fi
if [ "$priority" = "$level" -a "$output" = 'true' ] ; then
if [ "$1" ] ; then
- echo -n "ms: " >&2
- echo "$@" >&2
+ echo "$@"
else
- cat >&2
- fi
+ cat
+ fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
fi
done
}
local action="$1"
local file="$2"
- if ! ( which lockfile-create >/dev/null 2>/dev/null ) ; then
- if ! ( which lockfile >/dev/null ); then
+ if ! ( type lockfile-create &>/dev/null ) ; then
+ if ! ( type lockfile &>/dev/null ); then
failure "Neither lockfile-create nor lockfile are in the path!"
fi
use_lockfileprogs=
local shortunits
# try things the GNU way first
- if date -d "$number $longunits" "$format" >/dev/null 2>&1; then
+ if date -d "$number $longunits" "$format" &>/dev/null; then
date -d "$number $longunits" "$format"
else
# otherwise, convert to (a limited version of) BSD date syntax:
# hash of a file
file_hash() {
- md5sum "$1" 2> /dev/null
+ if type md5sum &>/dev/null ; then
+ md5sum "$1"
+ elif type md5 &>/dev/null ; then
+ md5 "$1"
+ else
+ failure "Neither md5sum nor md5 are in the path!"
+ fi
}
# convert escaped characters in pipeline from gpg output back into
local fifo="$2"
local PASS
- if [ "$DISPLAY" ] && which "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then
+ if [ "$DISPLAY" ] && type "${SSH_ASKPASS:-ssh-askpass}" >/dev/null; then
+ printf 'Launching "%s"\n' "${SSH_ASKPASS:-ssh-askpass}" | log info
+ printf '(with prompt "%s")\n' "$prompt" | log debug
"${SSH_ASKPASS:-ssh-askpass}" "$prompt" > "$fifo"
else
read -s -p "$prompt" PASS
fi
# if the string is in the file...
- if grep -q -F "$string" "$file" 2> /dev/null ; then
+ if grep -q -F "$string" "$file" 2>/dev/null ; then
tempfile=$(mktemp "${file}.XXXXXXX") || \
failure "Unable to make temp file '${file}.XXXXXXX'"
file="$1"
- if [ -z "$file" ] ; then
+ # return error if file does not exist
+ if [ ! -e "$file" ] ; then
return 1
fi
- if [ ! -e "$file" ] ; then
- return 1
+ # just return ok if the file is empty, since there aren't any
+ # lines to remove
+ if [ ! -s "$file" ] ; then
+ return 0
fi
tempfile=$(mktemp "${file}.XXXXXXX") || \
path="$2"
# get the user's home directory
- userHome=$(getent passwd "$uname" | cut -d: -f6)
+ userHome=$(get_homedir "$uname")
# translate '%u' to user name
path=${path/\%u/"$uname"}
# return 1 if path has invalid owner
if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
- log error "improper ownership on path '$path'."
+ log error "improper ownership on path '$path':"
+ log error " $owner != ($uname|root)"
return 1
fi
# return 2 if path has group or other writability
if is_write "$gAccess" || is_write "$oAccess" ; then
- log error "improper group or other writability on path '$path'."
+ log error "improper group or other writability on path '$path':"
+ log error " group: $gAccess, other: $oAccess"
return 2
fi
fi
}
+# return a list of all users on the system
+list_users() {
+ if type getent &>/dev/null ; then
+ # for linux and FreeBSD systems
+ getent passwd | cut -d: -f1
+ elif type dscl &>/dev/null ; then
+ # for Darwin systems
+ dscl localhost -list /Search/Users
+ fi
+}
+
+# return the path to the home directory of a user
+get_homedir() {
+ local uname=${1:-`whoami`}
+ eval "echo ~${uname}"
+}
+
### CONVERSION UTILITIES
# output the ssh key for a given key ID
keyID="$1"
- gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null
+ gpg --export "$keyID" | openpgp2ssh "$keyID" 2>/dev/null
}
# output known_hosts line from ssh key
ssh2known_hosts() {
local host
+ local port
local key
- host="$1"
+ # FIXME this does not properly deal with IPv6 hosts using the
+ # standard port (because it's unclear whether their final
+ # colon-delimited address section is a port number or an address
+ # string)
+ host=${1%:*}
+ port=${1##*:}
key="$2"
- echo -n "$host "
- echo -n "$key" | tr -d '\n'
- echo " MonkeySphere${DATE}"
+ # specify the host and port properly for new ssh known_hosts
+ # format
+ if [ "$port" != "$host" ] ; then
+ host="[${host}]:${port}"
+ fi
+ printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
}
# output authorized_keys line from ssh key
userID="$1"
key="$2"
- echo -n "$key" | tr -d '\n'
- echo " MonkeySphere${DATE} ${userID}"
+ printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
}
# convert key from gpg to ssh known_hosts format
gpg2known_hosts() {
local host
local keyID
+ local key
host="$1"
keyID="$2"
+ key=$(gpg2ssh "$keyID")
