/mandos/trunk : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
initramfs-tools-hook-conf

network-protocol.txt

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This file is part of Mandos.

# Mandos is free software: you can redistribute it and/or modify it

# under the terms of the GNU General Public License as published by

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# Mandos is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with Mandos. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@recompile.se>.

VERSION="1.7.20"

KEYDIR="/etc/keys/mandos"

KEYTYPE=RSA

KEYLENGTH=4096

SUBKEYTYPE=RSA

SUBKEYLENGTH=4096

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.0"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=1024

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

SSH=yes

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename "$0"`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Usage: `basename $0` [options]

Key creation options:

Options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is RSA.

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 4096.

-s TYPE, --subtype TYPE

Subkey type. Default is RSA.

-L BITS, --sublength BITS

Subkey length in bits. Default is 4096.

Key length in bits. Default is 1024.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

-e EMAIL, --email EMAIL

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default is empty.

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-S, --no-ssh Don't get SSH key or set "checker" option.

-f, --force Force overwriting old keys.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

100

-d|--dir) KEYDIR="$2"; shift 2;;

101

-t|--type) KEYTYPE="$2"; shift 2;;

102

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

103

-l|--length) KEYLENGTH="$2"; shift 2;;

104

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

105

-n|--name) KEYNAME="$2"; shift 2;;

106

-e|--email) KEYEMAIL="$2"; shift 2;;

107

-c|--comment) KEYCOMMENT="$2"; shift 2;;

108

-x|--expire) KEYEXPIRE="$2"; shift 2;;

-x|--expire) KEYCOMMENT="$2"; shift 2;;

109

-f|--force) FORCE=yes; shift;;

110

-S|--no-ssh) SSH=no; shift;;

111

-v|--version) echo "$0 $VERSION"; exit;;

112

-h|--help) help; exit;;

113

--) shift; break;;

115

esac

116

done

117

if [ "$#" -gt 0 ]; then

118

echo "Unknown arguments: '$*'" >&2

echo "Unknown arguments: '$@'" >&2

119

exit 1

120

121

123

PUBKEYFILE="$KEYDIR/pubkey.txt"

124

125

# Check for some invalid values

126

if [ ! -d "$KEYDIR" ]; then

if [ -d "$KEYDIR" ]; then :; else

127

echo "$KEYDIR not a directory" >&2

128

exit 1

129

130

if [ ! -r "$KEYDIR" ]; then

131

echo "Directory $KEYDIR not readable" >&2

132

exit 1

133

134

135

if [ "$mode" = keygen ]; then

136

if [ ! -w "$KEYDIR" ]; then

137

echo "Directory $KEYDIR not writeable" >&2

138

exit 1

139

140

if [ -z "$KEYTYPE" ]; then

141

echo "Empty key type" >&2

142

exit 1

143

144

145

if [ -z "$KEYNAME" ]; then

146

echo "Empty key name" >&2

147

exit 1

148

149

150

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

151

echo "Invalid key length" >&2

152

exit 1

153

154

155

if [ -z "$KEYEXPIRE" ]; then

156

echo "Empty key expiration" >&2

157

exit 1

158

159

160

# Make FORCE be 0 or 1

161

case "$FORCE" in

162

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

163

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

164

esac

165

166

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

167

&& [ "$FORCE" -eq 0 ]; then

168

echo "Refusing to overwrite old key files; use --force" >&2

169

exit 1

170

171

172

# Set lines for GnuPG batch file

173

if [ -n "$KEYCOMMENT" ]; then

174

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

175

176

if [ -n "$KEYEMAIL" ]; then

177

KEYEMAILLINE="Name-Email: $KEYEMAIL"

