From: Jameson Graef Rollins Date: Wed, 9 Jul 2008 23:41:03 +0000 (-0400) Subject: A bunch of changes for variable scoping, exit codes, etc. See X-Git-Tag: monkeysphere_0.4-1~12 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=c8b42c1d77005ab3f41d20cc2524f4307086ec4f;p=monkeysphere.git A bunch of changes for variable scoping, exit codes, etc. See debian/changelog. --- diff --git a/debian/changelog b/debian/changelog index 1f1db61..48af4d7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,8 +7,12 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low * Privilege separation: use monkeysphere user to handle maintenance of the gnupg authentication keychain for server. * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. - -- Jameson Graef Rollins Sun, 29 Jun 2008 14:14:59 -0400 + -- Jameson Graef Rollins Wed, 09 Jul 2008 19:39:44 -0400 monkeysphere (0.3-1) experimental; urgency=low diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst index 87fbe12..a133a4b 100755 --- a/debian/monkeysphere.postinst +++ b/debian/monkeysphere.postinst @@ -28,7 +28,7 @@ install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg- # install authentication gpg.conf cat < "$VARLIB"/gnupg-authentication/gpg.conf list-options show-uid-validity -primary-keyring ${VARLIB}/gnupg-authentication/pubring.gpg -keyring ${VARLIB}/gnupg-host/pubring.gpg +primary-keyring "$VARLIB"/gnupg-authentication/pubring.gpg +keyring "$VARLIB"/gnupg-host/pubring.gpg EOF chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf index defb0f7..15f43b1 100644 --- a/etc/monkeysphere-server.conf +++ b/etc/monkeysphere-server.conf @@ -2,8 +2,11 @@ # This is an sh-style shell configuration file. Variable names should # be separated from their assignements by a single '=' and no spaces. +# Environement variables with the same names as these variables but +# prefeced by "MONKEYSPHERE_" will take precedence over the values +# specified here. -# GPG keyserver to search for keys +# GPG keyserver to search for keys. #KEYSERVER=subkeys.pgp.net # Path to authorized_user_ids file to process to create @@ -20,3 +23,6 @@ # FIXME: this usage of "-" contravenes the normal convention where "-" # means standard in/out. Why not use "none" or "" instead? #RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" + +# User who controls the monkeysphere authentication keyring. +#MONKEYSPHERE_USER=monkeysphere diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index aa3a664..2648fa9 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -2,11 +2,17 @@ # This is an sh-style shell configuration file. Variable names should # be separated from their assignements by a single '=' and no spaces. +# Environement variables with the same names as these variables but +# prefeced by "MONKEYSPHERE_" will take precedence over the values +# specified here. -# GPG home directory -#GNUPGHOME=~/.gnupg +# GPG home directory. If not specified either here or in the +# MONKEYSPHERE_GNUPGHOME environment variable, then the value of the +# GNUPGHOME environment variable will be used. If GNUPGHOME is not +# set either, then the default value is listed below. +# GNUPGHOME=~/.gnupg -# GPG keyserver to search for keys +# GPG keyserver to search for keys. #KEYSERVER=subkeys.pgp.net # Set whether or not to check keyservers at every monkeysphere @@ -17,12 +23,12 @@ # of the keyserver. #CHECK_KEYSERVER=true -# ssh known_hosts file +# The path to the SSH known_hosts file. #KNOWN_HOSTS=~/.ssh/known_hosts # Whether or not to hash the generated known_hosts lines. -# Should be "true" or "false" +# Should be "true" or "false". #HASH_KNOWN_HOSTS=true -# ssh authorized_keys file (FIXME: why is this relevant in this file?) +# The path to the SSH authorized_keys file. #AUTHORIZED_KEYS=~/.ssh/authorized_keys diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 45605da..f33ffea 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -35,9 +35,10 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP -.B gen-key -Generate a OpenPGP key pair for the host. `g' may be used in place of -`gen-key'. +.B gen-key [HOSTNAME] +Generate a OpenPGP key pair for the host. If HOSTNAME is not +specified, then the system fully-qualified domain name will be user. +`g' may be used in place of `gen-key'. .TP .B show-fingerprint Show the fingerprint for the host's OpenPGP key. `f' may be used in place of diff --git a/src/common b/src/common index d20d306..5d43fa4 100644 --- a/src/common +++ b/src/common @@ -83,10 +83,11 @@ remove_line() { file="$1" string="$2" - # if the line is there are removed, return 0 - if [ "$file" -a "$string" ] ; then + # if the string is in the file and removed, return 0 + if grep -q -F "$string" "$file" 2> /dev/null ; then grep -v -F "$string" "$file" | sponge "$file" return 0 + # otherwise return 1 else return 1 @@ -112,6 +113,11 @@ translate_ssh_variables() { echo "$path" } +# test that a string to conforms to GPG's expiration format +test_gpg_expire() { + echo "$1" | egrep -q "^[0-9][mwy]?