+
# NOTE: it seems that ssh-keygen -R removes all comment fields from
# all lines in the known_hosts file. why?
# NOTE: just in case, the COMMENT can be matched with the
# following regexp:
# '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
- echo -n "$host "
- gpg2ssh "$keyID" | tr -d '\n'
- echo " MonkeySphere${DATE}"
+ printf "%s %s MonkeySphere%s\n" "$host" "$key" "$DATE"
}
# convert key from gpg to ssh authorized_keys format
gpg2authorized_keys() {
local userID
local keyID
+ local key
userID="$1"
keyID="$2"
+ key=$(gpg2ssh "$keyID")
+
# NOTE: just in case, the COMMENT can be matched with the
# following regexp:
# '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
- gpg2ssh "$keyID" | tr -d '\n'
- echo " MonkeySphere${DATE} ${userID}"
+ printf "%s MonkeySphere%s %s\n" "$key" "$DATE" "$userID"
}
### GPG UTILITIES
echo 1,2,3,4,5 | \
gpg --quiet --batch --with-colons \
--command-fd 0 --keyserver "$KEYSERVER" \
- --search ="$userID" > /dev/null 2>&1
+ --search ="$userID" &>/dev/null
returnCode="$?"
return "$returnCode"
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log verbose " * acceptable primary key."
if [ -z "$sshKey" ] ; then
- log error " ! primary key could not be translated (not RSA or DSA?)."
+ log error " ! primary key could not be translated (not RSA?)."
else
echo "0:${sshKey}"
fi
else
log debug " - unacceptable primary key."
if [ -z "$sshKey" ] ; then
- log debug " ! primary key could not be translated (not RSA or DSA?)."
+ log debug " ! primary key could not be translated (not RSA?)."
else
echo "1:${sshKey}"
fi
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log verbose " * acceptable sub key."
if [ -z "$sshKey" ] ; then
- log error " ! sub key could not be translated (not RSA or DSA?)."
+ log error " ! sub key could not be translated (not RSA?)."
else
echo "0:${sshKey}"
fi
else
log debug " - unacceptable sub key."
if [ -z "$sshKey" ] ; then
- log debug " ! sub key could not be translated (not RSA or DSA?)."
+ log debug " ! sub key could not be translated (not RSA?)."
else
echo "1:${sshKey}"
fi
# hash from stdin to stdout
tmpfile=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
- ssh-keygen -H -f "$tmpfile" 2> /dev/null
+ ssh-keygen -H -f "$tmpfile" 2>/dev/null
cat "$tmpfile" >> "$KNOWN_HOSTS"
rm -f "$tmpfile" "${tmpfile}.old"
else
(umask 0022 && touch "$KNOWN_HOSTS")
# check permissions on the known_hosts file path
- check_key_file_permissions "$USER" "$KNOWN_HOSTS" || failure
+ check_key_file_permissions $(whoami) "$KNOWN_HOSTS" || failure
# create a lockfile on known_hosts:
lock create "$KNOWN_HOSTS"
log debug " $AUTHORIZED_KEYS"
# check permissions on the authorized_keys file path
- check_key_file_permissions "$USER" "$AUTHORIZED_KEYS" || failure
+ check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
# create a lockfile on authorized_keys
lock create "$AUTHORIZED_KEYS"
log debug " $authorizedUserIDs"
# check permissions on the authorized_user_ids file path
- check_key_file_permissions "$USER" "$authorizedUserIDs" || failure
+ check_key_file_permissions $(whoami) "$authorizedUserIDs" || failure
- if ! meat "$authorizedUserIDs" > /dev/null ; then
+ if ! meat "$authorizedUserIDs" >/dev/null ; then
log debug " no user IDs to process."
return
fi
projects / monkeysphere.git / blobdiff