3 # monkeysphere-server: MonkeySphere server admin tool
5 # The monkeysphere scripts are written by:
6 # Jameson Rollins <jrollins@fifthhorseman.net>
8 # They are Copyright 2008, and are all released under the GPL, version 3
11 ########################################################################
14 SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
16 . "${SHAREDIR}/common"
18 # date in UTF format if needed
19 DATE=$(date -u '+%FT%T')
21 # unset some environment variables that could screw things up
24 ########################################################################
26 ########################################################################
30 usage: $PGRM <subcommand> [args]
31 Monkeysphere server admin tool.
34 update-users (s) [USER]... update users authorized_keys files
35 gen-key (g) generate gpg key for the server
36 publish-key (p) publish server key to keyserver
37 trust-keys (t) KEYID... mark keyids as trusted
38 update-user-userids (u) USER UID... add/update userids for a user
44 # generate server gpg key
47 KEY_TYPE=${KEY_TYPE:-"RSA"}
48 KEY_LENGTH=${KEY_LENGTH:-"2048"}
49 KEY_USAGE=${KEY_USAGE:-"encrypt,auth"}
50 SERVICE=${SERVICE:-"ssh"}
51 HOSTNAME_FQDN=${HOSTNAME_FQDN:-$(hostname -f)}
53 USERID=${USERID:-"$SERVICE"://"$HOSTNAME_FQDN"}
56 keyParameters=$(cat <<EOF
58 Key-Length: $KEY_LENGTH
64 # add the revoker field if requested
65 if [ "$REVOKER" ] ; then
66 keyParameters="${keyParameters}"$(cat <<EOF
68 Revoker: 1:$REVOKER sensitive
73 echo "The following key parameters will be used:"
76 read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
77 if [ ${OK/y/Y} != 'Y' ] ; then
81 if gpg --list-key ="$USERID" > /dev/null 2>&1 ; then
82 failure "key for '$USERID' already exists"
86 keyParameters="${keyParameters}"$(cat <<EOF
93 log "generating server key..."
94 echo "$keyParameters" | gpg --batch --gen-key
97 ########################################################################
99 ########################################################################
102 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
105 # set ms home directory
106 MS_HOME=${MS_HOME:-"$ETC"}
108 # load configuration file
109 MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
110 [ -e "$MS_CONF" ] && . "$MS_CONF"
112 # set empty config variable with defaults
113 GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg}
114 KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
115 REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
116 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
120 # make sure gpg home exists with proper permissions
121 mkdir -p -m 0700 "$GNUPGHOME"
128 unames=$(ls -1 "$MS_HOME"/authorized_user_ids)
131 for uname in $unames ; do
132 MODE="authorized_keys"
134 log "----- user: $uname -----"
136 AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
137 msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
138 cacheDir="$CACHE"/"$uname"/user_keys
140 # make sure authorized_user_ids file exists
141 if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
142 log "authorized_user_ids file for '$uname' is empty or does not exist."
146 # set user-controlled authorized_keys file path
147 if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" ] ; then
148 userHome=$(getent passwd "$uname" | cut -d: -f6)
149 userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"}
152 # update authorized_keys
153 update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$cacheDir"
156 log "----- done. -----"
168 if [ -z "$1" ] ; then
169 failure "you must specify at least one key to trust."
176 'update-user-userids'|'u')
179 if [ -z "$uname" ] ; then
180 failure "you must specify user."
182 if [ -z "$1" ] ; then
183 failure "you must specify at least one userid."
185 AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
186 cacheDir="$CACHE"/"$uname"/user_keys
188 update_userid "$userID" "$cacheDir"
197 failure "Unknown command: '$COMMAND'
198 Type '$PGRM help' for usage."
projects / monkeysphere.git / blob