separations.
# Shared sh functions for the monkeysphere
#
# Written by
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# monkeysphere-authentication: Monkeysphere authentication admin tool
#
# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# or later.
########################################################################
+set -e
+
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/authentication"}
+# sharedir for authentication functions
+MASHAREDIR="${SYSSHAREDIR}/ma"
+
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
export SYSDATADIR
-# monkeysphere temp directory, in sysdatadir to enable atomic moves of
-# authorized_keys files
-MSTMPDIR="${SYSDATADIR}/tmp"
+# temp directory to enable atomic moves of authorized_keys files
+MATMPDIR="${SYSDATADIR}/tmp"
export MSTMPDIR
# UTC date in ISO 8601 format if needed
fi
}
-# function to interact with the host gnupg keyring
-gpg_host() {
+# function to interact with the gpg core keyring
+gpg_core() {
local returnCode
- GNUPGHOME="$GNUPGHOME_HOST"
+ GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
# NOTE: we supress this warning because we need the monkeysphere
# always reset the permissions on the host pubring so that the
# monkeysphere user can read the trust signatures
- chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
- chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
+ chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg"
+ chmod g+r "${GNUPGHOME_CORE}/pubring.gpg"
return "$returnCode"
}
-# function to interact with the authentication gnupg keyring
+# function to interact with the gpg sphere keyring
# FIXME: this function requires basically accepts only a single
# argument because of problems with quote expansion. this needs to be
# fixed/improved.
-gpg_authentication() {
- GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+gpg_sphere() {
+ GNUPGHOME="$GNUPGHOME_SPHERE"
export GNUPGHOME
su_monkeysphere_user "gpg $@"
}
-# check if user is root
-is_root() {
- [ $(id -u 2>/dev/null) = '0' ]
-}
-
-# check that user is root, for functions that require root access
-check_user() {
- is_root || failure "You must be root to run this command."
-}
-
-# output just key fingerprint
-fingerprint_server_key() {
- # set the pipefail option so functions fails if can't read sec key
- set -o pipefail
-
- gpg_host --list-secret-keys --fingerprint \
- --with-colons --fixed-list-mode 2> /dev/null | \
- grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
-}
-
-# function to check for host secret key
-check_host_keyring() {
- fingerprint_server_key >/dev/null \
- || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first."
-}
-
########################################################################
# MAIN
########################################################################
unset MONKEYSPHERE_USER
# load configuration file
-[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${SYSCONFIGDIR}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
+[ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG"
# set empty config variable with ones from the environment, or with
# defaults
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/gnupg-host"}
-GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${SYSDATADIR}/gnupg-authentication"}
+GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"}
+GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"}
# export variables needed in su invocation
export DATE
export MODE
-export MONKEYSPHERE_USER
export LOG_LEVEL
+export MONKEYSPHERE_USER
export KEYSERVER
export CHECK_KEYSERVER
export REQUIRED_USER_KEY_CAPABILITY
-export GNUPGHOME_HOST
-export GNUPGHOME_AUTHENTICATION
+export GNUPGHOME_CORE
+export GNUPGHOME_SPHERE
export GNUPGHOME
# get subcommand
case $COMMAND in
'update-users'|'update-user'|'u')
- check_user
- check_host_keyring
+ source "${MASHAREDIR}/update_users"
update_users "$@"
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
- check_user
- check_host_keyring
+ source "${MASHAREDIR}/add_certifier"
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
- check_user
- check_host_keyring
+ source "${MASHAREDIR}/remove_certifier"
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
- check_user
- check_host_keyring
+ source "${MASHAREDIR}/list_certifiers"
list_certifiers "$@"
;;
'expert'|'e')
- check_user
SUBCOMMAND="$1"
shift
case "$SUBCOMMAND" in
'diagnostics'|'d')
+ source "${MASHAREDIR}/diagnostics"
diagnostics
;;
'gpg-cmd')
- gpg_authentication "$@"
+ gpg_sphere "$@"
;;
*)
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/host"}
+# sharedir for host functions
+MHSHAREDIR="${SYSSHAREDIR}/mh"
+
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
export SYSDATADIR
# UTC date in ISO 8601 format if needed
fi
}
-# function to interact with the host gnupg keyring
+# function to interact with the gpg keyring
gpg_host() {
local returnCode
# user to be able to read the host pubring. we realize this might
# be problematic, but it's the simplest solution, without too much
# loss of security.
- gpg --no-permission-warning "$@"
- returnCode="$?"
