This file is indexed.

/usr/bin/monkeysphere is in monkeysphere 0.35-2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
#!/usr/bin/env bash

# monkeysphere: Monkeysphere client tool
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
# Micah Anderson <micah@riseup.net>
#
# They are Copyright 2008-2009, and are all released under the GPL, version 3
# or later.

########################################################################
set -e

PGRM=$(basename $0)

SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/defaultenv"
. "${SYSSHAREDIR}/common"

# sharedir for host functions
MSHAREDIR="${SYSSHAREDIR}/m"

# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')

# unset some environment variables that could screw things up
unset GREP_OPTIONS

# set the file creation mask to be only owner rw
umask 077

########################################################################
# FUNCTIONS
########################################################################

usage() {
    cat <<EOF >&2
usage: $PGRM <subcommand> [options] [args]
Monkeysphere client tool.

subcommands:
 update-known_hosts (k) [HOST]...    update known_hosts file
 update-authorized_keys (a)          update authorized_keys file
 ssh-proxycommand HOST [PORT]        monkeysphere ssh ProxyCommand
   --no-connect                        do not make TCP connection to host
 subkey-to-ssh-agent (s)             store authentication subkey in ssh-agent

 keys-for-userid (u) USERID          output valid ssh keys for given user id
 sshfprs-for-userid USERID           output ssh fingerprints for given user id
 gen-subkey (g) [KEYID]              generate an authentication subkey
   --length (-l) BITS                  key length in bits (2048)

 version (v)                         show version number
 help (h,?)                          this help

EOF
}

# user gpg command to define common options
gpg_user() {
    LC_ALL=C gpg --fixed-list-mode --no-greeting --quiet --no-tty "$@"
}

# output the ssh fingerprint of a gpg key
gpg_ssh_fingerprint() {
    keyid="$1"
    gpg_user --export "$keyid" --no-armor | "$SYSSHAREDIR/keytrans" openpgp2sshfpr "$keyid"
}

# take a secret key ID and check that only zero or one ID is provided,
# and that it corresponds to only a single secret key ID
check_gpg_sec_key_id() {
    local gpgSecOut

    case "$#" in
	0)
	    gpgSecOut=$(gpg_user --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
	    ;;
	1)
	    gpgSecOut=$(gpg_user --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
	    ;;
	*)
	    failure "You must specify only a single primary key ID."
	    ;;
    esac

    # check that only a single secret key was found
    case $(echo "$gpgSecOut" | grep -c '^sec:') in
	0)
	    failure "No secret keys found.  Create an OpenPGP key with the following command:
 gpg --gen-key"
	    ;;
	1)
	    echo "$gpgSecOut" | cut -d: -f5
	    ;;
	*)
	    local seckeys=$(echo "$gpgSecOut" | cut -d: -f5)
	    failure "Multiple primary secret keys found:
$seckeys
Please specify which primary key to use."
	    ;;
    esac
}

# check that a valid authentication subkey does not already exist
check_gpg_authentication_subkey() {
    local keyID
    local IFS
    local line
    local type
    local validity
    local usage

    keyID="$1"

    # check that a valid authentication key does not already exist
    IFS=$'\n'
    for line in $(gpg_user --list-keys --with-colons "$keyID") ; do
	type=$(echo "$line" | cut -d: -f1)
	validity=$(echo "$line" | cut -d: -f2)
	usage=$(echo "$line" | cut -d: -f12)

	# look at keys only
	if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
	    continue
	fi
	# check for authentication capability
	if ! check_capability "$usage" 'a' ; then
	    continue
	fi
	# if authentication key is valid, prompt to continue
	if [ "$validity" = 'u' ] ; then
	    echo "A valid authentication key already exists for primary key '$keyID'." 1>&2
	    if [ "$PROMPT" != "false" ] ; then
		printf "Are you sure you would like to generate another one? (y/N) " >&2
		read OK; OK=${OK:N}
		if [ "${OK/y/Y}" != 'Y' ] ; then
		    failure "aborting."
		fi
		break
	    else
		failure "aborting."
	    fi
	fi
    done
}

########################################################################
# MAIN
########################################################################

