diff options
| author | Jameson Graef Rollins <jrollins@finestructure.net> | 2008-11-30 17:15:56 -0500 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2008-11-30 17:29:38 -0500 |
| commit | 34af6daef32adbb7964e4fd1354eaaa737adc4ac (patch) | |
| tree | 434556745781d1988c812bdfa909972eb916e676 /src/monkeysphere-server | |
| parent | 08c0d045d6608ee7cba7b979ce007087d703693c (diff) | |
add new check_host_keyring function for better checks for the
existence of a host private key for functions that require it to be
there.
Diffstat (limited to 'src/monkeysphere-server')
| -rwxr-xr-x | src/monkeysphere-server | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a1844ee..388e50b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -117,6 +117,16 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } +# function to check for host secret keys +# fails if host sec key exists, exits true otherwise +check_host_keyring() { + if ! gpg_host --list-secret-keys --fingerprint \ + --with-colons --fixed-list-mode 2>/dev/null | grep -q '^sec:' ; then + + failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." + fi +} + # output just key fingerprint fingerprint_server_key() { gpg_host --list-secret-keys --fingerprint \ @@ -337,6 +347,7 @@ gen_key() { userID="ssh://${hostName}" # check for presense of key with user ID + # FIXME: is this the proper test to be doing here? if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then failure "Key for '$userID' already exists" fi @@ -411,10 +422,6 @@ extend_key() { local fpr=$(fingerprint_server_key) local extendTo="$1" - if [ -z "$fpr" ] ; then - failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first." - fi - # get the new expiration date extendTo=$(get_gpg_expiration "$extendTo") @@ -990,6 +997,7 @@ shift case $COMMAND in 'update-users'|'update-user'|'u') + check_host_keyring update_users "$@" ;; @@ -998,22 +1006,27 @@ case $COMMAND in ;; 'extend-key'|'e') + check_host_keyring extend_key "$@" ;; 'add-hostname'|'add-name'|'n+') + check_host_keyring add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') + check_host_keyring revoke_hostname "$@" ;; 'show-key'|'show'|'s') + check_host_keyring show_server_key ;; 'publish-key'|'publish'|'p') + check_host_keyring publish_server_key ;; @@ -1022,14 +1035,17 @@ case $COMMAND in ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_host_keyring add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_host_keyring remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_host_keyring list_certifiers "$@" ;; |