printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION
install src/monkeysphere $(DESTDIR)$(PREFIX)/bin
install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
+ install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
-.TH MONKEYSPHERE-AUTHENTICATION "8" "January 2010" "monkeysphere" "System Commands"
+.TH MONKEYSPHERE-AUTHENTICATION "8" "July 3, 2010" "monkeysphere" "System Commands"
.SH NAME
accounts are specified, then all accounts on the system are processed.
`r' may be used in place of `refresh\-keys'.
.TP
+.B keys\-for\-user USER
+Output to stdout all acceptable keys for a given user. User IDs are
+read from the user's authorized_user_ids file (see
+MONKEYSPHERE_AUTHORIZED_USER_IDS below).
+.TP
.B add\-id\-certifier KEYID|FILE
Instruct system to trust user identity certifications made by KEYID.
The key ID will be loaded from the keyserver. A file may be loaded
subcommands:
update-users (u) [USER]... update user authorized_keys files
refresh-keys (r) refresh keys in keyring
+ keys-for-user USER output valid keys for user
add-id-certifier (c+) KEYID|FILE import and tsign a certification key
[--domain (-n) DOMAIN] limit ID certifications to DOMAIN
gpg_sphere "--keyserver $KEYSERVER --refresh-keys"
;;
+ 'keys-for-user')
+ source "${MASHAREDIR}/keys_for_user"
+ keys_for_user "$@"
+ ;;
+
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
source "${MASHAREDIR}/setup"
setup
--- /dev/null
+#!/usr/bin/env sh
+exec monkeysphere-authentication keys-for-user "$@"
--- /dev/null
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere authentication keys-for-user subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
+
+# This command could be run as an sshd AuthorizedKeysCommand to
+# provide the authorized keys for a user, based on OpenPGP user id's
+# listed in the user's authorized_user_ids file.
+
+keys_for_user() {
+
+local uname
+local authorizedUserIDs
+local line
+local userIDs
+
+# get users from command line
+uname="$1"
+
+# path to authorized_user_ids file, translating ssh-style path
+# variables
+authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
+
+# exit if the authorized_user_ids file is empty
+if [ ! -s "$authorizedUserIDs" ] ; then
+ failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
+fi
+
+log debug "authorized_user_ids file: $authorizedUserIDs"
+
+# check permissions on the authorized_user_ids file path
+check_key_file_permissions "$uname" "$authorizedUserIDs" || failure
+
+GNUPGHOME="$GNUPGHOME_SPHERE"
+export GNUPGHOME
+
+# extract user IDs from authorized_user_ids file
+IFS=$'\n'
+for line in $(meat "$authorizedUserIDs") ; do
+ su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid '$line'"
+done
+
+}
projects / monkeysphere.git / commitdiff