Merge commit 'dkg/master'

author: Matt Goins <mjgoins@openflows.com> 2009-01-07 16:45:25 -0500
committer: Matt Goins <mjgoins@openflows.com> 2009-01-07 16:45:25 -0500
commit: 499aa3840041d9ddd5c680adce059260059aabf9 (patch)
tree: 4c9d2c144e69213fbc9b1f76ba9bc20e7152439b
parent: c3b912f2506c3a150f128a77317085cea599a814 (diff)
parent: f8344402aebe5f0497a81934b980b9ed6ea7a6a2 (diff)
21 files changed, 568 insertions, 174 deletions
diff --git a/COPYING b/COPYING
index c4aa418..a74c8cc 100644
--- a/COPYING
+++ b/COPYING
@@ -2,7 +2,7 @@ Monkeysphere is a system to use the OpenPGP web-of-trust to
 authenticate and encrypt ssh connections.
 
 It is free software, developed by:
-  Jameson Rollins <jrollins@fifthhorseman.net>
+  Jameson Graef Rollins <jrollins@finestructure.net>
   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
   Jamie McClelland <jamie@mayfirst.org>
   Micah Anderson <micah@riseup.net>
diff --git a/Makefile b/Makefile
index 7493b1f..e40c4b1 100755
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,7 @@ tarball: clean
 
 debian-package: tarball
 	tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
+	sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common
 	cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION)
 	(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
 	rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 2aaa9ca..a282c58 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -3,8 +3,13 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low
   * New upstream release:
     - added better checks for the existence of a host private key for
       functions that require it to be there.
+    - add checks for root users, for functions where it is required.
+    - get rid of getopts.
+    - added version output option
+    - check that existing authentication keys are valid in gen_key
+      function.
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Sun, 30 Nov 2008 17:14:50 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Tue, 30 Dec 2008 20:21:16 -0500
 
 monkeysphere (0.22-1) unstable; urgency=low
 
diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile
index 976f543..24f9b2b 100644
--- a/packaging/freebsd/security/monkeysphere/Makefile
+++ b/packaging/freebsd/security/monkeysphere/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      monkeysphere
-PORTVERSION=   0.22~pre
+PORTVERSION=   0.22
 CATEGORIES=    security
 MASTER_SITES=  http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
 # hack for debian orig tarballs
diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo
index 51edfbe..d6c6e5e 100644
--- a/packaging/freebsd/security/monkeysphere/distinfo
+++ b/packaging/freebsd/security/monkeysphere/distinfo
@@ -1,3 +1,3 @@
-MD5 (monkeysphere_0.22~pre.orig.tar.gz) = fd19f09ed9a720f673d74c9cb58e9d6d
-SHA256 (monkeysphere_0.22~pre.orig.tar.gz) = 337c7fdb93b697fba5a9e35cdff2b5faf0e4914fd8beab7994b456d58d19abb6
-SIZE (monkeysphere_0.22~pre.orig.tar.gz) = 69345
+MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6
+SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24
+SIZE (monkeysphere_0.22.orig.tar.gz) = 70245
diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation
index 99c9604..e41c479 100644
--- a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation
+++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation
@@ -20,3 +20,14 @@
  export SYSSHAREDIR
  . "${SYSSHAREDIR}/common" || exit 1
  
+--- src/monkeysphere-ssh-proxycommand.orig
++++ src/monkeysphere-ssh-proxycommand
+@@ -16,7 +16,7 @@
+ ########################################################################
+ PGRM=$(basename $0)
+ 
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
+ 
diff --git a/src/common b/src/common
index f6000d3..eb3a083 100644
--- a/src/common
+++ b/src/common
@@ -19,6 +19,9 @@
 SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
 export SYSCONFIGDIR
 
+# monkeysphere version
+VERSION=__VERSION__
+
 ########################################################################
 ### UTILITY FUNCTIONS
 
diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp
new file mode 100755
index 0000000..2fa221d
--- /dev/null
+++ b/src/keytrans/pem2openpgp
@@ -0,0 +1,252 @@
+#!/usr/bin/perl -w -T
+
+# pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
+# User ID as the first argument, and generate an OpenPGP certificate
+# from it.
+
+# Usage:
+
+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
+
+# Authors:
+#  Jameson Rollins <jrollins@finestructure.net>
+#  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Started on: 2009-01-07 02:01:19-0500
+
+# License: GPL v3 or later (we may need to adjust this given that this
+# connects to OpenSSL via perl)
+
+use strict;
+use warnings;
+use Crypt::OpenSSL::RSA;
+use Crypt::OpenSSL::Bignum;
+use Digest::SHA1;
+use MIME::Base64;
+
+## make sure all length() and substr() calls use bytes only:
+use bytes;
+
+my $uid = shift;
+
+# FIXME: fail if there is no given user ID; or should we default to
+# hostname_long() from Sys::Hostname::Long ?
+
+# make an old-style packet out of the given packet type and body.
+# old-style  (see RFC 4880 section 4.2)
+sub make_packet {
+  my $type = shift;
+  my $body = shift;
+
+  my $len = length($body);
+
+  my $lenbytes;
+  my $lencode;
+
+  if ($len < 2**8) {
+    $lenbytes = 0;
+    $lencode = 'C';
+  } elsif ($len < 2**16) {
+    $lenbytes = 1;
+    $lencode = 'n';
+  } elsif ($len < 2**31) {
+    ## not testing against full 32 bits because i don't want to deal
+    ## with potential overflow.
+    $lenbytes = 2;
+    $lencode = 'N';
+  } else {
+    ## what the hell do we do here?
+    $lenbytes = 3;
+    $lencode = '';
+  }
+
+  return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len).
+    $body;
+}
+
+
+# takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI
+# (RFC 4880 section 3.2)
+sub mpi_pack {
+  my $num = shift;
+
+  my $val = $num->to_bin();
+  my $mpilen = length($val)*8;
+
+# this is a kludgy way to get the number of significant bits in the
+# first byte:
+  my $bitsinfirstbyte = length(sprintf("%b", ord($val)));
+
+  $mpilen -= (8 - $bitsinfirstbyte);
+
+  return pack('n', $mpilen).$val;
+}
+
+# FIXME: genericize this to accept either RSA or DSA keys:
+sub make_rsa_pub_key_body {
+  my $key = shift;
+  my $timestamp = shift;
+
+  my ($n, $e) = $key->get_key_parameters();
+
+  return
+    pack('CN', 4, $timestamp).
+      pack('C', 1). # RSA
+	mpi_pack($n).
+	  mpi_pack($e);
+
+}
+
+# expects an RSA key (public or private) and a timestamp
+sub fingerprint {
+  my $key = shift;
+  my $timestamp = shift;
+
+  my $rsabody = make_rsa_pub_key_body($key, $timestamp);
+
+  return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+}
+
+# FIXME: make tables of relevant identifiers: digest algorithms,
+# ciphers, asymmetric crypto, packet types, subpacket types, signature
+# types.  As these are created, replace the opaque numbers below with
+# semantically-meaningful code.
+
+# see RFC 4880 section 5.2.3.21
+my $usage_flags = { certify => 0x01,
+		    sign => 0x02,
+		    encrypt_comms => 0x04,
+		    encrypt_storage => 0x08,
+		    encrypt => 0x0c, ## both comms and storage
+		    split => 0x10, # the private key is split via secret sharing
+		    authenticate => 0x20,
+		    shared => 0x80, # more than one person holds the entire private key
+		  };
+
+
+# we're just not dealing with newline business right now.  slurp in
+# the whole file.
+undef $/;
+my $buf = <STDIN>;
+
+
+my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
+
