diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-01-31 23:05:23 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-01-31 23:06:56 -0500 |
commit | 33888714f26a775b3be54edb27d77de719d5939c (patch) | |
tree | 0eacf9b1424198458ec7f2641c9353f18640bd86 /src/share/mh/revoke_hostname | |
parent | abedd439e7b62428e1c76baf008f2d6b1afccc5a (diff) |
move src/subcommands to srv/share, and add common file to src/share (update Makefile as well)
Diffstat (limited to 'src/share/mh/revoke_hostname')
-rw-r--r-- | src/share/mh/revoke_hostname | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname new file mode 100644 index 0000000..b519cf6 --- /dev/null +++ b/src/share/mh/revoke_hostname @@ -0,0 +1,91 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host revoke-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# revoke hostname user ID from host key + +revoke_hostname() { + +local userID +local fingerprint +local tmpuidMatch +local line +local uidIndex +local message +local revuidCommand + +if [ -z "$1" ] ; then + failure "You must specify a hostname to revoke." +fi + +echo "WARNING: There is a known bug in this function." +echo "This function has been known to occasionally revoke the wrong user ID." +echo "Please see the following bug report for more information:" +echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/" +read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +userID="ssh://${1}" + +fingerprint=$(fingerprint_server_key) + +# match to only ultimately trusted user IDs +tmpuidMatch="u:$(echo $userID | gpg_escape)" + +# find the index of the requsted user ID +# NOTE: this is based on circumstantial evidence that the order of +# this output is the appropriate index +if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + uidIndex=${line%%:*} +else + failure "No non-revoked user ID '$userID' is found." +fi + +echo "The following host key user ID will be revoked:" +echo " $userID" +read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." +fi + +message="Hostname removed by monkeysphere-server $DATE" + +# edit-key script command to revoke user ID +revuidCommand=$(cat <<EOF +$uidIndex +revuid +y +4 +$message + +y +save +EOF + ) + +# execute edit-key script +if echo "$revuidCommand" | \ + gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + + show_key + + echo + echo "NOTE: User ID revoked, but revocation not published." + echo "Run '$PGRM publish-key' to publish the revocation." +else + failure "Problem revoking user ID." +fi + +} |