear to be added in a hashed form, -instead of in the clear. - -fwiw: i'm using OpenSSH 5.1p1 on a debian lenny system (backported -from sid) - ---- - -I can confirm this too (I'm running openssh-client 1:4.7p1-12) - --- Jamie (Jam Jam) - ---- - -There is absolutely no attempt by any monkeysphere utility to parse -any ssh or sshd config file. This will probably need to be delt with -down the line, but it's not a particular easy task at the moment. - --- Big Jimmy. - ---- - -I've [posted to the `openssh-unix-dev` list to see if there is a -possibility of openssh making our lives easier -here](http://marc.info/?l=openssh-unix-dev&m=121804767122918&w=2), but -i haven't had much of a response yet. - ---dkg diff --git a/website/bugs/ssh_config_files_not_parsed.mdwn b/website/bugs/ssh_config_files_not_parsed.mdwn new file mode 100644 index 0000000..ca851a8 --- /dev/null +++ b/website/bugs/ssh_config_files_not_parsed.mdwn @@ -0,0 +1,47 @@ +In `~/.ssh/config`, i have: + + HashKnownHosts No + +But when `monkeysphere-ssh-proxycommand` adds new hosts to +`~/.ssh/known_hosts`, they appear to be added in a hashed form, +instead of in the clear. + +fwiw: i'm using OpenSSH 5.1p1 on a debian lenny system (backported +from sid) + +--- + +I can confirm this too (I'm running openssh-client 1:4.7p1-12) + +-- Jamie (Jam Jam) + +--- + +There is absolutely no attempt by any monkeysphere utility to parse +any ssh or sshd config file. This will probably need to be delt with +down the line, but it's not a particular easy task at the moment. + +-- Big Jimmy. + +--- + +I've [posted to the `openssh-unix-dev` list to see if there is a +possibility of openssh making our lives easier +here](http://marc.info/?l=openssh-unix-dev&m=121804767122918&w=2), but +i haven't had much of a response yet. + +--dkg + +--- + +For some reason this didn't get mentioned in this bug earlier, but +there is a monkeysphere config variable about hashing known_hosts +lines, which is set to true by default (to be in sync with the Debian +openssh-client package). + +I think this bug is really more about the fact that monkeysphere does +not parse the ssh config files for any directives relavent to what the +monkeysphere is doing. I'm changing the name of this bug to reflect +what the real issue is. + +-- Big Jimmy.