diff options
| author | joe <joe@jerkface.net> | 2016-08-29 22:24:08 -0400 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2016-08-29 22:24:08 -0400 |
| commit | 78c2c3753e69818aa7fd5d3a0354fea5d0fc452b (patch) | |
| tree | 9f1b155c07db63d22f01e04198d00b89a109f6b9 | |
| parent | 63af3d0f3d149b110e172223c18afacd77a172f8 (diff) | |
cokiki build fix & show --packets option.
| -rw-r--r-- | cokiki.hs | 9 | ||||
| -rw-r--r-- | kiki.cabal | 1 | ||||
| -rw-r--r-- | kiki.hs | 6 | ||||
| -rw-r--r-- | lib/GnuPGAgent.hs | 3 | ||||
| -rw-r--r-- | lib/KeyRing.hs | 24 | ||||
| -rw-r--r-- | lib/PacketTranscoder.hs | 5 |
6 files changed, 39 insertions, 9 deletions
| @@ -19,6 +19,7 @@ import System.Exit | |||
| 19 | import System.IO | 19 | import System.IO |
| 20 | import System.Posix.User | 20 | import System.Posix.User |
| 21 | import CommandLine | 21 | import CommandLine |
| 22 | import Data.OpenPGP (SymmetricAlgorithm(Unencrypted)) | ||
| 22 | 23 | ||
| 23 | usage = unlines | 24 | usage = unlines |
| 24 | [ "cokiki <command> [--chroot=ROOTDIR]" | 25 | [ "cokiki <command> [--chroot=ROOTDIR]" |
| @@ -116,7 +117,7 @@ sshClient uid root cmn = whenRoot uid root cmn $ do | |||
| 116 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' | 117 | maybe (return ()) (myWriteFile (root "/etc/ssh/ssh_config") . unparseSshConfig) sshconfig' |
| 117 | 118 | ||
| 118 | -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... | 119 | -- /var/cache/kiki/config/ssh_known_hosts <-- contains known hosts from /root/.gnupg/... |
| 119 | Kiki.importAndRefresh root cmn | 120 | Kiki.importAndRefresh root cmn Unencrypted |
| 120 | 121 | ||
| 121 | sshServer uid root cmn = whenRoot uid root cmn $ do | 122 | sshServer uid root cmn = whenRoot uid root cmn $ do |
| 122 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") | 123 | sshconfig <- parseSshConfig . fromMaybe "" <$> maybeReadFile (root "/etc/ssh/sshd_config") |
| @@ -129,7 +130,7 @@ sshServer uid root cmn = whenRoot uid root cmn $ do | |||
| 129 | hPutStrLn stderr "adding HostKey directive" | 130 | hPutStrLn stderr "adding HostKey directive" |
| 130 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' | 131 | myWriteFile (root "/etc/ssh/sshd_config") $ unparseSshConfig sshconfig' |
| 131 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. | 132 | -- /etc/ssh/sshd_config <-- 'HostKey /var/cache/kiki/config/ssh_host_ecdsa_key' etc. |
| 132 | Kiki.importAndRefresh root cmn | 133 | Kiki.importAndRefresh root cmn Unencrypted |
| 133 | 134 | ||
| 134 | strongswan uid root cmn = whenRoot uid root cmn $ do | 135 | strongswan uid root cmn = whenRoot uid root cmn $ do |
| 135 | -- Parsing as if ssh config, that's not right, but good enough for now. | 136 | -- Parsing as if ssh config, that's not right, but good enough for now. |
| @@ -143,7 +144,7 @@ strongswan uid root cmn = whenRoot uid root cmn $ do | |||
| 143 | hPutStrLn stderr "adding include directive" | 144 | hPutStrLn stderr "adding include directive" |