+$rsa->use_sha1_hash();
+$rsa->use_no_padding();
+
+if (! $rsa->check_key()) {
+  die "key does not check";
+}
+
+my $version = pack('C', 4);
+# strong assertion of identity:
+my $sigtype = pack('C', 0x13);
+# RSA
+my $pubkey_algo = pack('C', 1);
+# SHA1
+my $hash_algo = pack('C', 2);
+
+# FIXME: i'm worried about generating a bazillion new OpenPGP
+# certificates from the same key, which could easily happen if you run
+# this script more than once against the same key.  How can we prevent
+# this?
+
+# could an environment variable (if set) override the current time?
+my $timestamp = time();
+
+my $creation_time_packet = pack('CCN', 5, 2, $timestamp);
+
+
+# FIXME: HARDCODED: what if someone wants to select a different set of
+# usage flags?  For now, we do only authentication.
+my $flags = $usage_flags->{authenticate};
+my $usage_packet = pack('CCC', 2, 27, $flags);
+
+
+# FIXME: HARDCODED: how should we determine how far off to set the
+# expiration date?  default is to expire in 2 days, which is insanely
+# short (but good for testing).
+my $expires_in = 86400*2;
+my $expiration_packet = pack('CCN', 5, 9, $expires_in);
+
+
+# prefer AES-256, AES-192, AES-128, CAST5, 3DES:
+my $pref_sym_algos = pack('CCCCCCC', 6, 11, 9, 8, 7, 3, 2);
+
+# prefer SHA-1, SHA-256, RIPE-MD/160
+my $pref_hash_algos = pack('CCCCC', 4, 21, 2, 8, 3);
+
+# prefer ZLIB, BZip2, ZIP
+my $pref_zip_algos = pack('CCCCC', 4, 22, 2, 3, 1);
+
+# we support the MDC feature:
+my $features = pack('CCC', 2, 30, 1);
+
+# keyserver preference: only owner modify (???):
+my $keyserver_pref = pack('CCC', 2, 23, 0x80);
+
+my $subpackets_to_be_hashed =
+  $creation_time_packet.
+  $usage_packet.
+  $expiration_packet.
+  $pref_sym_algos.
+  $pref_hash_algos.
+  $pref_zip_algos.
+  $features.
+  $keyserver_pref;
+
+my $subpacket_octets = pack('n', length($subpackets_to_be_hashed));
+
+my $sig_data_to_be_hashed =
+  $version.
+  $sigtype.
+  $pubkey_algo.
+  $hash_algo.
+  $subpacket_octets.
+  $subpackets_to_be_hashed;
+
+my $pubkey = make_rsa_pub_key_body($rsa, $timestamp);
+
+#open(KEYFILE, "</home/wt215/gpg-test/key-data");
+my $key_data = make_packet(6, $pubkey);
+
+# take the last 8 bytes of the fingerprint as the keyid:
+my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8);
+
+# the v4 signature trailer is:
+
+# version number, literal 0xff, and then a 4-byte count of the
+# signature data itself.
+my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed));
+
+my $uid_data =
+  pack('CN', 0xb4, length($uid)).
+  $uid;
+
+my $datatosign =
+  $key_data.
+  $uid_data.
+  $sig_data_to_be_hashed.
+  $trailer;
+
+my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+
+
+my $issuer_packet = pack('CCa8', 9, 16, $keyid);
+
+my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
+
+my $sig_body =
+  $sig_data_to_be_hashed.
+  pack('n', length($issuer_packet)).
+  $issuer_packet.
+  pack('n', hex(substr($data_hash, 0, 4))).
+  mpi_pack($sig);
+
+print
+  make_packet(6, $pubkey).
+  make_packet(13, $uid).
+  make_packet(2, $sig_body);
+
+
diff --git a/src/monkeysphere b/src/monkeysphere
index 523ddfe..5444cb0 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -45,6 +45,7 @@ subcommands:
    --length (-l) BITS                  key length in bits (2048)
    --expire (-e) EXPIRE                date to expire
  subkey-to-ssh-agent (s)             store authentication subkey in ssh-agent
+ version (v)                         show version number
  help (h,?)                          this help
 
