From: Jameson Graef Rollins Date: Wed, 11 Jun 2008 18:08:29 +0000 (-0400) Subject: Updates to use the new openpgp2ssh program that dkg wrote. X-Git-Tag: monkeysphere_0.1-1~57 X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=3250fce7979ada7e94782430801f5fb76fecbc90 Updates to use the new openpgp2ssh program that dkg wrote. --- diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 39a8e5c..7a12e17 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -57,4 +57,3 @@ extent permitted by law. .BR monkeysphere (1), .BR gpg (1), .BR ssh (1) - diff --git a/src/common b/src/common index ff6ba59..d7caefd 100755 --- a/src/common +++ b/src/common @@ -82,27 +82,36 @@ unescape() { echo "$1" | sed 's/\\x3a/:/' } -# stand in until we get dkg's gpg2ssh program -gpg2ssh_tmp() { +# convert key from gpg to ssh known_hosts format +gpg2known_hosts() { local keyID - local userID local host keyID="$1" - userID="$2" - - if [ "$MODE" = 'authorized_keys' ] ; then - gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere userID: ${userID}/" + host=$(echo "$2" | sed -e "s|ssh://||") # NOTE: it seems that ssh-keygen -R removes all comment fields from # all lines in the known_hosts file. why? # NOTE: just in case, the COMMENT can be matched with the # following regexp: # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' - elif [ "$MODE" = 'known_hosts' ] ; then - host=$(echo "$userID" | sed -e "s|ssh://||") - echo -n "$host "; gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere${DATE}/" - fi + echo -n "$host " + gpg --export "$keyID" | \ + openpgp2ssh "$keyID" | tr -d '\n' + echo "MonkeySphere${DATE}" +} + +# convert key from gpg to ssh authorized_keys format +gpg2authorized_keys() { + local keyID + local userID + + keyID="$1" + userID="$2" + + echo -n "MonkeySphere${DATE}:${userID}" + gpg --export "$keyID" | \ + openpgp2ssh "$keyID" } # userid and key policy checking @@ -235,15 +244,21 @@ process_user_id() { for keyID in ${keyIDs[@]} ; do loge " acceptable key/uid found." - # export the key with gpg2ssh - # FIXME: needs to apply extra options for authorized_keys - # lines if specified - gpg2ssh_tmp "$keyID" "$userID" >> "$cacheDir"/"$userIDHash"."$pubKeyID" - - # hash the cache file if specified - if [ "$MODE" = 'known_hosts' -a "$HASH_KNOWN_HOSTS" ] ; then - ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1 - rm "$cacheDir"/"$userIDHash"."$pubKeyID".old + if [ "$MODE" = 'known_hosts' ] ; then + # export the key + gpg2known_hosts "$keyID" "$userID" >> \ + "$cacheDir"/"$userIDHash"."$pubKeyID" + # hash the cache file if specified + if [ "$HASH_KNOWN_HOSTS" ] ; then + ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1 + rm "$cacheDir"/"$userIDHash"."$pubKeyID".old + fi + elif [ "$MODE" = 'authorized_keys' ] ; then + # export the key + # FIXME: needs to apply extra options for authorized_keys + # lines if specified + gpg2authorized_keys "$keyID" "$userID" >> \ + "$cacheDir"/"$userIDHash"."$pubKeyID" fi done fi diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 6eeb702..34239b6 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -145,9 +145,10 @@ case $COMMAND in fi for uname in $unames ; do + MODE="authorized_keys" + log "----- user: $uname -----" - MODE="authorized_keys" AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" cacheDir="$STAGING_AREA"/"$uname"/user_keys msAuthorizedKeys="$STAGING_AREA"/"$uname"/authorized_keys @@ -167,6 +168,7 @@ case $COMMAND in # update authorized_keys update_authorized_keys "$cacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys" done + log "----- done. -----" ;;