/mandos/release : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

README

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

mandos-keygen.xml

mandos-options.xml

overview.xml

plugin-runner.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

VERSION="1.0"

KEYDIR="/etc/keys/mandos"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYLENGTH=1024

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Usage: `basename $0` [options]

Key creation options:

Options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

Key length in bits. Default is 1024.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

-e EMAIL, --email EMAIL

Email address of key. Default is empty.

-c TEXT, --comment TEXT

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-f, --force Force overwriting old keys.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

-l|--length) KEYLENGTH="$2"; shift 2;;

100

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

101

-n|--name) KEYNAME="$2"; shift 2;;

102

-e|--email) KEYEMAIL="$2"; shift 2;;

103

-c|--comment) KEYCOMMENT="$2"; shift 2;;

104

-x|--expire) KEYEXPIRE="$2"; shift 2;;

-x|--expire) KEYCOMMENT="$2"; shift 2;;

105

-f|--force) FORCE=yes; shift;;

106

-v|--version) echo "$0 $VERSION"; exit;;

107

-h|--help) help; exit;;

118

PUBKEYFILE="$KEYDIR/pubkey.txt"

119

120

# Check for some invalid values

121

if [ ! -d "$KEYDIR" ]; then

if [ -d "$KEYDIR" ]; then :; else

122

echo "$KEYDIR not a directory" >&2

123

exit 1

124

125

if [ ! -r "$KEYDIR" ]; then

126

echo "Directory $KEYDIR not readable" >&2

127

exit 1

128

129

130

if [ "$mode" = keygen ]; then

131

if [ ! -w "$KEYDIR" ]; then

132

echo "Directory $KEYDIR not writeable" >&2

133

exit 1

134

135

if [ -z "$KEYTYPE" ]; then

136

echo "Empty key type" >&2

137

exit 1

138

139

140

if [ -z "$KEYNAME" ]; then

141

echo "Empty key name" >&2

142

exit 1

143

144

145

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

146

echo "Invalid key length" >&2

147

exit 1

148

149

150

if [ -z "$KEYEXPIRE" ]; then

151

echo "Empty key expiration" >&2

152

exit 1

153

154

155

# Make FORCE be 0 or 1

156

case "$FORCE" in

157

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

158

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

159

esac

160

161

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

162

-a "$FORCE" -eq 0 ]; then

163

echo "Refusing to overwrite old key files; use --force" >&2

164

exit 1

165

166

167

# Set lines for GnuPG batch file

168

if [ -n "$KEYCOMMENT" ]; then

169

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

170

171

if [ -n "$KEYEMAIL" ]; then

172

KEYEMAILLINE="Name-Email: $KEYEMAIL"

173

174

175

# Create temporary gpg batch file

176

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

177

178

179

if [ "$mode" = password ]; then

180

# Create temporary encrypted password file

181

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

182

183

184

# Create temporary key ring directory

185

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

if [ -w "$KEYDIR" ]; then :; else

echo "Directory $KEYDIR not writeable" >&2

exit 1

if [ -z "$KEYTYPE" ]; then

100

echo "Empty key type" >&2

101

exit 1

102

103

104

if [ -z "$KEYNAME" ]; then

105

echo "Empty key name" >&2

106

exit 1

107

108

109

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

110

echo "Invalid key length" >&2

111

exit 1

112

113

114

if [ -z "$KEYEXPIRE" ]; then

115

echo "Empty key expiration" >&2

116

exit 1

117

118

119

# Make FORCE be 0 or 1

120

case "$FORCE" in

121

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

122

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

123

esac

124

125

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

126

&& [ "$FORCE" -eq 0 ]; then

127

echo "Refusing to overwrite old key files; use --force" >&2

128

exit 1

129

130

131

# Set lines for GnuPG batch file

132

if [ -n "$KEYCOMMENT" ]; then

133

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

134

135

if [ -n "$KEYEMAIL" ]; then

136

KEYEMAILLINE="Name-Email: $KEYEMAIL"

137

138

139

# Create temp files

140

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

141

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

142

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

186

143

187

144

# Remove temporary files on exit

188

trap "

189

set +e; \

190

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

191

shred --remove \"$RINGDIR\"/sec*;

192

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

193

rm --recursive --force \"$RINGDIR\";

194

stty echo; \

195

" EXIT

196

197

umask 077

198

199

if [ "$mode" = keygen ]; then

200

# Create batch file for GnuPG

201

cat >"$BATCHFILE" <<-EOF

202

Key-Type: $KEYTYPE

203

Key-Length: $KEYLENGTH

204

#Key-Usage: encrypt,sign,auth

205

Subkey-Type: $SUBKEYTYPE

206

Subkey-Length: $SUBKEYLENGTH

207

#Subkey-Usage: encrypt,sign,auth

208

Name-Real: $KEYNAME

209

$KEYCOMMENTLINE

210

$KEYEMAILLINE

211

Expire-Date: $KEYEXPIRE

212

#Preferences: <string>

213

#Handle: <no-spaces>

214

#%pubring pubring.gpg

215

#%secring secring.gpg

216

%commit

217

EOF

218

219

# Generate a new key in the key rings

220

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

221

--homedir "$RINGDIR" --trust-model always \

222

--gen-key "$BATCHFILE"