 EOF
@@ -63,15 +64,6 @@ gen_subkey(){
     keyExpire=
 
     # get options
-    TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed!  Does your getopt support GNU-style long options?"
-
-    if [ $? != 0 ] ; then
-	exit 1
-    fi
-
-    # Note the quotes around `$TEMP': they are essential!
-    eval set -- "$TEMP"
-
     while true ; do
 	case "$1" in
 	    -l|--length)
@@ -82,51 +74,69 @@ gen_subkey(){
 		keyExpire="$2"
 		shift 2
 		;;
-	    --)
-		shift
-		;;
-            *)
+	    *)
+		if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+		    failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+		fi
 		break
 		;;
 	esac
     done
 
-    if [ -z "$1" ] ; then
-	# find all secret keys
-	keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u)
-	# if multiple sec keys exist, fail
-	if (( $(echo "$keyID" | wc -l) > 1 )) ; then
-	    echo "Multiple secret keys found:"
-	    echo "$keyID"
+    case "$#" in
+	0)
+	    gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+	    ;;
+	1)
+	    gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
+	    ;;
+	*)
+	    failure "You must specify only a single primary key ID."
+	    ;;
+    esac
+
+    # check that only a single secret key was found
+    case $(echo "$gpgSecOut" | grep -c '^sec:') in
+	0)
+	    failure "No secret keys found.  Create an OpenPGP key with the following command:
+ gpg --gen-key"
+	    ;;
+	1)
+	    keyID=$(echo "$gpgSecOut" | cut -d: -f5)
+	    ;;
+	*)
+	    echo "Multiple primary secret keys found:"
+	    echo "$gpgSecOut" | cut -d: -f5
 	    failure "Please specify which primary key to use."
+	    ;;
+    esac
+
+    # check that a valid authentication key does not already exist
+    IFS=$'\n'
+    for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+	type=$(echo "$line" | cut -d: -f1)
+	validity=$(echo "$line" | cut -d: -f2)
+	usage=$(echo "$line" | cut -d: -f12)
+
+	# look at keys only
+	if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
+	    continue
 	fi
-    else
-	keyID="$1"
-    fi
-    if [ -z "$keyID" ] ; then
-	failure "You have no secret key available.  You should create an OpenPGP
-key before joining the monkeysphere. You can do this with:
-   gpg --gen-key"
-    fi
-
-    # get key output, and fail if not found
-    gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \
-	"$keyID") || failure
-
-    # fail if multiple sec lines are returned, which means the id
-    # given is not unique
-    if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then
-	failure "Key ID '$keyID' is not unique."
-    fi
-
-    # prompt if an authentication subkey already exists
-    if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then
-	echo "An authentication subkey already exists for key '$keyID'."
-	read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
-	if [ "${OK/y/Y}" != 'Y' ] ; then
-	    failure "aborting."
+	# check for authentication capability
+	if ! check_capability "$usage" 'a' ; then
+	    continue
 	fi
-    fi
+	# if authentication key is valid, prompt to continue
+	if [ "$validity" = 'u' ] ; then
+	    echo "A valid authentication key already exists for primary key '$keyID'."
+	    read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
+	    if [ "${OK/y/Y}" != 'Y' ] ; then
+		failure "aborting."
+	    fi
+	    break
+	fi
+    done
 
     # set subkey defaults
     # prompt about key expiration if not specified
@@ -151,6 +161,7 @@ EOF
     (umask 077 && mkfifo "$fifoDir/pass")
     echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
 
+    # FIXME: this needs to fail more gracefully if the passphrase is incorrect
     passphrase_prompt  "Please enter your passphrase for $keyID: " "$fifoDir/pass"
 
     rm -rf "$fifoDir"
@@ -373,6 +384,10 @@ case $COMMAND in
 	subkey_to_ssh_agent "$@"
 	;;
 
+    'version'|'v')
+	echo "$VERSION"
+	;;
+
     '--help'|'help'|'-h'|'h'|'?')
         usage
         ;;
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index c4f6985..ba3fa8d 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -66,6 +66,7 @@ subcommands:
 
  gpg-authentication-cmd CMD          gnupg-authentication command
 
+ version (v)                         show version number
  help (h,?)                          this help
 
 EOF
@@ -117,40 +118,59 @@ gpg_authentication() {
     su_monkeysphere_user "gpg $@"
 }
 
-# function to check for host secret keys
-# fails if host sec key exists, exits true otherwise
-check_host_keyring() {
-    if ! gpg_host --list-secret-keys --fingerprint \
-	--with-colons --fixed-list-mode 2>/dev/null | grep -q '^sec:' ; then
+# check if user is root
+is_root() {
+    [ $(id -u 2>/dev/null) = '0' ]
+}
 
-	failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-server gen-key' first."
-    fi
+# check that user is root, for functions that require root access
+check_user() {
+    is_root || failure "You must be root to run this command."
 }
 
 # output just key fingerprint
 fingerprint_server_key() {
+    # set the pipefail option so functions fails if can't read sec key
+    set -o pipefail
+
     gpg_host --list-secret-keys --fingerprint \
 	--with-colons --fixed-list-mode 2> /dev/null | \
-	grep '^fpr:' | head -1 | cut -d: -f10
+	grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
+}
+
+# function to check for host secret key
+check_host_keyring() {
+    fingerprint_server_key >/dev/null \
+	|| failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-server gen-key' first."
 }
 
 # output key information
 show_server_key() {
-    local fingerprint
-    local tmpkey
+    local fingerprintPGP
+    local fingerprintSSH
+    local ret=0
 
