/mandos/trunk : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/watch

default-mandos

init.d-mandos

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.lsm

overview.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.3.1"

VERSION="1.0"

KEYDIR="/etc/keys/mandos"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYLENGTH=1024

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Usage: `basename $0` [options]

Key creation options:

Options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

Key length in bits. Default is 1024.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

-e EMAIL, --email EMAIL

Email address of key. Default is empty.

-c TEXT, --comment TEXT

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-f, --force Force overwriting old keys.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

100

-l|--length) KEYLENGTH="$2"; shift 2;;

101

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

102

-n|--name) KEYNAME="$2"; shift 2;;

103

-e|--email) KEYEMAIL="$2"; shift 2;;

104

-c|--comment) KEYCOMMENT="$2"; shift 2;;

105

-x|--expire) KEYEXPIRE="$2"; shift 2;;

-x|--expire) KEYCOMMENT="$2"; shift 2;;

106

-f|--force) FORCE=yes; shift;;

107

-v|--version) echo "$0 $VERSION"; exit;;

108

-h|--help) help; exit;;

119

PUBKEYFILE="$KEYDIR/pubkey.txt"

120

121

# Check for some invalid values

122

if [ ! -d "$KEYDIR" ]; then

if [ -d "$KEYDIR" ]; then :; else

123

echo "$KEYDIR not a directory" >&2

124

exit 1

125

126

if [ ! -r "$KEYDIR" ]; then

127

echo "Directory $KEYDIR not readable" >&2

128

exit 1

129

130

131

if [ "$mode" = keygen ]; then

132

if [ ! -w "$KEYDIR" ]; then

133

echo "Directory $KEYDIR not writeable" >&2

134

exit 1

135

136

if [ -z "$KEYTYPE" ]; then

137

echo "Empty key type" >&2

138

exit 1

139

140

141

if [ -z "$KEYNAME" ]; then

142

echo "Empty key name" >&2

143

exit 1

144

145

146

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

147

echo "Invalid key length" >&2

148

exit 1

149

150

151

if [ -z "$KEYEXPIRE" ]; then

152

echo "Empty key expiration" >&2

153

exit 1

154

155

156

# Make FORCE be 0 or 1

157

case "$FORCE" in

158

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

159

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

160

esac

161

162

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

163

-a "$FORCE" -eq 0 ]; then

164

echo "Refusing to overwrite old key files; use --force" >&2

165

exit 1

166

167

168

# Set lines for GnuPG batch file

169

if [ -n "$KEYCOMMENT" ]; then

170

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

171

172

if [ -n "$KEYEMAIL" ]; then

173

KEYEMAILLINE="Name-Email: $KEYEMAIL"

174

175

176

# Create temporary gpg batch file

177

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

178

179

180

if [ "$mode" = password ]; then

181

# Create temporary encrypted password file

182

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

183

184

185

# Create temporary key ring directory

186

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

if [ -w "$KEYDIR" ]; then :; else

echo "Directory $KEYDIR not writeable" >&2

exit 1

if [ -z "$KEYTYPE" ]; then

100

echo "Empty key type" >&2

101

exit 1

102

103

104

if [ -z "$KEYNAME" ]; then

105

echo "Empty key name" >&2

106

exit 1

107

108

109

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

110

echo "Invalid key length" >&2

111

exit 1

112

113

114

if [ -z "$KEYEXPIRE" ]; then

115

echo "Empty key expiration" >&2

116

exit 1

117

118

119

# Make FORCE be 0 or 1

120

case "$FORCE" in

121

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

122

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

123

esac

124

125

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

126

&& [ "$FORCE" -eq 0 ]; then

127

echo "Refusing to overwrite old key files; use --force" >&2

128

exit 1

129

130

131

# Set lines for GnuPG batch file

132

if [ -n "$KEYCOMMENT" ]; then

133

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

134

135

if [ -n "$KEYEMAIL" ]; then

136

KEYEMAILLINE="Name-Email: $KEYEMAIL"

137

138

139

# Create temp files

140

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

141

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

142

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

187

143

188

144

# Remove temporary files on exit

189

trap "

190

set +e; \

191

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

192

shred --remove \"$RINGDIR\"/sec*;

193

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

194

rm --recursive --force \"$RINGDIR\";

195

tty --quiet && stty echo; \

196

" EXIT

197

198

set -e

199

200

umask 077

201

202

if [ "$mode" = keygen ]; then

203

# Create batch file for GnuPG

204

cat >"$BATCHFILE" <<-EOF

205

Key-Type: $KEYTYPE

206

Key-Length: $KEYLENGTH

207

#Key-Usage: encrypt,sign,auth

208

Subkey-Type: $SUBKEYTYPE

209

Subkey-Length: $SUBKEYLENGTH

210

#Subkey-Usage: encrypt,sign,auth

211

Name-Real: $KEYNAME

212

$KEYCOMMENTLINE

213

$KEYEMAILLINE

214

Expire-Date: $KEYEXPIRE

215

#Preferences: <string>

216

#Handle: <no-spaces>

217

#%pubring pubring.gpg

218

#%secring secring.gpg

219

%commit

220

EOF

221

222

if tty --quiet; then

223

cat <<-EOF

224

Note: Due to entropy requirements, key generation could take

225

anything from a few minutes to SEVERAL HOURS. Please be

226

patient and/or supply the system with more entropy if needed.

