diff options
author | Jameson Rollins <jrollins@finestructure.net> | 2010-01-15 19:19:15 -0500 |
---|---|---|
committer | Jameson Rollins <jrollins@finestructure.net> | 2010-01-15 19:19:15 -0500 |
commit | ce45ef5702e072e869fa9d1b703f99dc740eb000 (patch) | |
tree | c0aca35789dd24b73b8220fac2d83f73c18fb818 /src/share/mh/revoke_hostname | |
parent | 1e207b9914d4b19450c94a3de4dbf41305638035 (diff) |
Major rework of monkeysphere-host to handle multiple host keys.
This rework removes any assumption that monkeysphere-host is just
managing a single host key, or that the keys are used specifically for
ssh. The UI is exactly backwards compatible except that hostnames
('example.com') must be replaced by full service names
('ssh://example.com'). This incarnation passes the old tests with
those changes only.
There are a couple of things that still need to be done:
- need to see if a transition script is needed (some local file names
have changed)
- need to fill in check_service_name function to verify that a
specified service name fits the expected format.
- update diagnostics appropriately
Diffstat (limited to 'src/share/mh/revoke_hostname')
-rw-r--r-- | src/share/mh/revoke_hostname | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname deleted file mode 100644 index 6b80802..0000000 --- a/src/share/mh/revoke_hostname +++ /dev/null @@ -1,68 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host revoke-hostname subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins <jrollins@finestructure.net> -# Jamie McClelland <jm@mayfirst.org> -# Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# revoke hostname user ID from host key - -revoke_hostname() { - -local userID -local fingerprint -local tmpuidMatch -local line -local message -local revuidCommand - -if [ -z "$1" ] ; then - failure "You must specify a hostname to revoke." -fi - -userID="ssh://${1}" - -# make sure the user ID to revoke -find_host_userid "$userID" || \ - failure "No non-revoked user ID found matching '$userID'." - -if [ "$PROMPT" = "true" ] ; then - printf "The following host key user ID will be revoked:\n %s\nAre you sure you would like to revoke this user ID? (Y/n) " "$userID" >&2 - read OK; OK=${OK:=Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "User ID not revoked." - fi -else - log debug "revoking user ID without prompting." -fi - -# actually revoke: - -# the gpg secring might not contain the host key we are trying to -# revoke (let alone any selfsig over that host key), but the plain -# --export won't contain the secret key. "keytrans revokeuserid" -# needs access to both pieces, so we feed it both of them. - -if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \ - "$SYSSHAREDIR/keytrans" revokeuserid \ - "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then - gpg_host --check-trustdb - - update_gpg_pub_file - - show_key - - echo - echo "NOTE: User ID revoked, but revocation not published." - echo "Run '$PGRM publish-key' to publish the revocation." -else - failure "Problem revoking user ID." -fi - -} |