-    fingerprint=$(fingerprint_server_key)
-    gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
-
-    # do some crazy "Here Strings" redirection to get the key to
-    # ssh-keygen, since it doesn't read from stdin cleanly
-    echo -n "ssh fingerprint: "
-    ssh-keygen -l -f /dev/stdin \
-	<<<$(gpg_authentication "--export $fingerprint" | \
-	openpgp2ssh "$fingerprint" 2>/dev/null) | \
-	awk '{ print $1, $2, $4 }'
-    echo -n "OpenPGP fingerprint: "
-    echo "$fingerprint"
+    # FIXME: you shouldn't have to be root to see the host key fingerprint
+    if is_root ; then
+	check_host_keyring
+	fingerprintPGP=$(fingerprint_server_key)
+	gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+	echo "OpenPGP fingerprint: $fingerprintPGP"
+    else
+	log info "You must be root to see host OpenPGP fingerprint."
+	ret='1'
+    fi
+
+    if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+	fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+	    awk '{ print $1, $2, $4 }')
+	echo "ssh fingerprint: $fingerprintSSH"
+    else
+	log info "SSH host key not found."
+	ret='1'
+    fi
+
+    return $ret
 }
 
 # update authorized_keys for users
@@ -311,15 +331,6 @@ gen_key() {
     revoker=
 
     # get options
-    TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed!  Does your getopt support GNU-style long options?"
-
-    if [ $? != 0 ] ; then
-	exit 1
-    fi
-
-    # Note the quotes around `$TEMP': they are essential!
-    eval set -- "$TEMP"
-
     while true ; do
 	case "$1" in
 	    -l|--length)
@@ -334,10 +345,11 @@ gen_key() {
 		revoker="$2"
 		shift 2
 		;;
-	    --)
-		shift
-		;;
-            *)
+	    *)
+		if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+		    failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+		fi
 		break
 		;;
 	esac
@@ -346,33 +358,29 @@ gen_key() {
     hostName=${1:-$(hostname -f)}
     userID="ssh://${hostName}"
 
-    # check for presense of key with user ID
+    # check for presense of secret key
     # FIXME: is this the proper test to be doing here?
-    if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
-	failure "Key for '$userID' already exists"
-    fi
+    fingerprint_server_key >/dev/null \
+	&& failure "A key for this host already exists."
 
     # prompt about key expiration if not specified
     keyExpire=$(get_gpg_expiration "$keyExpire")
 
     # set key parameters
-    keyParameters=$(cat <<EOF
-Key-Type: $keyType
+    keyParameters=\
+"Key-Type: $keyType
 Key-Length: $keyLength
 Key-Usage: $keyUsage
 Name-Real: $userID
-Expire-Date: $keyExpire
-EOF
-)
+Expire-Date: $keyExpire"
 
     # add the revoker field if specified
     # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
     # FIXME: key is marked "sensitive"?  is this appropriate?
     if [ "$revoker" ] ; then
-	keyParameters="${keyParameters}"$(cat <<EOF
-Revoker: 1:$revoker sensitive
-EOF
-)
+	keyParameters=\
+"${keyParameters}
+Revoker: 1:${revoker} sensitive"
     fi
 
     echo "The following key parameters will be used for the host private key:"
@@ -384,19 +392,16 @@ EOF
     fi
 
     # add commit command
-    keyParameters="${keyParameters}"$(cat <<EOF
+    # must include blank line!
+    keyParameters=\
+"${keyParameters}
 
 %commit
-%echo done
-EOF
-)
+%echo done"
 
     log verbose "generating server key..."
     echo "$keyParameters" | gpg_host --batch --gen-key
 
-    # output the server fingerprint
-    fingerprint_server_key "=${userID}"
-
     # find the key fingerprint of the newly generated key
     fingerprint=$(fingerprint_server_key)
 
@@ -415,6 +420,9 @@ EOF
     log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
     gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
     log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+    # show info about new key
+    show_server_key
 }
 
 # extend the lifetime of a host key:
@@ -478,7 +486,7 @@ $userID
 
 save
 EOF
-	)
+)
 
     # execute edit-key script
     if echo "$adduidCommand" | \
@@ -778,15 +786,6 @@ add_certifier() {
     depth=1
 
     # get options
-    TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed!  Does your getopt support GNU-style long options?"
-
-    if [ $? != 0 ] ; then
-	exit 1
-    fi
-
-    # Note the quotes around `$TEMP': they are essential!
-    eval set -- "$TEMP"
-
     while true ; do
 	case "$1" in
 	    -n|--domain)
@@ -801,10 +800,11 @@ add_certifier() {
 		depth="$2"
 		shift 2
 		;;
-	    --)
-		shift
-		;;
-            *)
+	    *)
+		if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+		    failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+		fi
 		break
 		;;
 	esac
@@ -1001,62 +1001,76 @@ shift
 
 case $COMMAND in
     'update-users'|'update-user'|'u')
+	check_user
 	check_host_keyring
 	update_users "$@"
 	;;
 
     'gen-key'|'g')
+	check_user
 	gen_key "$@"
 	;;
 