223

rm --force "$BATCHFILE"

224

225

# Backup any old key files

226

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

227

2>/dev/null; then

228

shred --remove "$SECKEYFILE"

229

230

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

231

2>/dev/null; then

232

rm --force "$PUBKEYFILE"

233

234

235

FILECOMMENT="Mandos client key for $KEYNAME"

236

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

237

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

238

239

240

if [ -n "$KEYEMAIL" ]; then

241

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

242

243

244

# Export key from key rings to key files

245

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

246

--homedir "$RINGDIR" --armor --export-options export-minimal \

247

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

248

--export-secret-keys

249

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

250

--homedir "$RINGDIR" --armor --export-options export-minimal \

251

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

252

253

254

if [ "$mode" = password ]; then

255

# Import key into temporary key rings

256

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

257

--homedir "$RINGDIR" --trust-model always --armor \

258

--import "$SECKEYFILE"

259

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

260

--homedir "$RINGDIR" --trust-model always --armor \

261

--import "$PUBKEYFILE"

262

263

# Get fingerprint of key

264

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

265

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

266

--fingerprint --with-colons \

267

| sed --quiet \

268

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

269

270

test -n "$FINGERPRINT"

271

272

FILECOMMENT="Encrypted password for a Mandos client"

273

274

if [ -n "$PASSFILE" ]; then

275

cat "$PASSFILE"

276

else

277

stty -echo

278

echo -n "Enter passphrase: " >&2

279

first="$(head --lines=1 | tr --delete '\n')"

280

echo -n -e "\nRepeat passphrase: " >&2

281

second="$(head --lines=1 | tr --delete '\n')"

282

echo >&2

283

stty echo

284

if [ "$first" != "$second" ]; then

285

echo -e "Passphrase mismatch" >&2

286

false

287

else

288

echo -n "$first"

289

290

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

291

--homedir "$RINGDIR" --trust-model always --armor --encrypt \

292

--recipient "$FINGERPRINT" --comment "$FILECOMMENT" \

293

> "$SECFILE"

294

status="${PIPESTATUS[0]}"

295

if [ "$status" -ne 0 ]; then

296

exit "$status"

297

298

299

cat <<-EOF

300

[$KEYNAME]

301

host = $KEYNAME

302

fingerprint = $FINGERPRINT

303

secret =

304

EOF

305

sed --quiet --expression='

306

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

307

/^$/,${

308

# Remove 24-bit Radix-64 checksum

309

s/=....$//

310

# Indent four spaces

311

/^[^-]/s/^/ /p

312

}

313

}' < "$SECFILE"

314

145

trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT

146

147

# Create batch file for GnuPG

148

cat >"$BATCHFILE" <<EOF

149

Key-Type: $KEYTYPE

150

Key-Length: $KEYLENGTH

151

#Key-Usage: encrypt,sign,auth

152

Name-Real: $KEYNAME

153

$KEYCOMMENTLINE

154

$KEYEMAILLINE

155

Expire-Date: $KEYEXPIRE

156

%pubring $PUBRING

157

%secring $SECRING

158

%commit

159

EOF

160

161

umask 027

162

163

# Generate a new key in the key rings

164

gpg --no-random-seed-file --quiet --batch --no-tty \

165

--no-default-keyring --no-options --batch \

166

--secret-keyring "$SECRING" --keyring "$PUBRING" \

167

--gen-key "$BATCHFILE"

168

rm --force "$BATCHFILE"

169

170

# Backup any old key files

171

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

172

2>/dev/null; then

173

shred --remove "$SECKEYFILE"

174

175

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

176

2>/dev/null; then

177

rm --force "$PUBKEYFILE"

178

179

180

FILECOMMENT="Mandos client key for $KEYNAME"

181

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

182

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

183

184

185

if [ -n "$KEYEMAIL" ]; then

186

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

187

188

189

# Export keys from key rings to key files

190

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

191

--no-default-keyring --secret-keyring "$SECRING" \

192

--keyring "$PUBRING" --export-options export-minimal \

193

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

194

--export-secret-keys

195

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

196

--no-default-keyring --secret-keyring "$SECRING" \

197

--keyring "$PUBRING" --export-options export-minimal \

198

--comment "$FILECOMMENT" --output "$PUBKEYFILE" \

199

--export

315

200

316

201

trap - EXIT

317

202

318

set +e

319

# Remove the password file, if any

320

if [ -n "$SECFILE" ]; then

321

shred --remove "$SECFILE"

322

323

203

# Remove the key rings

324

shred --remove "$RINGDIR"/sec*

325

rm --recursive --force "$RINGDIR"

204

shred --remove "$SECRING"

205

rm --force "$PUBRING"

Older »