From 691e5d2ec8efeb4d77b17b1ad852fdbec31ce136 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 16 Dec 2008 22:00:36 -0500 Subject: [PATCH] get rid of getopts. add checks for root user, and better checking of presence of host key. --- packaging/debian/changelog | 4 +- src/monkeysphere | 18 ++--- src/monkeysphere-server | 149 ++++++++++++++++++++----------------- 3 files changed, 87 insertions(+), 84 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 2aaa9ca..55f0aaf 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -3,8 +3,10 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low * New upstream release: - added better checks for the existence of a host private key for functions that require it to be there. + - add checks for root users, for functions where it is required. + - get rid of getopts. - -- Jameson Graef Rollins Sun, 30 Nov 2008 17:14:50 -0500 + -- Jameson Graef Rollins Tue, 16 Dec 2008 15:26:53 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/monkeysphere b/src/monkeysphere index 523ddfe..c003706 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -63,15 +63,6 @@ gen_subkey(){ keyExpire= # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" - - if [ $? != 0 ] ; then - exit 1 - fi - - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" - while true ; do case "$1" in -l|--length) @@ -82,10 +73,11 @@ gen_subkey(){ keyExpire="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac diff --git a/src/monkeysphere-server b/src/monkeysphere-server index c4f6985..7d7578d 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -117,40 +117,59 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } -# function to check for host secret keys -# fails if host sec key exists, exits true otherwise -check_host_keyring() { - if ! gpg_host --list-secret-keys --fingerprint \ - --with-colons --fixed-list-mode 2>/dev/null | grep -q '^sec:' ; then +# check if user is root +is_root() { + [ $(id -u 2>/dev/null) = '0' ] +} - failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." - fi +# check that user is root, for functions that require root access +check_user() { + is_root || failure "You must be root to run this command." } # output just key fingerprint fingerprint_server_key() { + # set the pipefail option so functions fails if can't read sec key + set -o pipefail + gpg_host --list-secret-keys --fingerprint \ --with-colons --fixed-list-mode 2> /dev/null | \ - grep '^fpr:' | head -1 | cut -d: -f10 + grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null +} + +# function to check for host secret key +check_host_keyring() { + fingerprint_server_key >/dev/null \ + || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." } # output key information show_server_key() { - local fingerprint - local tmpkey + local fingerprintPGP + local fingerprintSSH + local ret=0 - fingerprint=$(fingerprint_server_key) - gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint" - - # do some crazy "Here Strings" redirection to get the key to - # ssh-keygen, since it doesn't read from stdin cleanly - echo -n "ssh fingerprint: " - ssh-keygen -l -f /dev/stdin \ - <<<$(gpg_authentication "--export $fingerprint" | \ - openpgp2ssh "$fingerprint" 2>/dev/null) | \ - awk '{ print $1, $2, $4 }' - echo -n "OpenPGP fingerprint: " - echo "$fingerprint" + # FIXME: you shouldn't have to be root to see the host key fingerprint + if is_root ; then + check_host_keyring + fingerprintPGP=$(fingerprint_server_key) + gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null + echo "OpenPGP fingerprint: $fingerprintPGP" + else + log info "You must be root to see host OpenPGP fingerprint." + ret='1' + fi + + if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then + fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \ + awk '{ print $1, $2, $4 }') + echo "ssh fingerprint: $fingerprintSSH" + else + log info "SSH host key not found." + ret='1' + fi + + return $ret } # update authorized_keys for users @@ -311,15 +330,6 @@ gen_key() { revoker= # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" - - if [ $? != 0 ] ; then - exit 1 - fi - - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" - while true ; do case "$1" in -l|--length) @@ -334,10 +344,11 @@ gen_key() { revoker="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac @@ -346,33 +357,29 @@ gen_key() { hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" - # check for presense of key with user ID + # check for presense of secret key # FIXME: is this the proper test to be doing here? - if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then - failure "Key for '$userID' already exists" - fi + fingerprint_server_key >/dev/null \ + && failure "A key for this host already exists." # prompt about key expiration if not specified keyExpire=$(get_gpg_expiration "$keyExpire") # set key parameters - keyParameters=$(cat < "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + + # show info about new key + show_server_key } # extend the lifetime of a host key: @@ -478,7 +485,7 @@ $userID save EOF - ) +) # execute edit-key script if echo "$adduidCommand" | \ @@ -778,15 +785,6 @@ add_certifier() { depth=1 # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" - - if [ $? != 0 ] ; then - exit 1 - fi - - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" - while true ; do case "$1" in -n|--domain) @@ -801,10 +799,11 @@ add_certifier() { depth="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac @@ -1001,59 +1000,69 @@ shift case $COMMAND in 'update-users'|'update-user'|'u') + check_user check_host_keyring update_users "$@" ;; 'gen-key'|'g') + check_user gen_key "$@" ;; 'extend-key'|'e') + check_user check_host_keyring extend_key "$@" ;; 'add-hostname'|'add-name'|'n+') + check_user check_host_keyring add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') + check_user check_host_keyring revoke_hostname "$@" ;; 'show-key'|'show'|'s') - check_host_keyring show_server_key ;; 'publish-key'|'publish'|'p') + check_user check_host_keyring publish_server_key ;; 'diagnostics'|'d') + check_user diagnostics ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_user check_host_keyring add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_user check_host_keyring remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_user check_host_keyring list_certifiers "$@" ;; 'gpg-authentication-cmd') + check_user gpg_authentication_cmd "$@" ;; -- 2.25.1