178

179

180

# Create temporary gpg batch file

181

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

182

183

184

if [ "$mode" = password ]; then

185

# Create temporary encrypted password file

186

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

187

188

189

# Create temporary key ring directory

190

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

if [ -w "$KEYDIR" ]; then :; else

echo "Directory $KEYDIR not writeable" >&2

exit 1

if [ -z "$KEYTYPE" ]; then

100

echo "Empty key type" >&2

101

exit 1

102

103

104

if [ -z "$KEYNAME" ]; then

105

echo "Empty key name" >&2

106

exit 1

107

108

109

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

110

echo "Invalid key length" >&2

111

exit 1

112

113

114

if [ -z "$KEYEXPIRE" ]; then

115

echo "Empty key expiration" >&2

116

exit 1

117

118

119

# Make FORCE be 0 or 1

120

case "$FORCE" in

121

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

122

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

123

esac

124

125

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

126

&& [ "$FORCE" -eq 0 ]; then

127

echo "Refusing to overwrite old key files; use --force" >&2

128

exit 1

129

130

131

# Set lines for GnuPG batch file

132

if [ -n "$KEYCOMMENT" ]; then

133

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

134

135

if [ -n "$KEYEMAIL" ]; then

136

KEYEMAILLINE="Name-Email: $KEYEMAIL"

137

138

139

# Create temp files

140

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

141

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

142

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

191

143

192

144

# Remove temporary files on exit

193

trap "

194

set +e; \

195

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

196

shred --remove \"$RINGDIR\"/sec* 2>/dev/null;

197

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

198

rm --recursive --force \"$RINGDIR\";

199

tty --quiet && stty echo; \

200

" EXIT

201

202

set -e

203

204

umask 077

205

206

if [ "$mode" = keygen ]; then

207

# Create batch file for GnuPG

208

cat >"$BATCHFILE" <<-EOF

209

Key-Type: $KEYTYPE

210

Key-Length: $KEYLENGTH

211

Key-Usage: sign,auth

212

Subkey-Type: $SUBKEYTYPE

213

Subkey-Length: $SUBKEYLENGTH

214

Subkey-Usage: encrypt

215

Name-Real: $KEYNAME

216

$KEYCOMMENTLINE

217

$KEYEMAILLINE

218

Expire-Date: $KEYEXPIRE

219

#Preferences: <string>

220

#Handle: <no-spaces>

221

#%pubring pubring.gpg

222

#%secring secring.gpg

223

%no-protection

224

%commit

225

EOF

226

227

if tty --quiet; then

228

cat <<-EOF

229

Note: Due to entropy requirements, key generation could take

230

anything from a few minutes to SEVERAL HOURS. Please be

231

patient and/or supply the system with more entropy if needed.

232

EOF

233

echo -n "Started: "

234

date

235

236

237

# Make sure trustdb.gpg exists;

238

# this is a workaround for Debian bug #737128

239

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

240

--homedir "$RINGDIR" \

241

--import-ownertrust < /dev/null

242

# Generate a new key in the key rings

243

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

244

--homedir "$RINGDIR" --trust-model always \

245

--gen-key "$BATCHFILE"

246

rm --force "$BATCHFILE"

247

248

if tty --quiet; then

249

echo -n "Finished: "

250

date

251

252

253

# Backup any old key files

254

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

255

2>/dev/null; then

256

shred --remove "$SECKEYFILE"

257

258

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

259

2>/dev/null; then

260

rm --force "$PUBKEYFILE"

261

262

263

FILECOMMENT="Mandos client key for $KEYNAME"

264

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

265

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

266

267

268

if [ -n "$KEYEMAIL" ]; then

269

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

270

271

272

# Export key from key rings to key files

273

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

274

--homedir "$RINGDIR" --armor --export-options export-minimal \

275

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

276

--export-secret-keys

277

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

278

--homedir "$RINGDIR" --armor --export-options export-minimal \

279

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

280

281

282

if [ "$mode" = password ]; then

283

284

# Make SSH be 0 or 1

285

case "$SSH" in

286

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;

287

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;

288

esac

289

290

if [ $SSH -eq 1 ]; then

291

for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do

292

set +e

293

ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"

294

err=$?