| 144 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' | 145 | myWriteFile (root "/etc/ipsec.conf") $ unparseSshConfig ipsecconf' |
| 145 | -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' | 146 | -- etc/ipsec.conf <-- 'include /var/cache/kiki/ipsec.conf' |
| 146 | Kiki.importAndRefresh root cmn | 147 | Kiki.importAndRefresh root cmn Unencrypted |
| 147 | 148 | ||
| 148 | configureTor uid root cmn = whenRoot uid root cmn $ do | 149 | configureTor uid root cmn = whenRoot uid root cmn $ do |
| 149 | -- Parsing as if ssh config, that's not right, but good enough for now. | 150 | -- Parsing as if ssh config, that's not right, but good enough for now. |
| @@ -197,7 +198,7 @@ configureTor uid root cmn = whenRoot uid root cmn $ do | |||
| 197 | , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"] | 198 | , ["HiddenServicePort"," ","22"," ","127.0.0.1:22"] |
| 198 | , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ] | 199 | , ["HiddenServicePort"," ","25"," ","127.0.0.1:25"] ] |
| 199 | myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc' | 200 | myWriteFile (root "/etc/tor/torrc") $ unparseSshConfig torrc' |
| 200 | Kiki.importAndRefresh root cmn | 201 | Kiki.importAndRefresh root cmn Unencrypted |
| 201 | return () | 202 | return () |
| 202 | 203 | ||
| 203 | 204 | ||
| @@ -70,6 +70,7 @@ Executable cokiki | |||
| 70 | unix, | 70 | unix, |
| 71 | directory, | 71 | directory, |
| 72 | deepseq, | 72 | deepseq, |
| 73 | openpgp-util, | ||
| 73 | kiki | 74 | kiki |
| 74 | 75 | ||
| 75 | library | 76 | library |
| @@ -306,6 +306,10 @@ show_all db = do | |||
| 306 | let Message packets = flattenKeys True db | 306 | let Message packets = flattenKeys True db |
| 307 | putStrLn $ listKeys packets | 307 | putStrLn $ listKeys packets |
| 308 | 308 | ||
| 309 | show_packets puborsec db = do | ||
| 310 | let Message packets = flattenKeys (case puborsec of { "sec":_ -> False; _ -> True }) db | ||
| 311 | forM_ packets $ putStrLn . showPacket | ||
| 312 | |||
| 309 | show_whose_key input_key db = | 313 | show_whose_key input_key db = |
| 310 | flip (maybe $ return ()) input_key $ \input_key -> do | 314 | flip (maybe $ return ()) input_key $ \input_key -> do |
| 311 | let ks = whoseKey input_key db | 315 | let ks = whoseKey input_key db |
| @@ -1220,6 +1224,7 @@ kiki "show" args = do | |||
| 1220 | , ("--dump",0) --("--show-all",0) | 1224 | , ("--dump",0) --("--show-all",0) |
| 1221 | , ("--all",0) --("--show-all",0) | 1225 | , ("--all",0) --("--show-all",0) |
| 1222 | , ("--whose-key",0) | 1226 | , ("--whose-key",0) |
| 1227 | , ("--packets",1) | ||
| 1223 | , ("--key",1) | 1228 | , ("--key",1) |
| 1224 | , ("--pem",1) | 1229 | , ("--pem",1) |
| 1225 | , ("--dns",1) | 1230 | , ("--dns",1) |
| @@ -1271,6 +1276,7 @@ kiki "show" args = do | |||
| 1271 | let shspec = Map.fromList [("--working", const $ show_wk (rtSecring rt) grip) | 1276 | let shspec = Map.fromList [("--working", const $ show_wk (rtSecring rt) grip) |
| 1272 | ,("--all",const show_all) | 1277 | ,("--all",const show_all) |