     'extend-key'|'e')
+	check_user
 	check_host_keyring
 	extend_key "$@"
 	;;
 
     'add-hostname'|'add-name'|'n+')
+	check_user
 	check_host_keyring
 	add_hostname "$@"
 	;;
 
     'revoke-hostname'|'revoke-name'|'n-')
+	check_user
 	check_host_keyring
 	revoke_hostname "$@"
 	;;
 
     'show-key'|'show'|'s')
-	check_host_keyring
 	show_server_key
 	;;
 
     'publish-key'|'publish'|'p')
+	check_user
 	check_host_keyring
 	publish_server_key
 	;;
 
     'diagnostics'|'d')
+	check_user
 	diagnostics
 	;;
 
     'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+	check_user
 	check_host_keyring
 	add_certifier "$@"
 	;;
 
     'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+	check_user
 	check_host_keyring
 	remove_certifier "$@"
 	;;
 
     'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+	check_user
 	check_host_keyring
 	list_certifiers "$@"
 	;;
 
     'gpg-authentication-cmd')
+	check_user
 	gpg_authentication_cmd "$@"
 	;;
 
+    'version'|'v')
+	echo "$VERSION"
+	;;
+
     '--help'|'help'|'-h'|'h'|'?')
         usage
         ;;
diff --git a/website/bugs.mdwn b/website/bugs.mdwn
index d621500..bd437f9 100644
--- a/website/bugs.mdwn
+++ b/website/bugs.mdwn
@@ -2,10 +2,18 @@
 
 # Bugs #
 
-This is Monkeysphere's bug list.  You can also browse our [completed bugs](done).
+The Monkeysphere is moving to a [new issue tracking
+system](https://labs.riseup.net/code/projects/show/monkeysphere),
+hosted at [Riseup Labs](https://labs.riseup.net/code).  We're leaving
+this old bug list up during the transition.
 
-If you don't have commit access to the public repo, we'd appreciate
-you reporting bugs on [the monkeysphere mailing list](/community).
+If you use [Debian](htt[://debian.org), please consider submitting
+your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere).
+
+You can also browse our [completed bugs](done).
+
+Please feel free to also ask any questions on the [the monkeysphere
+mailing list](/community).
 
 [[inline pages="./bugs/* and !./bugs/done and !link(done) 
 and !*/Discussion" actions=yes postform=yes show=0]]
diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn
index c2908ad..d418e98 100644
--- a/website/bugs/posix_compliance.mdwn
+++ b/website/bugs/posix_compliance.mdwn
@@ -7,3 +7,6 @@ bashism at the moment, so this may not be trivial.  For instance:
       servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l
       50
       servo:~/cmrg/monkeysphere/git 0$ 
+
+It looks like the biggest complication for this would be the
+occasional use of bash arrays.
diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn
index db087b4..2ec68d6 100644
--- a/website/bugs/use_getopts_instead_of_getopt.mdwn
+++ b/website/bugs/use_getopts_instead_of_getopt.mdwn
@@ -2,3 +2,18 @@ Since Monkeysphere is using bash, it would be nice to use the shell
 build in getopts function, instead of the external getopt program.
 This would reduce an external dependency, which would definitely be
 better for portability.
+
+---
+
+So it looks like the sh built-in getopts does not include long options
+(eg. "--expire").  Is it worth getting rid of the long options for
+this?
+
+---
+
+Why not just get rid of getopts altogether and perform a simple
+argument-processing loop with bash string tests?  We're only invoking
+getopt in three places, and each invocation is no more complex than
+three arguments -- and most arguments take a separate parameter, which
+means that handling tricky arg blobs like -aCxr are not gonna be
+supported anyway.
diff --git a/website/doc.mdwn b/website/doc.mdwn
index cd7bc76..28db2ef 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -19,10 +19,12 @@
 
 ## References ##
 
- * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://www.gnupg.org/)
  * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
  * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
    * [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
 
 ## Other ##
 
diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn
index 1c373ac..5c7203d 100644
--- a/website/getting-started-admin.mdwn
+++ b/website/getting-started-admin.mdwn
@@ -2,60 +2,106 @@ Monkeysphere Server Administrator README
 ========================================
 
 As the administrator of an SSH server, you can take advantage of the
-monkeysphere in two ways: you can publish the host key of your machine
-so that your users can have it automatically verified, and you can set
-up your machine to automatically identify connecting users by their
-presence in the OpenPGP web of trust.
+monkeysphere in two ways:
 
