diff options
| author | Matt Goins <mjgoins@openflows.com> | 2009-02-21 17:46:57 -0500 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2009-02-21 17:46:57 -0500 |
| commit | d0a0622eb3aa83aab551afcc44b587a49952e676 (patch) | |
| tree | ce2599eda0692c95e5a7cfc8a581d8c71591c936 /src | |
| parent | 4e0502a242b89c73535b00cc1b199dfea38ce4d4 (diff) | |
| parent | 46fe34d78ca1acb59c996064e4b85f922cf9e9e6 (diff) | |
Merge commit 'dkg/master'
Diffstat (limited to 'src')
| -rwxr-xr-x | src/monkeysphere-host | 13 | ||||
| -rw-r--r-- | src/share/m/subkey_to_ssh_agent | 14 |
2 files changed, 21 insertions, 6 deletions
diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 540a8ab..1b0de0c 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -163,6 +163,8 @@ find_host_userid() { # show info about the host key show_key() { local GNUPGHOME + local TMPSSH + local revokers # tmp gpghome dir export GNUPGHOME=$(msmktempdir) @@ -189,6 +191,17 @@ show_key() { | grep -v "^${GNUPGHOME}/pubring.gpg$" \ | egrep -v '^-+$' + # list revokers, if there are any + revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ + | awk -F: '/^rvk:/{ print $10 }' ) + if [ "$revokers" ] ; then + echo "The following keys are allowed to revoke this host key:" + for key in $revokers ; do + echo "revoker: $key" + done + echo + fi + # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 7fb2fdb..4ce14f8 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -13,6 +13,9 @@ # try to add all authentication subkeys to the agent +# FIXME: what if you only want to add one authentication subkey to the +# agent? + subkey_to_ssh_agent() { local sshaddresponse=0 local secretkeys @@ -68,7 +71,6 @@ You might want to 'monkeysphere gen-subkey'" trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" - keysuccess=1 # FIXME: we're currently allowing any other options to get passed # through to ssh-add. should we limit it to known ones? For @@ -88,7 +90,7 @@ You might want to 'monkeysphere gen-subkey'" if [ "$1" = '-d' ]; then # we're removing the subkey: gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" - (cd "$workingdir" && ssh-add -d "$kname") + (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?" else # we're adding the subkey: mkfifo "$workingdir/$kname" @@ -98,8 +100,8 @@ You might want to 'monkeysphere gen-subkey'" (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )& passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase" - wait %2 - fi || keysuccess="$?" + wait %2 || keysuccess="$?" + fi rm -f "$workingdir/$kname" done @@ -108,7 +110,7 @@ You might want to 'monkeysphere gen-subkey'" rm -rf "$workingdir" # FIXME: sort out the return values: we're just returning the - # success or failure of the final authentication subkey in this - # case. What if earlier ones failed? + # failure code of the last authentication subkey which fails. + # what if more than one authentication subkey fails? return "$keysuccess" } |