| 1273 | ,("--whose-key", const $ show_whose_key input_key) | 1278 | ,("--whose-key", const $ show_whose_key input_key) |
| 1279 | ,("--packets", show_packets) | ||
| 1274 | ,("--key",\[x] -> show_id x $ fromMaybe "" grip) | 1280 | ,("--key",\[x] -> show_id x $ fromMaybe "" grip) |
| 1275 | ,("--pem",\[x] -> show_pem x $ fromMaybe "" grip) | 1281 | ,("--pem",\[x] -> show_pem x $ fromMaybe "" grip) |
| 1276 | ,("--dns",\[x] -> show_dns x $ fromMaybe "" grip) | 1282 | ,("--dns",\[x] -> show_dns x $ fromMaybe "" grip) |
diff --git a/lib/GnuPGAgent.hs b/lib/GnuPGAgent.hs index 5878357..7161b92 100644 --- a/lib/GnuPGAgent.hs +++ b/lib/GnuPGAgent.hs | |||
| @@ -7,7 +7,8 @@ module GnuPGAgent | |||
| 7 | , QueryMode(..) | 7 | , QueryMode(..) |
| 8 | , getPassphrase | 8 | , getPassphrase |
| 9 | , clearPassphrase | 9 | , clearPassphrase |
| 10 | , quit ) where | 10 | , quit |
| 11 | , key_nbits) where | ||
| 11 | 12 | ||
| 12 | import Debug.Trace | 13 | import Debug.Trace |
| 13 | import Control.Monad | 14 | import Control.Monad |
diff --git a/lib/KeyRing.hs b/lib/KeyRing.hs index 8a23ff9..84d484d 100644 --- a/lib/KeyRing.hs +++ b/lib/KeyRing.hs | |||
| @@ -114,6 +114,7 @@ module KeyRing | |||
| 114 | , resolveForReport | 114 | , resolveForReport |
| 115 | , KeyKey -- needed for Type sigs | 115 | , KeyKey -- needed for Type sigs |
| 116 | , makeMemoizingDecrypter | 116 | , makeMemoizingDecrypter |
| 117 | , showPacket | ||
| 117 | ) where | 118 | ) where |
| 118 | 119 | ||
| 119 | import System.Environment | 120 | import System.Environment |
| @@ -1983,9 +1984,26 @@ showPacket :: Packet -> String | |||
| 1983 | showPacket p | isKey p = (if is_subkey p | 1984 | showPacket p | isKey p = (if is_subkey p |
| 1984 | then showPacket0 p | 1985 | then showPacket0 p |
| 1985 | else ifSecret p "----Secret-----" "----Public-----") | 1986 | else ifSecret p "----Secret-----" "----Public-----") |
| 1986 | ++ " "++show (key_algorithm p)++" "++fingerprint p | 1987 | ++ " "++fingerprint p |
| 1987 | | isUserID p = showPacket0 p ++ " " ++ show (uidkey p) | 1988 | ++ " "++show (key_algorithm p) |
| 1988 | | otherwise = showPacket0 p | 1989 | ++ case key_nbits p of { 0 -> ""; n -> "("++show n++")" } |
| 1990 | | isUserID p = showPacket0 p ++ " " ++ show (uidkey p) | ||
| 1991 | -- | isSignaturePacket p = showPacket0 p ++ maybe "" ((++) (" ^ signed"++sigusage p++": ")) (signature_issuer p) | ||
| 1992 | | isSignaturePacket p = showPacket0 p ++ maybe "" (" ^ signed: "++) (signature_issuer p) ++ sigusage p | ||
| 1993 | | otherwise = showPacket0 p | ||
| 1994 | where | ||
| 1995 | sigusage p = | ||
| 1996 | case take 1 (tagStrings p) of | ||
| 1997 | [] -> "" | ||
| 1998 | tag:_ -> " "++show tag -- "("++tag++")" | ||
| 1999 | where | ||
| 2000 | tagStrings p = usage_tags ++ flags | ||
| 2001 | where | ||
| 2002 | usage_tags = mapMaybe usage xs | ||
| 2003 | flags = mapMaybe (fmap usageString . keyflags) xs | ||
| 2004 | xs = hashed_subpackets p | ||
| 2005 | |||
| 2006 | |||
| 1989 | showPacket0 p = concat . take 1 $ words (show p) | 2007 | showPacket0 p = concat . take 1 $ words (show p) |