-
- # always reset the permissions on the host pubring so that the
- # monkeysphere user can read the trust signatures
- chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
- chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
-
- return "$returnCode"
+ gpg "$@"
}
# output just key fingerprint
# unset variables that should be defined only in config file
unset KEYSERVER
-unset AUTHORIZED_USER_IDS
-unset RAW_AUTHORIZED_KEYS
unset MONKEYSPHERE_USER
# load configuration file
-[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${SYSCONFIGDIR}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
+[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
# set empty config variable with ones from the environment, or with
# defaults
# other variables
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
-REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/gnupg-host"}
-GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${SYSDATADIR}/gnupg-authentication"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/host"}
# export variables needed in su invocation
export DATE
export MODE
-export MONKEYSPHERE_USER
export LOG_LEVEL
+export MONKEYSPHERE_USER
export KEYSERVER
-export CHECK_KEYSERVER
-export REQUIRED_USER_KEY_CAPABILITY
export GNUPGHOME_HOST
-export GNUPGHOME_AUTHENTICATION
export GNUPGHOME
# get subcommand
case $COMMAND in
'show-key'|'show'|'s')
- show_server_key
+ check_host_keyring
+ show_key
;;
'extend-key'|'e')
check_host_keyring
+ source "${MHSHAREDIR}/extend_key"
extend_key "$@"
;;
'add-hostname'|'add-name'|'n+')
check_host_keyring
+ source "${MHSHAREDIR}/add_hostname"
add_hostname "$@"
;;
'revoke-hostname'|'revoke-name'|'n-')
check_host_keyring
+ source "${MHSHAREDIR}/revoke_hostname"
revoke_hostname "$@"
;;
'add-revoker'|'o')
check_host_keyring
+ source "${MHSHAREDIR}/add_revoker"
add_revoker "$@"
;;
'revoke-key'|'r')
check_host_keyring
+ source "${MHSHAREDIR}/revoke_key"
revoke_key "$@"
;;
'publish-key'|'publish'|'p')
check_host_keyring
- publish_server_key
+ source "${MHSHAREDIR}/publish_key"
+ publish_key
;;
'expert'|'e')
- check_user
SUBCOMMAND="$1"
shift
case "$SUBCOMMAND" in
'import-key'|'i')
+ source "${MHSHAREDIR}/import_key"
import_key "$@"
;;
'gen-key'|'g')
+ source "${MHSHAREDIR}/gen_key"
gen_key "$@"
;;
'diagnostics'|'d')
+ source "${MHSHAREDIR}/diagnostics"
diagnostics
;;
fi
if [ -f "$keyID" ] ; then
echo "Reading key from file '$keyID':"
- importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
+ importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
# FIXME: if this is tried when the key database is not
# up-to-date, i got these errors (using set -x):
fi
else
# get the key from the key server
- gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+ gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
fi
export keyID
# get the full fingerprint of a key ID
-fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
+fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
grep '^fpr:' | grep "$keyID" | cut -d: -f10)
if [ -z "$fingerprint" ] ; then
echo
echo "key found:"
-gpg_authentication "--fingerprint 0x${fingerprint}!"
+gpg_sphere "--fingerprint 0x${fingerprint}!"
echo "Are you sure you want to add the above key as a"
read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N}
fi
# export the key to the host keyring
-gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import
+gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import
if [ "$trust" = marginal ]; then
trustval=1
# ltsign the key
if echo "$ltsignCommand" | \
- gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+ gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
# update the trustdb for the authentication keyring
- gpg_authentication "--check-trustdb"
+ gpg_sphere "--check-trustdb"
echo
echo "Identity certifier added."
local key
# find trusted keys in authentication keychain
-keys=$(gpg_authentication "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-keys --with-colons --fingerprint" | \
+keys=$(gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-keys --with-colons --fingerprint" | \
grep ^pub: | cut -d: -f2,5 | egrep '^(u|f):' | cut -d: -f2)
# output keys
for key in $keys ; do
- gpg_authentication "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key --fingerprint $key"
+ gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key --fingerprint $key"
done
}
failure "You must specify the key ID of a key to remove."
fi
-if gpg_authentication "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key 0x${keyID}!" ; then
+if gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key 0x${keyID}!" ; then
read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N}
if [ "${OK/y/Y}" != 'Y' ] ; then
failure "Identity certifier not removed."
fi
# delete the requested key
-if gpg_authentication "--delete-key --batch --yes 0x${keyID}!" ; then
+if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then
# delete key from host keyring as well
- gpg_host --delete-key --batch --yes "0x${keyID}!"
+ gpg_core --delete-key --batch --yes "0x${keyID}!"
# update the trustdb for the authentication keyring
- gpg_authentication "--check-trustdb"
+ gpg_sphere "--check-trustdb"
echo
echo "Identity certifier removed."
update_users() {
+local unames
+local uname
+local authorizedKeysDir
+local authorizedUserIDs
+
if [ "$1" ] ; then
# get users from command line
unames="$@"
unames=$(getent passwd | cut -d: -f1)
fi
-RETCODE=0
+RETURN=0
# set mode
MODE="authorized_keys"
# set gnupg home
-GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
+GNUPGHOME="$GNUPGHOME_SPHERE"
+
+# the authorized_keys directory
+authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys"
# check to see if the gpg trust database has been initialized
if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then
fi
# make sure the authorized_keys directory exists
-mkdir -p "${SYSDATADIR}/authorized_keys"
+mkdir -p "${authorizedKeysDir}"
# loop over users
for uname in $unames ; do
log verbose "----- user: $uname -----"
# make temporary directory
- TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+ TMPLOC=$(mktemp -d ${MATMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
# trap to delete temporary directory on exit
trap "rm -rf $TMPLOC" EXIT
chown $(whoami) "$AUTHORIZED_KEYS" && \
chgrp $(id -g "$uname") "$AUTHORIZED_KEYS" && \
chmod g+r "$AUTHORIZED_KEYS" && \
- mv -f "$AUTHORIZED_KEYS" "${SYSDATADIR}/authorized_keys/${uname}" || \
+ mv -f "$AUTHORIZED_KEYS" "${authorizedKeysDir}/${uname}" || \
{
log error "Failed to install authorized_keys for '$uname'!"
- rm -f "${SYSDATADIR}/authorized_keys/${uname}"
+ rm -f "${authorizedKeysDir}/${uname}"
# indicate that there has been a failure:
RETURN=1
}
else
- rm -f "${SYSDATADIR}/authorized_keys/${uname}"
+ rm -f "${authorizedKeysDir}/${uname}"
fi
# unset the trap
fingerprint=$(fingerprint_server_key)
# publish host key
-gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
+# FIXME: need to define how to do this
+#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
+echo "not published!!!"
}