free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

Add certifier when enabling monkeysphere

Bob Mottram 8 年前
父节点
a23d0efb16
当前提交
071f36a915
共有 2 个文件被更改,包括 31 次插入0 次删除
分列视图 显示文件统计
  1. 7
    0
      src/freedombone
  2. 24
    0
      src/freedombone-sec

+ 7
- 0
src/freedombone 查看文件 

@@ -5385,6 +5385,13 @@ function install_monkeysphere {
5385 5385 
 	SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
5386 5386 
 	monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
5387 5387
5388 
+	if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
5389 
+		MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
5390 
+		if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
5391 
+			echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
5392 
+			exit 52825
5393 
+		fi
5394 
+	fi
5388 5395 
 	# The admin user is the identity certifier
5389 5396 
 	fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
5390 5397 
 	monkeysphere-authentication add-identity-certifier $fpr

+ 24
- 0
src/freedombone-sec 查看文件 

@@ -573,6 +573,18 @@ function update_ciphersuite {
573 573 
 	exit 0
574 574 
 }
575 575
576 
+function gpg_pubkey_from_email {
577 
+	key_owner_username=$1
578 
+	key_email_address=$2
579 
+	key_id=
580 
+	if [[ $key_owner_username != "root" ]]; then
581 
+		key_id=$(su -c "gpg --list-keys $key_email_address | grep 'pub '" - $key_owner_username | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
582 
+	else
583 
+		key_id=$(gpg --list-keys $key_email_address | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
584 
+	fi
585 
+	echo $key_id
586 
+}
587 
+
576 588 
 function enable_monkeysphere {
577 589 
 	monkey=
578 590 
 	dialog --title $"GPG based authentication" \
 
@@ -591,9 +603,21 @@ function enable_monkeysphere {
591 603 
 				   --msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40
592 604 
 			exit 0
593 605 
 		fi
606 
+
607 
+		MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
608 
+		if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
609 
+			echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
610 
+			exit 52825
611 
+		fi
612 
+
594 613 
 		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
595 614 
 		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u|g' /etc/ssh/sshd_config
596 615 
 		monkeysphere-authentication update-users
616 
+
617 
+		# The admin user is the identity certifier
618 
+		fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
619 
+		monkeysphere-authentication add-identity-certifier $fpr
620 
+
597 621 
 	else
598 622 
 		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
599 623 
 		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config