$" +} + ### CONVERSION UTILITIES # output the ssh key for a given key ID @@ -256,14 +262,14 @@ process_user_id() { fi requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") + # fetch the user ID if necessary/requested + gpg_fetch_userid "$userID" + # output gpg info for (exact) userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) - # fetch the user ID if necessary/requested - gpg_fetch_userid "$userID" - # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then log " - key not found." @@ -380,10 +386,10 @@ process_user_id() { process_host_known_hosts() { local host local userID + local nKeys + local nKeysOK local ok local keyid - local idOK - local idRemoved local tmpfile host="$1" @@ -392,17 +398,26 @@ process_host_known_hosts() { userID="ssh://${host}" + nKeys=0 + nKeysOK=0 + for line in $(process_user_id "ssh://${host}") ; do + # note that key was found + nKeys=$((nKeys+1)) + ok=$(echo "$line" | cut -d: -f1) keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") # remove the old host key line, and note if removed - remove_line "$KNOWN_HOSTS" "$sshKey" && idRemoved=true + remove_line "$KNOWN_HOSTS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then + # note that key was found ok + nKeysOK=$((nKeysOK+1)) + # hash if specified if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then # FIXME: this is really hackish cause ssh-keygen won't @@ -415,21 +430,19 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi - - # note that at least one ok id was found - idOK=true fi done - # if at least one ok id was found, return 0 - if [ "$idOK" ] ; then - return 0 - - # if ids were only removed, return 2 - elif [ "$idRemoved" ] ; then - return 2 - - # else return 1, to indicate nothing happened + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 else return 1 fi @@ -439,9 +452,9 @@ process_host_known_hosts() { # line update_known_hosts() { local nHosts - local host local nHostsOK local nHostsBAD + local host # the number of hosts specified on command line nHosts="$#" @@ -480,17 +493,19 @@ update_known_hosts() { log "known_hosts file updated." fi - # if all hosts were OK, return 0 - if [ "$nHostsOK" -eq "$nHosts" ] ; then + # if an acceptable host was found, return 0 + if [ "$nHostsOK" -gt 0 ] ; then return 0 - - # if all hosts were BAD, return 2 - elif [ "$nHostsBAD" -eq "$nHosts" ] ; then - return 2 - - # else return 1 + # else if no ok hosts were found... else - return 1 + # if no bad host were found then no hosts were found at all, + # and return 1 + if [ "$nHostsBAD" -eq 0 ] ; then + return 1 + # else if at least one bad host was found, return 2 + else + return 2 + fi fi } @@ -511,42 +526,49 @@ process_known_hosts() { # process uids for the authorized_keys file process_uid_authorized_keys() { local userID + local nKeys + local nKeysOK local ok local keyid - local idOK - local idRemoved userID="$1" log "processing user ID: $userID" + nKeys=0 + nKeysOK=0 + for line in $(process_user_id "$userID") ; do + # note that key was found + nKeys=$((nKeys+1)) + ok=$(echo "$line" | cut -d: -f1) keyid=$(echo "$line" | cut -d: -f2) sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_line "$AUTHORIZED_KEYS" "$sshKey" && idRemoved=true + remove_line "$AUTHORIZED_KEYS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then - ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" + # note that key was found ok + nKeysOK=$((nKeysOK+1)) - # note that at least one ok id was found - idOK=true + ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" fi done - # if at least one ok id was found, return 0 - if [ "$idOK" ] ; then - return 0 - - # if ids were only removed, return 2 - elif [ "$idRemoved" ] ; then - return 2 - - # else return 1, to indicate nothing