diff options
Diffstat (limited to 'src/monkeysphere-server')
| -rwxr-xr-x | src/monkeysphere-server | 79 |
1 files changed, 53 insertions, 26 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 0ff06af..13221c5 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -28,14 +28,15 @@ GREP_OPTIONS= usage() { cat <<EOF usage: $PGRM <subcommand> [args] -Monkeysphere server admin tool. +MonkeySphere server admin tool. subcommands: update-users (s) [USER]... update users authorized_keys files gen-key (g) generate gpg key for the server publish-key (p) publish server key to keyserver trust-keys (t) KEYID... mark keyids as trusted - update-user-userids (u) USER UID... add/update userids for a user + update-user-userids (u) USER UID... add/update user IDs for a user + remove-user-userids (r) USER UID... remove user IDs for a user help (h,?) this help EOF @@ -70,7 +71,7 @@ EOF ) fi - log "The following key parameters will be used:" + echo "The following key parameters will be used:" echo "$keyParameters" read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} @@ -90,25 +91,10 @@ EOF EOF ) - echo "generating server key..." + log "generating server key..." echo "$keyParameters" | gpg --batch --gen-key } -# publish server key to keyserver -publish_key() { - read -p "publish key to $KEYSERVER? [Y|n]: " OK; OK=${OK:=Y} - if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." - fi - - keyID=$(gpg --list-key --with-colons ="$USERID" 2> /dev/null | grep '^pub:' | cut -d: -f5) - - # dummy command so as not to publish fakes keys during testing - # eventually: - #gpg --send-keys --keyserver "$KEYSERVER" "$keyID" - echo "NOT PUBLISHED: gpg --send-keys --keyserver $KEYSERVER $keyID" -} - ######################################################################## # MAIN ######################################################################## @@ -136,7 +122,7 @@ export GNUPGHOME mkdir -p -m 0700 "$GNUPGHOME" case $COMMAND in - 'update-users'|'s') + 'update-users'|'update-user'|'s') if [ "$1" ] ; then unames="$@" else @@ -148,13 +134,17 @@ case $COMMAND in log "----- user: $uname -----" + # set variables for the user AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys cacheDir="$CACHE"/"$uname"/user_keys - # make sure authorized_user_ids file exists + # make sure user's authorized_user_ids file exists + touch "$AUTHORIZED_USER_IDS" + + # skip if the user's authorized_user_ids file is empty if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then - log "authorized_user_ids file for '$uname' is empty or does not exist." + log "authorized_user_ids file for '$uname' is empty." continue fi @@ -176,19 +166,21 @@ case $COMMAND in ;; 'publish-key'|'p') - publish_key + publish_server_key ;; - 'trust-keys'|'t') + 'trust-keys'|'trust-key'|'t') if [ -z "$1" ] ; then failure "you must specify at least one key to trust." fi + + # process key IDs for keyID ; do trust_key "$keyID" done ;; - 'update-user-userids'|'u') + 'update-user-userids'|'update-user-userid'|'u') uname="$1" shift if [ -z "$uname" ] ; then @@ -197,11 +189,46 @@ case $COMMAND in if [ -z "$1" ] ; then failure "you must specify at least one userid." fi + + # set variables for the user AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" cacheDir="$CACHE"/"$uname"/user_keys + + # make sure user's authorized_user_ids file exists + touch "$AUTHORIZED_USER_IDS" + + # process the user IDs for userID ; do update_userid "$userID" "$cacheDir" done + + log "run the following to update user's authorized_keys file:" + log "$PGRM update-users $uname" + ;; + + 'remove-user-userids'|'remove-user-userid'|'r') + uname="$1" + shift + if [ -z "$uname" ] ; then + failure "you must specify user." + fi + if [ -z "$1" ] ; then + failure "you must specify at least one userid." + fi + + # set variables for the user + AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname" + + # make sure user's authorized_user_ids file exists + touch "$AUTHORIZED_USER_IDS" + + # process the user IDs + for userID ; do + remove_userid "$userID" + done + + log "run the following to update user's authorized_keys file:" + log "$PGRM update-users $uname" ;; 'help'|'h'|'?') @@ -210,6 +237,6 @@ case $COMMAND in *) failure "Unknown command: '$COMMAND' -Type 'cereal-admin help' for usage." +Type '$PGRM help' for usage." ;; esac |