/mandos/trunk : revision 238

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-12-10 01:26:02 UTC
mfrom: (237.1.2 mandos)
Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files removed:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@recompile.se>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.7.15"

VERSION="1.0.2"

KEYDIR="/etc/keys/mandos"

KEYTYPE=RSA

KEYLENGTH=4096

SUBKEYTYPE=RSA

SUBKEYLENGTH=4096

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYEMAIL=""

KEYCOMMENT=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

SSH=yes

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename "$0"`"

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is RSA.

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 4096.

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is RSA.

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 4096.

Subkey length in bits. Default is 2048.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default is empty.

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-S, --no-ssh Don't get SSH key or set "checker" option.

EOF

}

105

104

-c|--comment) KEYCOMMENT="$2"; shift 2;;

106

105

-x|--expire) KEYEXPIRE="$2"; shift 2;;

107

106

-f|--force) FORCE=yes; shift;;

108

-S|--no-ssh) SSH=no; shift;;

109

107

-v|--version) echo "$0 $VERSION"; exit;;

110

108

-h|--help) help; exit;;

111

109

--) shift; break;;

113

111

esac

114

112

done

115

113

if [ "$#" -gt 0 ]; then

116

echo "Unknown arguments: '$*'" >&2

114

echo "Unknown arguments: '$@'" >&2

117

115

exit 1

118

116

119

117

149

147

echo "Invalid key length" >&2

150

148

exit 1

151

149

152

150

153

151

if [ -z "$KEYEXPIRE" ]; then

154

152

echo "Empty key expiration" >&2

155

153

exit 1

161

159

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

162

160

esac

163

161

164

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

165

&& [ "$FORCE" -eq 0 ]; then

162

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

163

-a "$FORCE" -eq 0 ]; then

166

164

echo "Refusing to overwrite old key files; use --force" >&2

167

165

exit 1

168

166

174

172

if [ -n "$KEYEMAIL" ]; then

175

173

KEYEMAILLINE="Name-Email: $KEYEMAIL"

176

174

177

175

178

176

# Create temporary gpg batch file

179

177

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

180

178

191

189

trap "

192

190

set +e; \

193

191

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

194

shred --remove \"$RINGDIR\"/sec* 2>/dev/null;

192

shred --remove \"$RINGDIR\"/sec*;

195

193

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

196

194

rm --recursive --force \"$RINGDIR\";

197

tty --quiet && stty echo; \

195

stty echo; \

198

196

" EXIT

199

197

200

set -e

201

202

198

umask 077

203

199

204

200

if [ "$mode" = keygen ]; then

206

202

cat >"$BATCHFILE" <<-EOF

207

203

Key-Type: $KEYTYPE

208

204

Key-Length: $KEYLENGTH

209

Key-Usage: sign,auth

205

#Key-Usage: encrypt,sign,auth

210

206

Subkey-Type: $SUBKEYTYPE

211

207

Subkey-Length: $SUBKEYLENGTH

212

Subkey-Usage: encrypt

208

#Subkey-Usage: encrypt,sign,auth

213

209

Name-Real: $KEYNAME

214

210

$KEYCOMMENTLINE

215

211

$KEYEMAILLINE

218

214

#Handle: <no-spaces>

219

215

#%pubring pubring.gpg

220

216

#%secring secring.gpg

221

%no-protection

222

217

%commit

223

218

EOF

224

219

225

if tty --quiet; then

226

cat <<-EOF

227

Note: Due to entropy requirements, key generation could take

228

anything from a few minutes to SEVERAL HOURS. Please be

229

patient and/or supply the system with more entropy if needed.

