Merge remote branch 'dkg/master'

20 files changed, 167 insertions, 22 deletions

diff --git a/changelog b/changelog
index cba8b4e..e29cbaf 100644
--- a/changelog
+++ b/changelog
@@ -3,6 +3,8 @@ monkeysphere (0.29~pre1) UNRELEASED; urgency=low
   * Fix man page typo about monkeysphere authorized_keys location
   * Monkeysphere should work properly even if the user has "armor" in
     their gpg.conf (closes MS #1625)
+  * monkeysphere keys-for-userid now respects MONKEYSPHERE_CHECK_KEYSERVER
+    environment variable (and defaults to true)
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 18 Feb 2010 12:38:43 -0500
 
diff --git a/doc/george/changelog b/doc/george/changelog
index d15814c..ffb7cb0 100644
--- a/doc/george/changelog
+++ b/doc/george/changelog
@@ -6,6 +6,11 @@
 *  Please add new entries in reverse chronological order whenever you make   *
 *  changes to this system (first command at top, last at bottom)             *
 ******************************************************************************
+2010-03-09 - micah
+ 	* setup /srv/micah.monkeysphere.info
+	* replaced /etc/mathopd.conf virtual for daniel with one for me
+	* removed /srv/daniel.monkeysphere.info - not used
+
 2010-03-08 - mjgoins
 	* Adding self to webmaster's authorized_user_ids
 	* updating ikiwiki to use the version from lenny backports 
diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog
index 8dedf58..f3e8171 100644
--- a/doc/zimmermann/changelog
+++ b/doc/zimmermann/changelog
@@ -7,10 +7,32 @@
 *  changes to this system (first command at top, last at bottom)             *
 ******************************************************************************
 
+2010-03-10 - micah
+	* Updated /etc/monkeysphere/*.conf to use zimmermann
+	for the keyserver
+
+2010-03-09 - dkg
+	* transferred the https://z.m.o key from /root/.gnupg into the
+	monkeysphere-host keyring with:
+
+         gpg --export-secret-keys | GNUPGHOME=/var/lib/monkeysphere/host gpg --import
+
+	* used undocumented "monkeysphere-host update-pgp-pub-file" to
+	refresh the output of m-h s.
+
+2010-02-19 - dkg
+	* upgraded to monkeysphere 0.28-1~bpo50+1 (includes gnupg from
+	backports.org)
+
+2010-02-?? - dkg
+	* manually created an OpenPGP certificate for zimmermann's https
+	RSA key, stored in /root/.gnupg; published it to the keyserver
+	network, certified it myself.
+
 2008-11-29 - dkg
 	* zimmermann now uses an X.509 certificate signed by the MF/PL CA
 	for its HTTPS connection.
-	
+
 2008-11-19 - dkg
 	* added 10 SKS peers as a result of feedback from sks-devel.
 	* set localtime to America/New_York via dpkg-reconfigure tzdata
@@ -20,7 +42,7 @@
 	* made nginx proxy plain ol' HTTP on port 80 also so that SKS does
 	not need to try to listen on a privileged port.
 	* turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf
-	
+
 2008-11-19 - mlc
 	* aptitude install nginx
 	* get rid of /etc/nginx/sites-enabled/default
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index 53adf83..ce6e82a 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -21,10 +21,11 @@
 
 # Set whether or not to check keyservers at every monkeysphere
 # interaction, including all ssh connections if you use the
-# monkeysphere ssh-proxycommand.
-# NOTE: setting CHECK_KEYSERVER to true will leak information about
-# the timing and frequency of your ssh connections to the maintainer
-# of the keyserver.
+# monkeysphere ssh-proxycommand.  Leave unset for default behavior
+# (see KEYSERVER CHECKING in monkeysphere(1)), or set to true or false.
+# NOTE: setting CHECK_KEYSERVER explicitly to true will leak
+# information about the timing and frequency of your ssh connections
+# to the maintainer of the keyserver.
 #CHECK_KEYSERVER=true
 
 # The path to the SSH known_hosts file.
@@ -36,3 +37,7 @@
 
 # The path to the SSH authorized_keys file.
 #AUTHORIZED_KEYS=~/.ssh/authorized_keys
+
+# Set to true to enable validation agent during X session startup
+# where available.
+#USE_VALIDATION_AGENT=false
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 6abd36c..4d8eab6 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -201,7 +201,7 @@ added to the given user's authorized_keys file.
 .SH AUTHOR
 
 Written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 
 .SH SEE ALSO
diff --git a/man/man7/monkeysphere.7 b/man/man7/monkeysphere.7
index e4c2bf0..4d1deca 100644
--- a/man/man7/monkeysphere.7
+++ b/man/man7/monkeysphere.7
@@ -1,9 +1,8 @@
-.TH MONKEYSPHERE "7" "March 2009" "monkeysphere" "System Frameworks"
+.TH MONKEYSPHERE "7" "March 2010" "monkeysphere" "System Frameworks"
 
