Merge commit 'dkg/master'

Conflicts:

	src/monkeysphere-server

Resolved conflicts in revoke-hostname, and finish work on them.

6 files changed, 77 insertions, 39 deletions

diff --git a/debian/changelog b/debian/changelog
index e80e48a..b39ba44 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
     of my own.
   * More monkeysphere-server diagnostics
   * monkeysphere --gen-subkey now guesses what KeyID you meant.
+  * set up host-key revocation
 
   [ Jameson Graef Rollins ]
   * fix another bug for when ssh key files are missing.
@@ -13,8 +14,9 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low
     be removed from key files.
   * enabled host key publication.
   * added checking of gpg.conf for keyserver
+  * new functions to add/revoke host key user IDs
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 10:46:23 -0700
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 15:02:48 -0700
 
 monkeysphere (0.7-1) experimental; urgency=low
 
diff --git a/src/common b/src/common
index 34c86cb..bb988f7 100644
--- a/src/common
+++ b/src/common
@@ -77,6 +77,12 @@ gpg_unescape() {
     sed 's/\\x3a/:/g'
 }
 
+# convert nasty chars into gpg-friendly form in pipeline
+# FIXME: escape everything, not just colons!
+gpg_escape() {
+    sed 's/:/\\x3a/g'
+}
+
 # remove all lines with specified string from specified file
 remove_line() {
     local file
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 31bce7d..4fb8265 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -375,6 +375,8 @@ EOF
 add_hostname() {
     local userID
     local fingerprint
+    local tmpuidMatch
+    local line
     local adduidCommand
 
     if [ -z "$1" ] ; then
@@ -383,19 +385,26 @@ add_hostname() {
 
     userID="ssh://${1}"
 
-    if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
+    fingerprint=$(fingerprint_server_key)
+
+    # match to only ultimately trusted user IDs
+    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+    # find the index of the requsted user ID
+    # NOTE: this is based on circumstantial evidence that the order of
+    # this output is the appropriate index
+    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
+	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
 	failure "Host userID '$userID' already exists."
     fi
 
     echo "The following user ID will be added to the host key:"
-    echo "  '$userID'"
+    echo "  $userID"
     read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
 	failure "user ID not added."
     fi
 
-    fingerprint=$(fingerprint_server_key)
-
     # edit-key script command to add user ID
     adduidCommand=$(cat <<EOF
 adduid
@@ -407,21 +416,28 @@ EOF
 	)
 
     # execute edit-key script
-    echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
-
-    # update trust db
-    gpg_host --check-trustdb
+    if echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
+        # update trust db
+	gpg_host --check-trustdb
 
-    show_server_key
+	show_server_key
 
-    # publish the key
-    publish_server_key
+	echo "NOTE: User ID added but key not published."
+	echo "Run '$PGRM publish-key' to publish the key"
+    else
+	failure "Problem adding user ID."
+    fi
 }
 
 # revoke hostname user ID to server key
 revoke_hostname() {
     local userID
+    local fingerprint
+    local tmpuidMatch
+    local line
     local uidIndex
+    local message
+    local revuidCommand
 
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to revoke."
@@ -431,30 +447,35 @@ revoke_hostname() {
 
     fingerprint=$(fingerprint_server_key)
 
+    # match to only ultimately trusted user IDs
+    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
     # find the index of the requsted user ID
     # NOTE: this is based on circumstantial evidence that the order of
     # this output is the appropriate index
-    uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
-	egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
-	grep "$userID" | awk '{ print $1 }')
-
-    if [ -z "$uidIndex" ] ; then
-	failure "User ID '$userID' not found in host key."
+    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
+	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+	uidIndex=${line%%:*}
+    else
+	failure "No non-revoked user ID '$userID' is found."
     fi
 
     echo "The following user ID will be revoked from the host key:"
-    echo "  '$userID'"
+    echo "  $userID"
     read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
 	failure "user ID not revoked."
     fi
 
+    message="Hostname removed by monkeysphere-server $DATE"
+
     # edit-key script command to revoke user ID
     revuidCommand=$(cat <<EOF
 $uidIndex
 revuid
 y
 4
+$message
 
 y
 save
@@ -462,15 +483,17 @@ EOF
 	)	
 
     # execute edit-key script
-    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
-
-    # update trust db
-    gpg_host --check-trustdb
+    if echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
+        # update trust db
+	gpg_host --check-trustdb
 
-    show_server_key
+	show_server_key
 
-    # publish the key
-    publish_server_key
+	echo "NOTE: User ID revoked but key not published."
+	echo "Run '$PGRM publish-key' to publish the key"
+    else
+	failure "Problem revoking user ID."
+    fi
 }
 
 # publish server key to keyserver
@@ -499,7 +522,10 @@ diagnostics() {
     local uid
     local fingerprint
     local badhostkeys
+    local sshd_config
 
+    # FIXME: what's the correct, cross-platform answer?
+    sshd_config=/etc/ssh/sshd_config
     seckey=$(fingerprint_server_key)
     keysfound=$(echo "$seckey" | grep -c ^sec:)
     curdate=$(date +%s)
@@ -576,14 +602,14 @@ diagnostics() {
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
-	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
-		echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
-		echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
+		echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
+		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
 	    fi
-	    if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
-		echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
 	    fi
 	fi
     fi
@@ -599,14 +625,14 @@ diagnostics() {
 
     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
     # Ensure that User ID authentication is enabled:
-    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
-	echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
-	echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
+	echo "! $sshd_config does not point to monkeysphere authorized keys."
+	echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
     fi
-    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
 	echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
 	echo "$badauthorizedkeys"
-	echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
     fi
 }
 
diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
index b66e4c7..ae5bf72 100644
--- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn
+++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
@@ -36,8 +36,10 @@ work for reasonable values of `$KEYID`:
 	mkfifo "$TMPDIR/passphrase"
 	kname="MonkeySphere Key $KEYID"
 	mkfifo "$TMPDIR/$kname"
-	ssh-agent "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
-	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname"
+	ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
+	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" \
+	  --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
+	  --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" &
 	(cd "$TMPDIR" && ssh-add -c "$kname")
 	rm -rf "$TMPDIR"	
 
diff --git a/website/bugs/multiple-hostnames.mdwn b/website/bugs/multiple-hostnames.mdwn
index 7597af5..f4920fd 100644
--- a/website/bugs/multiple-hostnames.mdwn
+++ b/website/bugs/multiple-hostnames.mdwn
@@ -35,3 +35,5 @@ probably prompt the administrator to re-publish the host key as well,
 to ensure that the new User IDs are published.
 
   --dkg
+
+[[bugs/done]] on 2008-08-15 15:00:02-0400 in 84b775ff0b36ec4b86e6708844ad2d678eced403
diff --git a/website/download.mdwn b/website/download.mdwn
index 982f88f..3c2f3c5 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -28,7 +28,7 @@ The git repo from this web site:
 
 [Jameson Graef Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins):
 
-	git clone http://lair.fifthhorseman.net/~jrollins/git/monkeysphere.git monkeysphere
+	git clone git://lair.fifthhorseman.net/~jrollins/monkeysphere monkeysphere
 
 [Daniel Kahn Gillmor](http://cmrg.fifthhorseman.net/wiki/dkg):