230

EOF

231

echo -n "Started: "

232

date

233

234

235

# Make sure trustdb.gpg exists;

236

# this is a workaround for Debian bug #737128

237

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

238

--homedir "$RINGDIR" \

239

--import-ownertrust < /dev/null

240

220

# Generate a new key in the key rings

241

221

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

242

222

--homedir "$RINGDIR" --trust-model always \

243

223

--gen-key "$BATCHFILE"

244

224

rm --force "$BATCHFILE"

245

225

246

if tty --quiet; then

247

echo -n "Finished: "

248

date

249

250

251

226

# Backup any old key files

252

227

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

253

228

2>/dev/null; then

278

253

279

254

280

255

if [ "$mode" = password ]; then

281

282

# Make SSH be 0 or 1

283

case "$SSH" in

284

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;

285

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;

286

esac

287

288

if [ $SSH -eq 1 ]; then

289

for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do

290

set +e

291

ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"

292

err=$?

293

set -e

294

if [ $err -ne 0 ]; then

295

ssh_fingerprint=""

296

continue

297

298

if [ -n "$ssh_fingerprint" ]; then

299

ssh_fingerprint="${ssh_fingerprint#localhost }"

300

break

301

302

done

303

304

305

256

# Import key into temporary key rings

306

257

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

307

258

--homedir "$RINGDIR" --trust-model always --armor \

312

263

313

264

# Get fingerprint of key

314

265

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

315

--enable-dsa2 --homedir "$RINGDIR" --trust-model always \

266

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

316

267

--fingerprint --with-colons \

317

268

| sed --quiet \

318

269

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

321

272

322

273

FILECOMMENT="Encrypted password for a Mandos client"

323

274

324

while [ ! -s "$SECFILE" ]; do

325

if [ -n "$PASSFILE" ]; then

326

cat "$PASSFILE"

275

if [ -n "$PASSFILE" ]; then

276

cat "$PASSFILE"

277

else

278

stty -echo

279

echo -n "Enter passphrase: " >&2

280

first="$(head --lines=1 | tr --delete '\n')"

281

echo -n -e "\nRepeat passphrase: " >&2

282

second="$(head --lines=1 | tr --delete '\n')"

283

echo >&2

284

stty echo

285

if [ "$first" != "$second" ]; then

286

echo -e "Passphrase mismatch" >&2

287

false

327

288

else

328

tty --quiet && stty -echo

329

echo -n "Enter passphrase: " >/dev/tty

330

read -r first

331

tty --quiet && echo >&2

332

echo -n "Repeat passphrase: " >/dev/tty

333

read -r second

334

if tty --quiet; then

335

echo >&2

336

stty echo

337

338

if [ "$first" != "$second" ]; then

339

echo "Passphrase mismatch" >&2

340

touch "$RINGDIR"/mismatch

341

else

342

echo -n "$first"

343

344

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

345

--homedir "$RINGDIR" --trust-model always --armor \

346

--encrypt --sign --recipient "$FINGERPRINT" --comment \

347

"$FILECOMMENT" > "$SECFILE"

348

if [ -e "$RINGDIR"/mismatch ]; then

349

rm --force "$RINGDIR"/mismatch

350

if tty --quiet; then

351

> "$SECFILE"

352

else

353

exit 1

354

289

echo -n "$first"

355

290

356

done

291

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

292

--homedir "$RINGDIR" --trust-model always --armor --encrypt \

293

--sign --recipient "$FINGERPRINT" --comment "$FILECOMMENT" \

294

> "$SECFILE"

295

status="${PIPESTATUS[0]}"

296

if [ "$status" -ne 0 ]; then

297

exit "$status"

298

357

299

358

300

cat <<-EOF

359

301

[$KEYNAME]

370

312

/^[^-]/s/^/ /p

371

313

}

372

314

}' < "$SECFILE"

373

if [ -n "$ssh_fingerprint" ]; then

374

echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'

375

echo "ssh_fingerprint = ${ssh_fingerprint}"

376

377

315

378

316

379

317

trap - EXIT

384

322

shred --remove "$SECFILE"

385

323

386

324

# Remove the key rings

387

shred --remove "$RINGDIR"/sec* 2>/dev/null

325

shred --remove "$RINGDIR"/sec*

388

326

rm --recursive --force "$RINGDIR"

Older »