+1. you can publish the host key of your machine so that your users can
+have it automatically verified, and
+
+2. you can set up your machine to automatically identify connecting
+users by their presence in the OpenPGP web of trust.
+
+These things are not mutually required, and it is in fact possible to
+do one without the other.  However, it is highly recommend that you at
+least do the first.  Even if you decide that you do not want to use
+the monkeysphere to authenticate users to your system, you should at
+least the host key into the Web of Trust so that your users can be
+sure they're connecting to the correct machine.
+
+
+Monkeysphere for host verification
+==================================
 
 Server host key publication
 ---------------------------
-To generate and publish a server host key:
+
+To begin, you must first generate a server host key:
 
 	# monkeysphere-server gen-key
-	# monkeysphere-server publish-key
 
 This will generate the key for server with the service URI
-(`ssh://server.example.net`).  The server admin should now sign the
-server key so that people in the admin's web of trust can identify the
-server without manual host key checking:
+(`ssh://server.example.net`).  Output the new key information with the
+'show-key' command:
+
+	# monkeysphere-server show-key
+
+Once the key has been generated, it needs to be publish to the Web of
+Trust:
+
+	# monkeysphere-server publish-key
+
+The server admin should now sign the server key so that people in the
+admin's web of trust can identify the server without manual host key
+checking.  On your (the admin's) local machine retrieve the host key:
 
 	$ gpg --search '=ssh://server.example.net'
+
+Now sign the server key:
+
 	$ gpg --sign-key '=ssh://server.example.net'
 
+Make sure you compare the fingerprint of the retrieved with the one
+output with the 'show-key' command above, to verify you are signing
+the correct key.  Finally, publish your signatures back to the
+keyservers:
+
+	$ gpg --send-key '=ssh://server.example.net'
 
 Update OpenSSH configuration files
 ----------------------------------
 
 To use the newly-generated host key for ssh connections, put the
-following line in `/etc/ssh/sshd_config` (be sure to remove references
-to any other keys):
+following line in `/etc/ssh/sshd_config` (be sure to comment out or
+remove any other HostKey references):
 
 	HostKey /var/lib/monkeysphere/ssh_host_rsa_key
 
-FIXME: should we just suggest symlinks in the filesystem here instead?
+FIXME: What about DSA host keys?  The SSH RFC seems to require
+implementations support DSA, though OpenSSH will work without a DSA
+host key.
 
-FIXME: What about DSA host keys?  The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key.
 
-To enable users to use the monkeysphere to authenticate using the
-OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again,
-making sure that no other AuthorizedKeysFile directive exists):
+Monkeysphere for user authentication
+====================================
 
-	AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+A host can maintain ssh `authorized_keys` files automatically for its
+users with the Monkeysphere.  These `authorized_keys` files can then
+be used to enable users to use the monkeysphere to authenticate to
+your machine using the OpenPGP web of trust.
+
+Before this can happen, the host must first have a host key to use for
+user key verification.  If you have not already generated a host key
+(as in the host verification instructions above), generate one now:
+
+	# monkeysphere-server gen-key
 
-And then read the section below about how to ensure these files are
-maintained.  You'll need to restart `sshd` to have your changes take
-effect.  As with any change to `sshd_config`, be sure to retain an
-existing session to the machine while you test your changes so you
-don't get locked out.
+Update OpenSSH configuration files
+----------------------------------
+
+SSH must be configured to point to the monkeysphere generated
+`authorized_keys` file.  Add this line to `/etc/ssh/sshd_config`
+(again, making sure that no other AuthorizedKeysFile directive is left
+uncommented):
 
+	AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+
+You'll need to restart `sshd` to have your changes take effect.  As
+with any change to `sshd_config`, be sure to retain an existing
+session to the machine while you test your changes so you don't get
+locked out.
 
 Monkeysphere authorized_keys maintenance
 ----------------------------------------
 
-A host can maintain ssh authorized_keys files automatically for its
-users with the Monkeysphere.
-
 For each user account on the server, the userids of people authorized
 to log into that account would be placed in:
 
@@ -72,12 +118,12 @@ If the admin's OpenPGP keyid is `$GPGID`, then on the server run:
 
 	# monkeysphere-server add-identity-certifier $GPGID
 
-To update the monkeysphere authorized_keys file for user "bob" using
+To update the monkeysphere `authorized_keys` file for user "bob" using
 the current set of identity certifiers, run:
 
 	# monkeysphere-server update-users bob
 
-To update the monkeysphere authorized_keys file for all users on the
+To update the monkeysphere `authorized_keys` file for all users on the
 the system, run the same command with no arguments:
 
 	# monkeysphere-server update-users
diff --git a/website/index.mdwn b/website/index.mdwn
index 2e756ae..4abeea0 100644
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -69,12 +69,11 @@ To emphasize: ***no modifications to SSH are required to use the
 Monkeysphere***.  OpenSSH can be used as is; completely unpatched and
 "out of the box".
 
