summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-15 14:44:18 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-15 14:44:18 -0400
commit617f03c948b66774e6765206bed2c56d30157187 (patch)
tree88fe42f4e6fd510fe18c996583181a766e0f1d7b
parent22476961b7915076e6ae7f353b563516f9931a04 (diff)
first pass at revoking hostnames.
-rw-r--r--debian/changelog1
-rw-r--r--src/common7
-rwxr-xr-xsrc/monkeysphere-server32
3 files changed, 39 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index e80e48a..59aea1e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
of my own.
* More monkeysphere-server diagnostics
* monkeysphere --gen-subkey now guesses what KeyID you meant.
+ * set up host-key revocation
[ Jameson Graef Rollins ]
* fix another bug for when ssh key files are missing.
diff --git a/src/common b/src/common
index 17955a7..24decae 100644
--- a/src/common
+++ b/src/common
@@ -76,6 +76,13 @@ unescape() {
echo "$1" | sed 's/\\x3a/:/g'
}
+# convert nasty chars into gpg-friendly form
+# FIXME: escape everything, not just colons!
+escape() {
+ echo "$1" | sed 's/:/\\x3a/g'
+}
+
+
# remove all lines with specified string from specified file
remove_line() {
local file
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 023ce9b..6ffd41f 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -402,11 +402,41 @@ EOF
# revoke hostname user ID to server key
revoke_hostname() {
+ local msg
+ local uidNum
+ local tmpuidMatch
+ local fpr
+ local linenum
+
if [ -z "$1" ] ; then
failure "You must specify a hostname to revoke."
fi
- failure "Sorry, not yet implemented."
+ fpr=$(fingerprint_server_key)
+ tmpuidMatch="u:$(escape "$1")"
+
+ if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "$fpr" | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F 'r:Foo T. Bar (DO NOT USE!) <foo@example.net>') ; then
+ uidNum=${linenum%%:*}
+ else
+ failure "no non-revoked hostname '$1' is listed."
+ fi
+
+ msg="hostname removed by monkeysphere-server on $(date +%F)"
+
+
+ revuidCommand=$(cat <<EOF
+$uidNum
+revuid
+y
+4
+$msg
+
+y
+save
+EOF
+)
+
+ echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fingerprint"\!
echo "NOTE: host userID revokation has not been published."
echo "Use '$PGRM publish-key' to publish these changes."