/mandos/trunk : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

README

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/rules

default-mandos

etc-plugins.d-README

init.d-mandos

legalnotice.xml

mandos-keygen.xml

mandos-options.xml

overview.xml

plugin-runner.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

VERSION="1.0"

KEYDIR="/etc/keys/mandos"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYLENGTH=1024

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

Usage: `basename $0` [options]

Key creation options:

Options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

Key length in bits. Default is 1024.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

-e EMAIL, --email EMAIL

Email address of key. Default is empty.

-c TEXT, --comment TEXT

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old keys.

Password creation options:

-p, --password Create an encrypted password using the keys in

the key directory. All options other than

--dir and --name are ignored.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

-l|--length) KEYLENGTH="$2"; shift 2;;

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

-n|--name) KEYNAME="$2"; shift 2;;

-e|--email) KEYEMAIL="$2"; shift 2;;

-c|--comment) KEYCOMMENT="$2"; shift 2;;

-x|--expire) KEYEXPIRE="$2"; shift 2;;

-x|--expire) KEYCOMMENT="$2"; shift 2;;

-f|--force) FORCE=yes; shift;;

100

-v|--version) echo "$0 $VERSION"; exit;;

101

-h|--help) help; exit;;

112

PUBKEYFILE="$KEYDIR/pubkey.txt"

113

114

# Check for some invalid values

115

if [ ! -d "$KEYDIR" ]; then

if [ -d "$KEYDIR" ]; then :; else

116

echo "$KEYDIR not a directory" >&2

117

exit 1

118

119

if [ ! -r "$KEYDIR" ]; then

120

echo "Directory $KEYDIR not readable" >&2

121

exit 1

122

123

124

if [ "$mode" = keygen ]; then

125

if [ ! -w "$KEYDIR" ]; then

126

echo "Directory $KEYDIR not writeable" >&2

127

exit 1

128

129

if [ -z "$KEYTYPE" ]; then

130

echo "Empty key type" >&2

131

exit 1

132

133

134

if [ -z "$KEYNAME" ]; then

135

echo "Empty key name" >&2

136

exit 1

137

138

139

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

140

echo "Invalid key length" >&2

141

exit 1

142

143

144

if [ -z "$KEYEXPIRE" ]; then

145

echo "Empty key expiration" >&2

146

exit 1

147

148

149

# Make FORCE be 0 or 1

150

case "$FORCE" in

151

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

152

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

153

esac

154

155

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

156

-a "$FORCE" -eq 0 ]; then

157

echo "Refusing to overwrite old key files; use --force" >&2

158

exit 1

159

160

161

# Set lines for GnuPG batch file

162

if [ -n "$KEYCOMMENT" ]; then

163

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

164

165

if [ -n "$KEYEMAIL" ]; then

166

KEYEMAILLINE="Name-Email: $KEYEMAIL"

167

168

169

# Create temporary gpg batch file

170

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

171

172

173

if [ "$mode" = password ]; then

174

# Create temporary encrypted password file

175

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

176

177

178

# Create temporary key ring directory

179

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

if [ -w "$KEYDIR" ]; then :; else

echo "Directory $KEYDIR not writeable" >&2

exit 1

if [ -z "$KEYTYPE" ]; then

100

echo "Empty key type" >&2

101

exit 1

102

103

104

if [ -z "$KEYNAME" ]; then

105

echo "Empty key name" >&2

106

exit 1

107

108

109

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

110

echo "Invalid key length" >&2

111

exit 1

112

113

114

if [ -z "$KEYEXPIRE" ]; then

115

echo "Empty key expiration" >&2

116

exit 1

117

118

119

# Make FORCE be 0 or 1

120

case "$FORCE" in

121

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

122

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

123

esac

124

125

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

126

&& [ "$FORCE" -eq 0 ]; then

127

echo "Refusing to overwrite old key files; use --force" >&2

128

exit 1

129

130

131

# Set lines for GnuPG batch file

132

if [ -n "$KEYCOMMENT" ]; then

133

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

134

135

if [ -n "$KEYEMAIL" ]; then

136

KEYEMAILLINE="Name-Email: $KEYEMAIL"

137

138

139

# Create temp files

140

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

141

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

142

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

180

143

181

144

# Remove temporary files on exit

182

trap "

183

set +e; \

184

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

185

shred --remove \"$RINGDIR\"/sec*;

186

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

187

rm --recursive --force \"$RINGDIR\";