# set unset default variables
GNUPGHOME=${GNUPGHOME:="${HOME}/.gnupg"}
KNOWN_HOSTS="${HOME}/.ssh/known_hosts"
HASH_KNOWN_HOSTS="false"
AUTHORIZED_KEYS="${HOME}/.ssh/authorized_keys"

# unset the check keyserver variable, since that needs to have
# different defaults for the different functions
unset CHECK_KEYSERVER

# load global config
[ -r "${SYSCONFIGDIR}/monkeysphere.conf" ] \
    && . "${SYSCONFIGDIR}/monkeysphere.conf"

# set monkeysphere home directory
MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"}
mkdir -p -m 0700 "$MONKEYSPHERE_HOME"

# load local config
[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] \
    && . "$MONKEYSPHERE_CONFIG"

# set empty config variables with ones from the environment
GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=$GNUPGHOME}
LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
# if keyserver not specified in env or conf, then look in gpg.conf
if [ -z "$KEYSERVER" ] ; then
    if [ -f "${GNUPGHOME}/gpg.conf" ] ; then
	KEYSERVER=$(grep -e "^[[:space:]]*keyserver " "${GNUPGHOME}/gpg.conf" | tail -1 | awk '{ print $2 }')
    fi
fi
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=$KNOWN_HOSTS}
HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=$HASH_KNOWN_HOSTS}
AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS}
STRICT_MODES=${MONKEYSPHERE_STRICT_MODES:=$STRICT_MODES}

# other variables not in config file
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"}
REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"}
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
# note that only using '=' instead of ':=' tests only if the variable
# in unset, not if it's "null"
LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX='ms: '}

# export GNUPGHOME and make sure gpg home exists with proper
# permissions
export GNUPGHOME
mkdir -p -m 0700 "$GNUPGHOME"
export LOG_LEVEL
export LOG_PREFIX

if [ "$#" -eq 0 ] ; then 
    usage
    failure "Please supply a subcommand."
fi

# get subcommand
COMMAND="$1"
shift

case $COMMAND in
    'update-known_hosts'|'update-known-hosts'|'k')
	# whether or not to check keyservers
	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}

	source "${MSHAREDIR}/update_known_hosts"

	# if hosts are specified on the command line, process just
	# those hosts
	if [ "$1" ] ; then
	    update_known_hosts "$@"

	# otherwise, if no hosts are specified, process every host
	# in the user's known_hosts file
	else
	    process_known_hosts
	fi
	;;

    'update-authorized_keys'|'update-authorized-keys'|'a')
	# whether or not to check keyservers
	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
	source "${MSHAREDIR}/update_authorized_keys"
	update_authorized_keys
	;;

    'import-subkey'|'import'|'i')
	source "${MSHAREDIR}/import_subkey"
	import_subkey "$@"
	;;

    'gen-subkey'|'g')
	source "${MSHAREDIR}/gen_subkey"
	gen_subkey "$@"
	;;

    'ssh-proxycommand'|'p')
	source "${MSHAREDIR}/ssh_proxycommand"
	ssh_proxycommand "$@"
	;;

    'subkey-to-ssh-agent'|'s')
	source "${MSHAREDIR}/subkey_to_ssh_agent"
	subkey_to_ssh_agent "$@"
	;;

    'sshfpr')
	echo "Warning: 'sshfpr' is deprecated.  Please use 'sshfprs-for-userid' instead." >&2
	gpg_ssh_fingerprint "$@"
	;;

    'keys-for-userid'|'u')
	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
	source "${MSHAREDIR}/keys_for_userid"
	keys_for_userid "$@"
	;;

    'sshfprs-for-userid')
	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
	source "${MSHAREDIR}/keys_for_userid"
	keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr
	;;

    'keys-from-userid')
	echo "Warning: 'keys-from-userid' is deprecated.  Please use 'keys-for-userid' instead." >&2
	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
	source "${MSHAREDIR}/keys_for_userid"
	keys_for_userid "$@"
	;;

    'version'|'--version'|'v')
	version
	;;

    'help'|'--help'|'-h'|'h'|'?')
        usage
        ;;

    *)
        failure "Unknown command: '$COMMAND'
Try '$PGRM help' for usage."
        ;;
esac