 .SH NAME
 
-monkeysphere - ssh authentication framework using OpenPGP Web of
-Trust
+monkeysphere - ssh and TLS authentication framework using OpenPGP Web of Trust
 
 .SH DESCRIPTION
 
@@ -75,7 +74,7 @@ https://host.example.com[:port]
 .SH AUTHOR
 
 Written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 
 .SH SEE ALSO
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index b2dfbdf..ea9debd 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
@@ -189,7 +194,7 @@ added to the given user's authorized_keys file.
 .SH AUTHOR
 
 This man page was written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
 Matthew Goins <mjgoins@openflows.com>
 
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 4735940..00ea777 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -226,7 +226,7 @@ of all imported secret keys (this is the host's GNUPGHOME directory).
 .SH AUTHOR
 
 This man page was written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
 Matthew Goins <mjgoins@openflows.com>
 
diff --git a/packaging/debian/70monkeysphere_use-validation-agent b/packaging/debian/70monkeysphere_use-validation-agent
new file mode 100644
index 0000000..c3135a8
--- /dev/null
+++ b/packaging/debian/70monkeysphere_use-validation-agent
@@ -0,0 +1,38 @@
+# /etc/X11/Xsession.d/70monkeysphere_use-validation-agent
+
+# This is a script to be sourced by Xsession.  It wraps the session
+# startup argument with a monkeysphere-validation-agent nested
+# process, if available and none already exist.
+
+# Enable this system-wide by setting
+# MONKEYSPHERE_USE_VALIDATION_AGENT=true in
+# /etc/monkeysphere/monkeysphere.conf
+
+# Note that there is some weird interaction between this and
+# dbus-session at the moment: dbus-launch can start the msva just
+# fine, but if msva tries to start dbus-launch, dbus-launch fails
+# with:
+
+# Failed to waitpid() for babysitter intermediate process: No child processes
+
+# So this is placed at position 70 -- *before* the dbus Xsession
+# startup script, which is at 75 as of 2010-03-12, when i wrote this.
+
+# this is also good, because it means that the MSVA will learn about
+# the dbus session parameters, in case we want the agent to use dbus
+# to communicate with the user.
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+MSVAGENT=/usr/bin/monkeysphere-validation-agent
+MSSYSCONFIG=/etc/monkeysphere/monkeysphere.conf
+MSUSERCONFIG="$HOME/.monkeysphere/monkeysphere.conf"
+
+if [ -x "$MSVAGENT" ] ; then
+   if [ "$(USE_VALIDATION_AGENT=
+. "$MSSYSCONFIG" 2>/dev/null
+. "$MSUSERCONFIG" 2>/dev/null || :
+printf '%s' "$USE_VALIDATION_AGENT")" = "true" ] ; then
+        STARTUP="$MSVAGENT $STARTUP"
+    fi
+fi
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 10429fe..d971ee6 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -6,8 +6,11 @@ monkeysphere (0.29~pre1-1) UNRELEASED; urgency=low
   [ Daniel Kahn Gillmor ]
   * bumped Standards-Version to 3.8.4 (no changes needed)
   * indicated bash dependency on version 3.2 or later (see MS #1687)
+  * including /etc/Xsession.d/70monkeysphere_use_validation_agent so that
+    administrators and users can choose to start up a validation agent for
+    each X session using monkeysphere.conf
 
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 18 Feb 2010 12:40:56 -0500
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 12 Mar 2010 01:57:39 -0500
 
 monkeysphere (0.28-1) unstable; urgency=low
 
diff --git a/packaging/debian/control b/packaging/debian/control
index 9a32642..6cd0143 100644
--- a/packaging/debian/control
+++ b/packaging/debian/control
@@ -28,6 +28,7 @@ Depends: openssh-client,
  adduser,
  ${misc:Depends}
 Recommends: netcat | socat, ssh-askpass, cron
+Suggests: monkeysphere-validation-agent
 Enhances: openssh-client, openssh-server
 Description: leverage the OpenPGP web of trust for SSH and TLS authentication
  SSH key-based authentication is tried-and-true, but it lacks a true
diff --git a/packaging/debian/monkeysphere.dirs b/packaging/debian/monkeysphere.dirs
index e07fb2c..3e39efe 100644
--- a/packaging/debian/monkeysphere.dirs
+++ b/packaging/debian/monkeysphere.dirs
@@ -8,3 +8,5 @@ usr/share/man/man1
 usr/share/man/man7
 usr/share/man/man8
 etc/monkeysphere
+etc/X11
+etc/X11/Xsession.d
diff --git a/packaging/debian/monkeysphere.install b/packaging/debian/monkeysphere.install
new file mode 100644
index 0000000..63a2dd7
--- /dev/null
+++ b/packaging/debian/monkeysphere.install
@@ -0,0 +1 @@
+debian/70monkeysphere_use-validation-agent etc/X11/Xsession.d
diff --git a/src/monkeysphere b/src/monkeysphere
index e268058..a763151 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -3,7 +3,7 @@
 # monkeysphere: Monkeysphere client tool
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 # Micah Anderson <micah@riseup.net>
@@ -276,6 +276,7 @@ case $COMMAND in
 	;;
 