-## Links ##
+## License ##
 
-* [OpenSSH](http://openssh.com/)
-* [GnuPG](http://www.gnupg.org/)
-* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
-* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
+All Monkeysphere software is copyright, 2007, by [the
+authors](community), and released under [GPL, version 3 or
+later](http://www.gnu.org/licenses/gpl-3.0.html).
 
 ----
 
diff --git a/website/local.css b/website/local.css
index c4b59e9..de0f196 100644
--- a/website/local.css
+++ b/website/local.css
@@ -58,31 +58,31 @@ pre {
   overflow: auto;
 }
 
-table.sitenav { 
+table.sitenav {
   border-bottom: 2px solid black;
   padding: 0px;
   width: 100%;
   font-size: larger;
 }
 
-table.sitenav img.logo { 
-  margin: 0px; 
-  padding: 0px; 
+table.sitenav img.logo {
+  margin: 0em;
+  padding: 0px;
   vertical-align: bottom;
 }
 
+table.sitenav img.title {
+  margin: 0px;
+  padding: 0px;
+  vertical-align: top;
+}
+
 table.sitenav a { 
   font-weight: bold;
   margin-right: 1em;
   font-size: smaller;
 }
 
-/* trying to align the sitenav links roughly with the text in the monkeysphere logo */
-td#sitenav { 
-  vertical-align: bottom;
-  padding-bottom: 30px;
-}
-
 table.sitenav span.selflink { 
   font-weight: bold;
   text-decoration: underline;
diff --git a/website/logo.simple.png b/website/logo.simple.png
new file mode 100644
index 0000000..5cc69eb
--- /dev/null
+++ b/website/logo.simple.png
diff --git a/website/logo.title.png b/website/logo.title.png
new file mode 100644
index 0000000..a203f8b
--- /dev/null
+++ b/website/logo.title.png
diff --git a/website/news/Monkeysphere-in-Debian.mdwn b/website/news/Monkeysphere-in-Debian.mdwn
new file mode 100644
index 0000000..edad432
--- /dev/null
+++ b/website/news/Monkeysphere-in-Debian.mdwn
@@ -0,0 +1,15 @@
+[[meta title="Monkeysphere now in Debian!"]]
+
+[The Monkeysphere has made it into
+Debian!](http://packages.debian.org/sid/monkeysphere)
+
+It is in Debian unstable ("sid") now, which means it won't make it
+into the next stable release ("lenny"), but hopefully will make it
+into the stable release after that ("squeeze").
+
+Congratulations to all the work by all the [monkeysphere
+developers](/community), and to Micah Anderson for being our Debian
+sponsor.
+
+Please feel free to start submitting bug reports to the [Debian
+BTS](http://bugs.debian.org/monkeysphere).
diff --git a/website/sidebar.mdwn b/website/sidebar.mdwn
index fe21fc5..420cd7e 100644
--- a/website/sidebar.mdwn
+++ b/website/sidebar.mdwn
@@ -1,13 +1,18 @@
 <table class="sitenav" cellpadding="0" cellspacing="0">
-<tbody><tr><td>
-<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
-</td><td id="sitenav">
-
+<colgroup span="1" width="120" />
+<tr>
+<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td>
+<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td>
+</tr><tr>
+<td>
 [[WHY?|why]]
 [[DOWNLOAD|download]]
 [[DOCUMENTATION|doc]] 
 [[NEWS|news]]
 [[COMMUNITY|community]]
-[[BUGS|bugs]]
+<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a>
+<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a>
+</td>
+</tr>
+</table>
 
-</td></tr></tbody></table>
author	Matt Goins <mjgoins@openflows.com>	2009-01-07 16:45:25 -0500
committer	Matt Goins <mjgoins@openflows.com>	2009-01-07 16:45:25 -0500
commit	499aa3840041d9ddd5c680adce059260059aabf9 (patch)
tree	4c9d2c144e69213fbc9b1f76ba9bc20e7152439b
parent	c3b912f2506c3a150f128a77317085cea599a814 (diff)
parent	f8344402aebe5f0497a81934b980b9ed6ea7a6a2 (diff)