happened + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 else return 1 fi @@ -599,17 +621,19 @@ update_authorized_keys() { log "authorized_keys file updated." fi - # if all ids were OK, return 0 - if [ "$nIDsOK" -eq "$nIDs" ] ; then + # if an acceptable id was found, return 0 + if [ "$nIDsOK" -gt 0 ] ; then return 0 - - # if all ids were BAD, return 2 - elif [ "$nIDsBAD" -eq "$nIDs" ] ; then - return 2 - - # else return 1 + # else if no ok ids were found... else - return 1 + # if no bad ids were found then no ids were found at all, and + # return 1 + if [ "$nIDsBAD" -eq 0 ] ; then + return 1 + # else if at least one bad id was found, return 2 + else + return 2 + fi fi } diff --git a/src/monkeysphere b/src/monkeysphere index b10adb7..59b7e4a 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -11,18 +11,15 @@ ######################################################################## PGRM=$(basename $0) -SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"} -export SHAREDIR -. "${SHAREDIR}/common" || exit 1 - -GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"} -[ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG" +SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"} +export SHARE +. "${SHARE}/common" || exit 1 # date in UTF format if needed DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up -GREP_OPTIONS= +unset GREP_OPTIONS # default return code ERR=0 @@ -40,6 +37,8 @@ subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file gen-subkey (g) KEYID generate an 'a' capable subkey + -l|--length BITS key length in bits (2048) + -e|--expire EXPIRE date to expire help (h,?) this help EOF @@ -79,11 +78,12 @@ gen_subkey(){ fi # set subkey defaults - SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"} - SUBKEY_LENGTH=${SUBKEY_LENGTH:-} - SUBKEY_USAGE=${SUBKEY_USAGE:-"auth"} - SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"} - cat < = key expires in n days @@ -91,7 +91,16 @@ Please specify how long the key should be valid. m = key expires in n months y = key expires in n years EOF - read -p "Key is valid for? ($SUBKEY_EXPIRE) " SUBKEY_EXPIRE; SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"} + while [ -z "$KEY_EXPIRE" ] ; do + read -p "Key is valid for? (0) " KEY_EXPIRE + if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then + echo "invalid value" + unset KEY_EXPIRE + fi + done + elif ! test_gpg_expire "$KEY_EXPIRE" ; then + failure "invalid key expiration value '$KEY_EXPIRE'." + fi # generate the list of commands that will be passed to edit-key editCommands=$(cat < /dev/null 2>&1 ; then failure "Key for '$userID' already exists" fi - # set key defaults - KEY_TYPE=${KEY_TYPE:-"RSA"} - KEY_LENGTH=${KEY_LENGTH:-"2048"} - KEY_USAGE=${KEY_USAGE:-"auth"} - KEY_EXPIRE=${KEY_EXPIRE:-"0"} - cat < = key expires in n days @@ -220,7 +232,16 @@ Please specify how long the key should be valid. m = key expires in n months y = key expires in n years EOF - read -p "Key is valid for? ($KEY_EXPIRE) " KEY_EXPIRE; KEY_EXPIRE=${KEY_EXPIRE:-"0"} + while [ -z "$KEY_EXPIRE" ] ; do + read -p "Key is valid for? (0) " KEY_EXPIRE + if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then + echo "invalid value" + unset KEY_EXPIRE + fi + done + elif ! test_gpg_expire "$KEY_EXPIRE" ; then + failure "invalid key expiration value '$KEY_EXPIRE'." + fi # set key parameters keyParameters=$(cat <&1 >/dev/null ; then # do not check the keyserver - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"} + CHECK_KEYSERVER="false" # if the host is NOT in the keyring... else # if the host key is found in the known_hosts file... # FIXME: this only works for default known_hosts location hostKey=$(ssh-keygen -F "$HOST") + if [ "$hostKey" ] ; then # do not check the keyserver # FIXME: more nuanced checking should be done here to properly # take into consideration hosts that join monkeysphere by # converting an existing and known ssh key - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"} + CHECK_KEYSERVER="false" # if the host key is not found in the known_hosts file... else # check the keyserver - CHECK_KEYSERVER=${CHECK_KEYSERVER:-"true"} + CHECK_KEYSERVER="true" fi fi -export CHECK_KEYSERVER + +MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"} +export MONKEYSPHERE_CHECK_KEYSERVER # update the known_hosts file for the host monkeysphere update-known_hosts "$HOSTP"