| 1990 | 2008 | ||
| 1991 | 2009 | ||
diff --git a/lib/PacketTranscoder.hs b/lib/PacketTranscoder.hs index 07f235c..6d1d9b8 100644 --- a/lib/PacketTranscoder.hs +++ b/lib/PacketTranscoder.hs | |||
| @@ -19,6 +19,7 @@ import System.IO ( stderr) | |||
| 19 | import System.Posix.IO ( fdToHandle ) | 19 | import System.Posix.IO ( fdToHandle ) |
| 20 | import Text.Show.Pretty as PP ( ppShow ) | 20 | import Text.Show.Pretty as PP ( ppShow ) |
| 21 | import Types | 21 | import Types |
| 22 | import ControlMaybe (handleIO_) | ||
| 22 | 23 | ||
| 23 | -- | Merge two representations of the same key, prefering secret version | 24 | -- | Merge two representations of the same key, prefering secret version |
| 24 | -- because they have more information. | 25 | -- because they have more information. |
| @@ -168,6 +169,7 @@ makeMemoizingDecrypter operation ctx (workingkey,keys) = do | |||
| 168 | -- in the 'locations' field, so this would effectively | 169 | -- in the 'locations' field, so this would effectively |
| 169 | -- allow you to run 'decryptIt' on an unencrypted public key | 170 | -- allow you to run 'decryptIt' on an unencrypted public key |
| 170 | -- to obtain it's secret key. | 171 | -- to obtain it's secret key. |
| 172 | handleIO_ (decryptIt []) $ do | ||
| 171 | (pw,wants_retry) <- getpw (count,qry) | 173 | (pw,wants_retry) <- getpw (count,qry) |
| 172 | let wkun = fromMaybe wk $ do | 174 | let wkun = fromMaybe wk $ do |
| 173 | guard $ symmetric_algorithm (packet mp) /= Unencrypted | 175 | guard $ symmetric_algorithm (packet mp) /= Unencrypted |
| @@ -218,11 +220,12 @@ makeMemoizingDecrypter operation ctx (workingkey,keys) = do | |||
| 218 | | otherwise = return () | 220 | | otherwise = return () |
| 219 | clear | 221 | clear |
| 220 | let sanitizeQry qry = (fingerprint $ queryPacket qry, queryUID qry, fmap fingerprint $ queryMainKey qry) | 222 | let sanitizeQry qry = (fingerprint $ queryPacket qry, queryUID qry, fmap fingerprint $ queryMainKey qry) |
| 221 | putStrLn $ "(count,firsttime,ask,qry,actual_qry)="++show (count,firsttime,ask,sanitizeQry qry, sanitizeQry actual_qry) | 223 | -- putStrLn $ "(count,firsttime,ask,qry,actual_qry)="++show (count,firsttime,ask,sanitizeQry qry, sanitizeQry actual_qry) |
| 222 | mbpw <- getPassphrase s ask actual_qry | 224 | mbpw <- getPassphrase s ask actual_qry |
| 223 | quit s | 225 | quit s |
| 224 | return ( maybe "" S8.pack mbpw, guard (ask /= AskNew) >> Just clear ) | 226 | return ( maybe "" S8.pack mbpw, guard (ask /= AskNew) >> Just clear ) |
| 225 | 227 | ||
| 228 | -- putStrLn $ concat [show (symmetric_algorithm wk,s2k wk)," --> ",show (dest_alg,dest_s2k)] | ||
| 226 | if symmetric_algorithm wk == dest_alg | 229 | if symmetric_algorithm wk == dest_alg |
| 227 | && ( symmetric_algorithm wk == Unencrypted || s2k wk == dest_s2k ) | 230 | && ( symmetric_algorithm wk == Unencrypted || s2k wk == dest_s2k ) |
| 228 | then return (KikiSuccess wk) | 231 | then return (KikiSuccess wk) |