295

set -e

296

if [ $err -ne 0 ]; then

297

ssh_fingerprint=""

298

continue

299

300

if [ -n "$ssh_fingerprint" ]; then

301

ssh_fingerprint="${ssh_fingerprint#localhost }"

302

break

303

304

done

305

306

307

# Import key into temporary key rings

308

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

309

--homedir "$RINGDIR" --trust-model always --armor \

310

--import "$SECKEYFILE"

311

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

312

--homedir "$RINGDIR" --trust-model always --armor \

313

--import "$PUBKEYFILE"

314

315

# Get fingerprint of key

316

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

317

--enable-dsa2 --homedir "$RINGDIR" --trust-model always \

318

--fingerprint --with-colons \

319

| sed --quiet \

320

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

321

322

test -n "$FINGERPRINT"

323

324

FILECOMMENT="Encrypted password for a Mandos client"

325

326

while [ ! -s "$SECFILE" ]; do

327

if [ -n "$PASSFILE" ]; then

328

cat "$PASSFILE"

329

else

330

tty --quiet && stty -echo

331

echo -n "Enter passphrase: " >/dev/tty

332

read -r first

333

tty --quiet && echo >&2

334

echo -n "Repeat passphrase: " >/dev/tty

335

read -r second

336

if tty --quiet; then

337

echo >&2

338

stty echo

339

340

if [ "$first" != "$second" ]; then

341

echo "Passphrase mismatch" >&2

342

touch "$RINGDIR"/mismatch

343

else

344

echo -n "$first"

345

346

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

347

--homedir "$RINGDIR" --trust-model always --armor \

348

--encrypt --sign --recipient "$FINGERPRINT" --comment \

349

"$FILECOMMENT" > "$SECFILE"

350

if [ -e "$RINGDIR"/mismatch ]; then

351

rm --force "$RINGDIR"/mismatch

352

if tty --quiet; then

353

> "$SECFILE"

354

else

355

exit 1

356

357

358

done

359

360

cat <<-EOF

361

[$KEYNAME]

362

host = $KEYNAME

363

fingerprint = $FINGERPRINT

364

secret =

365

EOF

366

sed --quiet --expression='

367

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

368

/^$/,${

369

# Remove 24-bit Radix-64 checksum

370

s/=....$//

371

# Indent four spaces

372

/^[^-]/s/^/ /p

373

}

374

}' < "$SECFILE"

375

if [ -n "$ssh_fingerprint" ]; then

376

echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'

377

echo "ssh_fingerprint = ${ssh_fingerprint}"

378

379

145

trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT

146

147

# Create batch file for GnuPG

148

cat >"$BATCHFILE" <<EOF

149

Key-Type: $KEYTYPE

150

Key-Length: $KEYLENGTH

151

#Key-Usage: encrypt,sign,auth

152

Name-Real: $KEYNAME

153

$KEYCOMMENTLINE

154

$KEYEMAILLINE

155

Expire-Date: $KEYEXPIRE

156

%pubring $PUBRING

157

%secring $SECRING

158

%commit

159

EOF

160

161

umask 027

162

163

# Generate a new key in the key rings

164

gpg --no-random-seed-file --quiet --batch --no-tty \

165

--no-default-keyring --no-options --batch \

166

--secret-keyring "$SECRING" --keyring "$PUBRING" \

167

--gen-key "$BATCHFILE"

168

rm --force "$BATCHFILE"

169

170

# Backup any old key files

171

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

172

2>/dev/null; then

173

shred --remove "$SECKEYFILE"

174

175

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

176

2>/dev/null; then

177

rm --force "$PUBKEYFILE"

178

179

180

FILECOMMENT="Mandos client key for $KEYNAME"

181

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

182

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

183

184

185

if [ -n "$KEYEMAIL" ]; then

186

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

187

188

189

# Export keys from key rings to key files

190

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

191

--no-default-keyring --secret-keyring "$SECRING" \

192

--keyring "$PUBRING" --export-options export-minimal \

193

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

194

--export-secret-keys

195

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

196

--no-default-keyring --secret-keyring "$SECRING" \

197

--keyring "$PUBRING" --export-options export-minimal \

198

--comment "$FILECOMMENT" --output "$PUBKEYFILE" \

199

--export

380

200

381

201

trap - EXIT

382

202

383

set +e

384

# Remove the password file, if any

385

if [ -n "$SECFILE" ]; then

386

shred --remove "$SECFILE"

387

388

203

# Remove the key rings

389

shred --remove "$RINGDIR"/sec* 2>/dev/null

390

rm --recursive --force "$RINGDIR"

204

shred --remove "$SECRING"

205

rm --force "$PUBRING"

Older »