     'keys-for-userid'|'u')
+	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
 	keys_for_userid "$@"
 	;;
 
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 12e7bad..a5db8c1 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -74,7 +74,7 @@ EOF
 
 # function to interact with the gpg keyring
 gpg_host() {
-    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@"
+    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-auto-check-trustdb --no-greeting --quiet --no-tty "$@"
 }
 
 # list the info about the a key, in colon format, to stdout
@@ -239,7 +239,7 @@ prompt_userid_exists() {
     if gpgOut=$(gpg_host_list_keys "=${userID}" 2>/dev/null) ; then
 	fingerprint=$(echo "$gpgOut" | grep '^fpr:' | cut -d: -f10)
 	if [ "$PROMPT" != "false" ] ; then
-	    printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$fingerprint" "$userID" >&2
+	    printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$userID" "$fingerprint" >&2
 	    read OK; OK=${OK:=N}
 	    if [ "${OK/y/Y}" != 'Y' ] ; then
 		failure "Service name not added."
@@ -268,7 +268,7 @@ multi_key() {
 
     for key in $keys ; do
 	if (( i++ > 0 )) ; then
-	    echo "##############################"
+	    printf "\n"
 	fi
 	"$cmd" "$key"
     done
@@ -309,8 +309,9 @@ show_key() {
     # FIXME: make no-show-keyring work so we don't have to do the grep'ing
     # FIXME: can we show uid validity somehow?
     gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
-	| grep -v "^${GNUPGHOME}/pubring.gpg$" \
-	| egrep -v '^-+$'
+        | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+        | egrep -v '^-+$' \
+        | grep -v '^$'
 
     # list revokers, if there are any
     revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \
@@ -320,7 +321,6 @@ show_key() {
 	for key in $revokers ; do
 	    echo "revoker: $key"
 	done
-	echo
     fi
 
     # list the pgp fingerprint
diff --git a/src/share/common b/src/share/common
index 37f5305..cabc378 100644
--- a/src/share/common
+++ b/src/share/common
@@ -581,6 +581,10 @@ gpg_fetch_userid() {
 	--search ="$userID" &>/dev/null
     returnCode="$?"
 
+    if [ "$returnCode" != 0 ] ; then
+        log error "Failure ($returnCode) searching keyserver $KEYSERVER for user id '$userID'"
+    fi
+
     return "$returnCode"
 }
 
diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index 38a3222..789eb9d 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -4,7 +4,7 @@
 # Monkeysphere authentication list-certifiers subcommand
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6c75fef..f965487 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -43,6 +43,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
+keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
diff --git a/website/validation-agent.mdwn b/website/validation-agent.mdwn
new file mode 100644
index 0000000..d95e7d4
--- /dev/null
+++ b/website/validation-agent.mdwn
@@ -0,0 +1,32 @@
+[[!meta title="Monkeysphere Validation Agent"]]
+
+# Monkeysphere Validation Agent #
+
+The Monkeysphere Validation Agent offers a local service for systems
+to validate certificates (both X.509 and OpenPGP) and other public
+keys in their proper contexts.  
+
+Among other reasons, having a validation agent is a good thing
+because:
+
+* Multiple tools can rely on the same PKI (e.g. the user's web browser
+  and the user's ssh client).
+* A single validation agent can present a consistent UI to the user
+  (when used in an end-user context), or provide a unified trust model
+  to various services (when used in a server-side context).
+* Authentication/certificate validation code can potentially be
+  isolated to a protected environment.
+ 
+## Implementations ##
+
+There are currently two implementations of the validation agent:
+
+ * msva-perl
+ * msva-ruby
+
+## Protocol ##
+
+The Monkeysphere Validation Agent protocol (MSVA) is defined as a
+minimal HTTP server with JSON-encapsulated requests and responses.
+You may want to read [more protocol details](protocol).
+
diff --git a/website/validation-agent/protocol.mdwn b/website/validation-agent/protocol.mdwn
new file mode 100644
index 0000000..4e6811a
--- /dev/null
+++ b/website/validation-agent/protocol.mdwn
@@ -0,0 +1,24 @@
+[[!meta title="Validation Agent Protocol"]]
+
+# Validation Agent Protocol #
+
+In its current form, the
+[Monkeysphere Validation Agent](/validation-agent) is conceived of as
+a minimalistic HTTP server that accepts two different requests:
+
+ GET /  -- initial contact query, protocol version compatibility.
+  (no query parameters)
+  (returns: protoversion, server, available)
+
+ POST /reviewcert  -- request validation of a certificate
+  (query parameters: uid, context, pkc)
+  (returns: valid, message)
+
+Query parameters are posted as a JSON blob (*not* as
+www-form-encoded).
+
+The variables that are returned are application/json as well.
+
+* PKC means: public key carrier: raw key, OpenPGP cert, or X.509 cert
+* UID means: User ID (like in OpenPGP)
+* context refers to the setting in which the certificate is offered.  For example, "https" means: "this certificate was offered by an HTTPS server"