diff options
Diffstat (limited to 'src/monkeysphere-server')
-rwxr-xr-x | src/monkeysphere-server | 89 |
1 files changed, 75 insertions, 14 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 023ce9b..31bce7d 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -100,17 +100,19 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } -# output key information -show_server_key() { - gpg_host --list-secret-keys --fingerprint -} - # output just key fingerprint fingerprint_server_key() { gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode | \ grep '^fpr:' | head -1 | cut -d: -f10 } +# output key information +show_server_key() { + local fingerprint + fingerprint=$(fingerprint_server_key) + gpg_host --fingerprint --list-secret-key "$fingerprint" +} + # update authorized_keys for users update_users() { if [ "$1" ] ; then @@ -371,52 +373,111 @@ EOF # add hostname user ID to server key add_hostname() { + local userID + local fingerprint + local adduidCommand + if [ -z "$1" ] ; then failure "You must specify a hostname to add." fi userID="ssh://${1}" - if [ "$(gpg_host --list-key "=${userID}")" ] ; then + if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then failure "Host userID '$userID' already exists." fi + echo "The following user ID will be added to the host key:" + echo " '$userID'" + read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "user ID not added." + fi + fingerprint=$(fingerprint_server_key) + # edit-key script command to add user ID adduidCommand=$(cat <<EOF adduid $userID -O save EOF ) - # add uid + # execute edit-key script echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint" - echo "NOTE: new host userID has not been published." - echo "Use '$PGRM publish-key' to publish these changes." + # update trust db + gpg_host --check-trustdb + + show_server_key + + # publish the key + publish_server_key } # revoke hostname user ID to server key revoke_hostname() { + local userID + local uidIndex + if [ -z "$1" ] ; then failure "You must specify a hostname to revoke." fi - failure "Sorry, not yet implemented." + userID="ssh://${1}" + + fingerprint=$(fingerprint_server_key) + + # find the index of the requsted user ID + # NOTE: this is based on circumstantial evidence that the order of + # this output is the appropriate index + uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \ + egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \ + grep "$userID" | awk '{ print $1 }') + + if [ -z "$uidIndex" ] ; then + failure "User ID '$userID' not found in host key." + fi - echo "NOTE: host userID revokation has not been published." - echo "Use '$PGRM publish-key' to publish these changes." + echo "The following user ID will be revoked from the host key:" + echo " '$userID'" + read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "user ID not revoked." + fi + + # edit-key script command to revoke user ID + revuidCommand=$(cat <<EOF +$uidIndex +revuid +y +4 + +y +save +EOF + ) + + # execute edit-key script + echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint" + + # update trust db + gpg_host --check-trustdb + + show_server_key + + # publish the key + publish_server_key } # publish server key to keyserver publish_server_key() { read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." + failure "key not published." fi # find the key fingerprint |