Merge commit 'dkg/master'

Conflicts:

	src/monkeysphere-server

Resolved conflicts in revoke-hostname, and finish work on them.

2 files changed, 67 insertions, 35 deletions

diff --git a/src/common b/src/common
index 34c86cb..bb988f7 100644
--- a/src/common
+++ b/src/common
@@ -77,6 +77,12 @@ gpg_unescape() {
     sed 's/\\x3a/:/g'
 }
 
+# convert nasty chars into gpg-friendly form in pipeline
+# FIXME: escape everything, not just colons!
+gpg_escape() {
+    sed 's/:/\\x3a/g'
+}
+
 # remove all lines with specified string from specified file
 remove_line() {
     local file
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 31bce7d..4fb8265 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -375,6 +375,8 @@ EOF
 add_hostname() {
     local userID
     local fingerprint
+    local tmpuidMatch
+    local line
     local adduidCommand
 
     if [ -z "$1" ] ; then
@@ -383,19 +385,26 @@ add_hostname() {
 
     userID="ssh://${1}"
 
-    if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
+    fingerprint=$(fingerprint_server_key)
+
+    # match to only ultimately trusted user IDs
+    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+    # find the index of the requsted user ID
+    # NOTE: this is based on circumstantial evidence that the order of
+    # this output is the appropriate index
+    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
+	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
 	failure "Host userID '$userID' already exists."
     fi
 
     echo "The following user ID will be added to the host key:"
-    echo "  '$userID'"
+    echo "  $userID"
     read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
 	failure "user ID not added."
     fi
 
-    fingerprint=$(fingerprint_server_key)
-
     # edit-key script command to add user ID
     adduidCommand=$(cat <<EOF
 adduid
@@ -407,21 +416,28 @@ EOF
 	)
 
     # execute edit-key script
-    echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
-
-    # update trust db
-    gpg_host --check-trustdb
+    if echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
+        # update trust db
+	gpg_host --check-trustdb
 
-    show_server_key
+	show_server_key
 
-    # publish the key
-    publish_server_key
+	echo "NOTE: User ID added but key not published."
+	echo "Run '$PGRM publish-key' to publish the key"
+    else
+	failure "Problem adding user ID."
+    fi
 }
 
 # revoke hostname user ID to server key
 revoke_hostname() {
     local userID
+    local fingerprint
+    local tmpuidMatch
+    local line
     local uidIndex
+    local message
+    local revuidCommand
 
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to revoke."
@@ -431,30 +447,35 @@ revoke_hostname() {
 
     fingerprint=$(fingerprint_server_key)
 
+    # match to only ultimately trusted user IDs
+    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
     # find the index of the requsted user ID
     # NOTE: this is based on circumstantial evidence that the order of
     # this output is the appropriate index
-    uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
-	egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
-	grep "$userID" | awk '{ print $1 }')
-
-    if [ -z "$uidIndex" ] ; then
-	failure "User ID '$userID' not found in host key."
+    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
+	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+	uidIndex=${line%%:*}
+    else
+	failure "No non-revoked user ID '$userID' is found."
     fi
 
     echo "The following user ID will be revoked from the host key:"
-    echo "  '$userID'"
+    echo "  $userID"
     read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
 	failure "user ID not revoked."
     fi
 
+    message="Hostname removed by monkeysphere-server $DATE"
+
     # edit-key script command to revoke user ID
     revuidCommand=$(cat <<EOF
 $uidIndex
 revuid
 y
 4
+$message
 
 y
 save
@@ -462,15 +483,17 @@ EOF
 	)	
 
     # execute edit-key script
-    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
-
-    # update trust db
-    gpg_host --check-trustdb
+    if echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
+        # update trust db
+	gpg_host --check-trustdb
 
-    show_server_key
+	show_server_key
 
-    # publish the key
-    publish_server_key
+	echo "NOTE: User ID revoked but key not published."
+	echo "Run '$PGRM publish-key' to publish the key"
+    else
+	failure "Problem revoking user ID."
+    fi
 }
 
 # publish server key to keyserver
@@ -499,7 +522,10 @@ diagnostics() {
     local uid
     local fingerprint
     local badhostkeys
+    local sshd_config
 
+    # FIXME: what's the correct, cross-platform answer?
+    sshd_config=/etc/ssh/sshd_config
     seckey=$(fingerprint_server_key)
     keysfound=$(echo "$seckey" | grep -c ^sec:)
     curdate=$(date +%s)
@@ -576,14 +602,14 @@ diagnostics() {
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
-	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
-		echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
-		echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
+		echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
+		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
 	    fi
-	    if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
-		echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
 	    fi
 	fi
     fi
@@ -599,14 +625,14 @@ diagnostics() {
 
     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
     # Ensure that User ID authentication is enabled:
-    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
-	echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
-	echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
+	echo "! $sshd_config does not point to monkeysphere authorized keys."
+	echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
     fi
-    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
 	echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
 	echo "$badauthorizedkeys"
-	echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
     fi
 }