diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-08-15 14:44:18 -0400 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-08-15 14:44:18 -0400 |
commit | 617f03c948b66774e6765206bed2c56d30157187 (patch) | |
tree | 88fe42f4e6fd510fe18c996583181a766e0f1d7b | |
parent | 22476961b7915076e6ae7f353b563516f9931a04 (diff) |
first pass at revoking hostnames.
-rw-r--r-- | debian/changelog | 1 | ||||
-rw-r--r-- | src/common | 7 | ||||
-rwxr-xr-x | src/monkeysphere-server | 32 |
3 files changed, 39 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index e80e48a..59aea1e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low of my own. * More monkeysphere-server diagnostics * monkeysphere --gen-subkey now guesses what KeyID you meant. + * set up host-key revocation [ Jameson Graef Rollins ] * fix another bug for when ssh key files are missing. @@ -76,6 +76,13 @@ unescape() { echo "$1" | sed 's/\\x3a/:/g' } +# convert nasty chars into gpg-friendly form +# FIXME: escape everything, not just colons! +escape() { + echo "$1" | sed 's/:/\\x3a/g' +} + + # remove all lines with specified string from specified file remove_line() { local file diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 023ce9b..6ffd41f 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -402,11 +402,41 @@ EOF # revoke hostname user ID to server key revoke_hostname() { + local msg + local uidNum + local tmpuidMatch + local fpr + local linenum + if [ -z "$1" ] ; then failure "You must specify a hostname to revoke." fi - failure "Sorry, not yet implemented." + fpr=$(fingerprint_server_key) + tmpuidMatch="u:$(escape "$1")" + + if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "$fpr" | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F 'r:Foo T. Bar (DO NOT USE!) <foo@example.net>') ; then + uidNum=${linenum%%:*} + else + failure "no non-revoked hostname '$1' is listed." + fi + + msg="hostname removed by monkeysphere-server on $(date +%F)" + + + revuidCommand=$(cat <<EOF +$uidNum +revuid +y +4 +$msg + +y +save +EOF +) + + echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fingerprint"\! echo "NOTE: host userID revokation has not been published." echo "Use '$PGRM publish-key' to publish these changes." |