diff options
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | man/man8/monkeysphere-server.8 | 10 | ||||
| -rw-r--r-- | src/keytrans/openpgp2ssh.c | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 17 |
4 files changed, 26 insertions, 12 deletions
diff --git a/debian/changelog b/debian/changelog index 22f698b..1711a69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,8 @@ -monkeysphere (0.4-1) UNRELEASED; urgency=low +monkeysphere (0.4-1) experimental; urgency=low - [Daniel Kahn Gillmor] - * New version (switch UNRELEASED to experimental when ready) + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh [ Jameson Graef Rollins ] * Privilege separation: use monkeysphere user to handle maintenance of @@ -14,7 +15,7 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low * Add write permission check on authorized_keys, known_hosts, and authorized_user_ids files. - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Thu, 10 Jul 2008 16:47:17 -0400 + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400 monkeysphere (0.3-1) experimental; urgency=low diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 79832a2..288d45f 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -54,10 +54,12 @@ place of `publish-key'. .TP .B add-identity-certifier KEYID Instruct system to trust user identity certifications made by KEYID. -A certifier domain can be specified with the `-n' or `--domain' -option. A certifier trust level can be specified with the `-t' or -`--trust' option (possible values are `1' for `marginal' and `2' for -`full' (default is `2')). A certifier trust depth can be specified +Using the `-n' or `--domain' option allows you to indicate that you +only trust the given KEYID to make identifications within a specific +domain (e.g. "trust KEYID to certify user identities within the +@example.org domain"). A certifier trust level can be specified with +the `-t' or `--trust' option (possible values are `marginal' and +`full' (default is `full')). A certifier trust depth can be specified with the `-d' or `--depth' option (default is 1). `a' may be used in place of `add-identity-certifier'. .TP diff --git a/src/keytrans/openpgp2ssh.c b/src/keytrans/openpgp2ssh.c index 5cc6cfa..36fb30a 100644 --- a/src/keytrans/openpgp2ssh.c +++ b/src/keytrans/openpgp2ssh.c @@ -491,6 +491,8 @@ int main(int argc, char* argv[]) { err(0,"Translating public key\n"); ret = emit_public_openssh_from_pgp(&pgp_crt, fingerprint, fpr_size); + if (ret != 0) + return ret; } else { /* we have no idea what kind of key this is at all anyway! */ diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 6534fa1..4d7acc6 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -47,8 +47,8 @@ subcommands: publish-key (p) publish server's host key to keyserver add-identity-certifier (a) KEYID import and tsign a certification key - -n|--domain DOMAIN domain of certifier () - -t|--trust TRUST trust level of certifier (2) + -n|--domain DOMAIN limit ID certifications to IDs in DOMAIN () + -t|--trust TRUST trust level of certifier (full) -d|--depth DEPTH trust depth for certifier (1) remove-identity-certifier (r) KEYID remove a certification key list-identity-certifiers (l) list certification keys @@ -383,10 +383,11 @@ add_certifier() { local keyID local fingerprint local ltsignCommand + local trustval # set default values for trust depth and domain domain= - trust=2 + trust=full depth=1 # get options @@ -450,12 +451,20 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export $keyID" | gpg_host --import + if [ "$trust" == marginal ]; then + trustval=1 + elif [ "$trust" == full ]; then + trustval=2 + else + failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)" + fi + # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign y -$trust +$trustval $depth $domain y |