227

EOF

228

echo -n "Started: "

229

date

230

231

232

# Generate a new key in the key rings

233

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

234

--homedir "$RINGDIR" --trust-model always \

235

--gen-key "$BATCHFILE"

236

rm --force "$BATCHFILE"

237

238

if tty --quiet; then

239

echo -n "Finished: "

240

date

241

242

243

# Backup any old key files

244

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

245

2>/dev/null; then

246

shred --remove "$SECKEYFILE"

247

248

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

249

2>/dev/null; then

250

rm --force "$PUBKEYFILE"

251

252

253

FILECOMMENT="Mandos client key for $KEYNAME"

254

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

255

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

256

257

258

if [ -n "$KEYEMAIL" ]; then

259

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

260

261

262

# Export key from key rings to key files

263

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

264

--homedir "$RINGDIR" --armor --export-options export-minimal \

265

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

266

--export-secret-keys

267

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

268

--homedir "$RINGDIR" --armor --export-options export-minimal \

269

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

270

271

272

if [ "$mode" = password ]; then

273

# Import key into temporary key rings

274

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

275

--homedir "$RINGDIR" --trust-model always --armor \

276

--import "$SECKEYFILE"

277

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

278

--homedir "$RINGDIR" --trust-model always --armor \

279

--import "$PUBKEYFILE"

280

281

# Get fingerprint of key

282

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

283

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

284

--fingerprint --with-colons \

285

| sed --quiet \

286

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

287

288

test -n "$FINGERPRINT"

289

290

FILECOMMENT="Encrypted password for a Mandos client"

291

292

while [ ! -s "$SECFILE" ]; do

293

if [ -n "$PASSFILE" ]; then

294

cat "$PASSFILE"

295

else

296

tty --quiet && stty -echo

297

read -p "Enter passphrase: " first

298

tty --quiet && echo >&2

299

read -p "Repeat passphrase: " second

300

if tty --quiet; then

301

echo >&2

302

stty echo

303

304

if [ "$first" != "$second" ]; then

305

echo "Passphrase mismatch" >&2

306

touch "$RINGDIR"/mismatch

307

else

308

echo -n "$first"

309

310

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

311

--homedir "$RINGDIR" --trust-model always --armor \

312

--encrypt --sign --recipient "$FINGERPRINT" --comment \

313

"$FILECOMMENT" > "$SECFILE"

314

if [ -e "$RINGDIR"/mismatch ]; then

315

rm --force "$RINGDIR"/mismatch

316

if tty --quiet; then

317

> "$SECFILE"

318

else

319

exit 1

320

321

322

done

323

324

cat <<-EOF

325

[$KEYNAME]

326

host = $KEYNAME

327

fingerprint = $FINGERPRINT

328

secret =

329

EOF

330

sed --quiet --expression='

331

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

332

/^$/,${

333

# Remove 24-bit Radix-64 checksum

334

s/=....$//

335

# Indent four spaces

336

/^[^-]/s/^/ /p

337

}

338

}' < "$SECFILE"

339

145

trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT

146

147

# Create batch file for GnuPG

148

cat >"$BATCHFILE" <<EOF

149

Key-Type: $KEYTYPE

150

Key-Length: $KEYLENGTH

151

#Key-Usage: encrypt,sign,auth

152

Name-Real: $KEYNAME

153

$KEYCOMMENTLINE

154

$KEYEMAILLINE

155

Expire-Date: $KEYEXPIRE

156

%pubring $PUBRING

157

%secring $SECRING

158

%commit

159

EOF

160

161

umask 027

162

163

# Generate a new key in the key rings

164

gpg --no-random-seed-file --quiet --batch --no-tty \

165

--no-default-keyring --no-options --batch \

166

--secret-keyring "$SECRING" --keyring "$PUBRING" \

167

--gen-key "$BATCHFILE"

168

rm --force "$BATCHFILE"

169

170

# Backup any old key files

171

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

172

2>/dev/null; then

173

shred --remove "$SECKEYFILE"

174

175

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

176

2>/dev/null; then

177

rm --force "$PUBKEYFILE"

178

179

180

FILECOMMENT="Mandos client key for $KEYNAME"

181

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

182

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

183

184

185

if [ -n "$KEYEMAIL" ]; then

186

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

187

188

189

# Export keys from key rings to key files

190

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

191

--no-default-keyring --secret-keyring "$SECRING" \

192

--keyring "$PUBRING" --export-options export-minimal \

193

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

194

--export-secret-keys

195

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

196

--no-default-keyring --secret-keyring "$SECRING" \

197

--keyring "$PUBRING" --export-options export-minimal \

198

--comment "$FILECOMMENT" --output "$PUBKEYFILE" \

199

--export

340

200

341

201

trap - EXIT

342

202

343

set +e

344

# Remove the password file, if any

345

if [ -n "$SECFILE" ]; then

346

shred --remove "$SECFILE"

347

348

203

# Remove the key rings

349

shred --remove "$RINGDIR"/sec*

350

rm --recursive --force "$RINGDIR"

204

shred --remove "$SECRING"

205

rm --force "$PUBRING"

Older »