188

stty echo; \

189

" EXIT

190

191

umask 077

192

193

if [ "$mode" = keygen ]; then

194

# Create batch file for GnuPG

195

cat >"$BATCHFILE" <<-EOF

196

Key-Type: $KEYTYPE

197

Key-Length: $KEYLENGTH

198

#Key-Usage: encrypt,sign,auth

199

Subkey-Type: $SUBKEYTYPE

200

Subkey-Length: $SUBKEYLENGTH

201

#Subkey-Usage: encrypt,sign,auth

202

Name-Real: $KEYNAME

203

$KEYCOMMENTLINE

204

$KEYEMAILLINE

205

Expire-Date: $KEYEXPIRE

206

#Preferences: <string>

207

#Handle: <no-spaces>

208

#%pubring pubring.gpg

209

#%secring secring.gpg

210

%commit

211

EOF

212

213

# Generate a new key in the key rings

214

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

215

--homedir "$RINGDIR" --trust-model always \

216

--gen-key "$BATCHFILE"

217

rm --force "$BATCHFILE"

218

219

# Backup any old key files

220

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

221

2>/dev/null; then

222

shred --remove "$SECKEYFILE"

223

224

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

225

2>/dev/null; then

226

rm --force "$PUBKEYFILE"

227

228

229

FILECOMMENT="Mandos client key for $KEYNAME"

230

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

231

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

232

233

234

if [ -n "$KEYEMAIL" ]; then

235

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

236

237

238

# Export keys from key rings to key files

239

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

240

--homedir "$RINGDIR" --armor --export-options export-minimal \

241

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

242

--export-secret-keys

243

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

244

--homedir "$RINGDIR" --armor --export-options export-minimal \

245

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

246

247

248

if [ "$mode" = password ]; then

249

# Import keys into temporary key rings

250

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

251

--homedir "$RINGDIR" --trust-model always --armor \

252

--import "$SECKEYFILE"

253

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

254

--homedir "$RINGDIR" --trust-model always --armor \

255

--import "$PUBKEYFILE"

256

257

# Get fingerprint of key

258

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

259

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

260

--fingerprint --with-colons \

261

| sed --quiet \

262

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

263

264

test -n "$FINGERPRINT"

265

266

FILECOMMENT="Encrypted password for a Mandos client"

267

268

stty -echo

269

echo -n "Enter passphrase: " >&2

270

head --lines=1 | tr --delete '\n' \

271

| gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

272

--homedir "$RINGDIR" --trust-model always --armor --encrypt \

273

--recipient "$FINGERPRINT" --comment "$FILECOMMENT" \

274

> "$SECFILE"

275

echo >&2

276

stty echo

277

278

cat <<-EOF

279

[$KEYNAME]

280

host = $KEYNAME

281

fingerprint = $FINGERPRINT

282

secret =

145

trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT

146

147

# Create batch file for GnuPG

148

cat >"$BATCHFILE" <<EOF

149

Key-Type: $KEYTYPE

150

Key-Length: $KEYLENGTH

151

#Key-Usage: encrypt,sign,auth

152

Name-Real: $KEYNAME

153

$KEYCOMMENTLINE

154

$KEYEMAILLINE

155

Expire-Date: $KEYEXPIRE

156

%pubring $PUBRING

157

%secring $SECRING

158

%commit

283

159

EOF

284

sed --quiet --expression='

285

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

286

/^$/,${

287

# Remove 24-bit Radix-64 checksum

288

s/=....$//

289

# Indent four spaces

290

/^[^-]/s/^/ /p

291

}

292

}' < "$SECFILE"

293

160

161

umask 027

162

163

# Generate a new key in the key rings

164

gpg --no-random-seed-file --quiet --batch --no-tty \

165

--no-default-keyring --no-options --batch \

166

--secret-keyring "$SECRING" --keyring "$PUBRING" \

167

--gen-key "$BATCHFILE"

168

rm --force "$BATCHFILE"

169

170

# Backup any old key files

171

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

172

2>/dev/null; then

173

shred --remove "$SECKEYFILE"

174

175

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

176

2>/dev/null; then

177

rm --force "$PUBKEYFILE"

178

179

180

FILECOMMENT="Mandos client key for $KEYNAME"

181

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

182

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

183

184

185

if [ -n "$KEYEMAIL" ]; then

186

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

187

188

189

# Export keys from key rings to key files

190

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

191

--no-default-keyring --secret-keyring "$SECRING" \

192

--keyring "$PUBRING" --export-options export-minimal \

193

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

194

--export-secret-keys

195

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

196

--no-default-keyring --secret-keyring "$SECRING" \

197

--keyring "$PUBRING" --export-options export-minimal \

198

--comment "$FILECOMMENT" --output "$PUBKEYFILE" \

199

--export

294

200

295

201

trap - EXIT

296

202

297

set +e

298

# Remove the password file, if any

299

if [ -n "$SECFILE" ]; then

300

shred --remove "$SECFILE"

301

302

203

# Remove the key rings

303

shred --remove "$RINGDIR"/sec*

304

rm --recursive --force "$RINGDIR"

204

shred --remove "$SECRING"

205

rm --force "$PUBRING"

Older »