6 files changed, 98 insertions, 77 deletions

diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index d34f0de..f2cadf2 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -31,7 +31,6 @@ local domain=
 local trust=full
 local depth=1
 local keyID
-local importinfo
 local fingerprint
 local ltsignCommand
 local trustval
@@ -51,6 +50,9 @@ while true ; do
 	    depth="$2"
 	    shift 2
 	    ;;
+	-)
+	    break
+	    ;;
 	*)
 	    if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
 		failure "Unknown option '$1'.
@@ -62,67 +64,13 @@ Type '$PGRM help' for usage."
 done
 
 keyID="$1"
+
+# check that key ID or file is specified
 if [ -z "$keyID" ] ; then
     failure "You must specify the key ID of a key to add, or specify a file to read the key from."
 fi
-if [ -f "$keyID" ] ; then
-    log info "Reading key from file '$keyID':"
-    importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
-    # FIXME: if this is tried when the key database is not
-    # up-to-date, i got these errors (using set -x):
-
-    # ++ su -m monkeysphere -c '\''gpg --import'\''
-    # Warning: using insecure memory!
-    # gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
-    # gpg: Total number processed: 1
-    # gpg:               imported: 1  (RSA: 1)
-    # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied
-    # gpg: failed to rebuild keyring cache: Permission denied
-    # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
-    # gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
-    # gpg: next trustdb check due at 2009-01-10'
-    # + failure 'could not read key from '\''/root/dkg.gpg'\'''
-    # + echo 'could not read key from '\''/root/dkg.gpg'\'''
-
-    keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
-    if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
-	failure "There was not exactly one gpg key in the file."
-    fi
-else
-    # get the key from the key server
-    log debug "retrieving key from keyserver..."
-    gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
-fi
-
-export keyID
-
-# get the full fingerprint of new certifier key
-log debug "getting fingerprint of certifier key..."
-fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \
-    | grep '^fpr:' | grep "$keyID" | cut -d: -f10)
-
-if [ -z "$fingerprint" ] ; then
-    failure "Key '$keyID' not found."
-fi
-
-log info "key found:"
-gpg_sphere "--fingerprint 0x${fingerprint}!"
-
-if [ "$PROMPT" = "true" ] ; then
-    echo "Are you sure you want to add the above key as a"
-    read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N}
-    if [ "${OK/y/Y}" != 'Y' ] ; then
-	failure "Identity certifier not added."
-    fi
-else
-    log debug "adding key without prompting."
-fi
-
-# export the key to the core keyring so that the core can sign the
-# new certifier key
-log debug "exporting retrieved certifier key to core keyring..."
-gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import
 
+# check the trust value
 case "$trust" in
     'marginal')
 	trustval=1
@@ -135,6 +83,64 @@ case "$trust" in
 	;;
 esac
 
+# if file is specified
+if [ -f "$keyID" -o "$keyID" = '-' ] ; then
+    # load the key from stdin
+    if [ "$keyID" = '-' ] ; then
+	# make a temporary file to hold the key from stdin
+	keyID=$(msmktempfile)
+	trap "rm -f $keyID" EXIT
+	log verbose "reading key from stdin..."
+	cat > "$keyID"
+
+    # load the key from the file
+    elif [ -f "$keyID" ] ; then
+	log verbose "reading key from file '$keyID'..."
+    fi
+
+    # check the key is ok as monkeysphere user before loading
+    log debug "checking keys in file..."
+    fingerprint=$(su_monkeysphere_user \
+	". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID")
+
+    if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
+	failure "There was not exactly one gpg key in the file."
+    fi
+
+    # load the key
+    gpg_sphere "--import" <"$keyID" \
+	|| failure "could not read key from '$keyID'"
+
+# else, get the key from the keyserver
+else
+    log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
+    gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \
+	|| failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+
+    # get the full fingerprint of new certifier key
+    log debug "getting fingerprint of certifier key..."
+    fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \
+	| grep '^fpr:' | grep "$keyID" | cut -d: -f10)
+
+    log info "key found:"
+    gpg_sphere "--fingerprint 0x${fingerprint}!"
+
+    if [ "$PROMPT" = "true" ] ; then
+	echo "Are you sure you want to add the above key as a"
+	read -p "certifier of users on this system? (Y/n) " OK; OK=${OK:-Y}
+	if [ "${OK/y/Y}" != 'Y' ] ; then
+	    failure "Identity certifier not added."
+	fi
+    else
+	log debug "adding key without prompting."
+    fi
+fi
+
+# export the key to the core keyring so that the core can sign the
+# new certifier key
+log debug "loading key into core keyring..."
+gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import
+
 # edit-key script to ltsign key
 # NOTE: *all* user IDs will be ltsigned
 ltsignCommand=$(cat <<EOF
@@ -151,8 +157,7 @@ EOF
 # core ltsigns the newly imported certifier key
 log debug "executing core ltsign script..."
 if echo "$ltsignCommand" | \
-    gpg_core --quiet --command-fd 0 --no-tty --edit-key "0x${fingerprint}!" \
-     2>&1 | log debug ; then
+    gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then
 
     # transfer the new sigs back to the sphere keyring
     gpg_core_sphere_sig_transfer
diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics
index 0411080..ce463b2 100644
--- a/src/share/ma/diagnostics
+++ b/src/share/ma/diagnostics
@@ -28,6 +28,8 @@ local badhostkeys
 local sshd_config
 local problemsfound=0
 
+report_cruft
+
 if ! id monkeysphere >/dev/null ; then
     echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
     problemsfound=$(($problemsfound+1))
@@ -45,7 +47,10 @@ if ! [ -d "$MADATADIR" ] ; then
     exit
 fi    
 
-# FIXME: what's the correct, cross-platform answer?
+# FIXME: what's the correct, cross-platform way to determine where
+# sshd_config lives?
+sshd_config=/etc/ssh/sshd_config
+
 seckey=$(gpg_core --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
 keysfound=$(echo "$seckey" | grep -c ^sec:)
 curdate=$(date +%s)
@@ -95,7 +100,16 @@ fi
 # FIXME: look to see that the ownertrust rules are set properly on the
 #    sphere keyring
 
-# FIXME: make sure that at least one identity certifier exists
+# make sure that at least one identity certifier exists
+echo
+echo "Checking for Identity Certifiers..."
+if ! monkeysphere-authentication list-identity-certifiers | egrep -q '^[A-F0-9]{40}:' then
+    echo "! No Identity Certifiers found!"
+    echo " - Recommendation: once you know who should be able to certify identities for 
+     connecting users, you should add their key, with: 
+      monkeysphere-authentication add-identity-certifier"
+    problemsfound=$(($problemsfound+1))
+fi
 
 # FIXME: look at the timestamps on the monkeysphere-generated
 # authorized_keys files -- warn if they seem out-of-date.
diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index a02487d..38a3222 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -86,5 +86,4 @@ gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
     esac
 done
 
-
 }
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 10aa67b..a9a1451 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -27,7 +27,7 @@ fi
 gpg_core --list-key --fingerprint "0x${keyID}!" || failure
 
 if [ "$PROMPT" = "true" ] ; then
-    read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N}
+    read -p "Really remove the identity certifier above? (Y/n) " OK; OK=${OK:-Y}
     if [ "${OK/y/Y}" != 'Y' ] ; then
 	failure "Identity certifier not removed."
     fi
diff --git a/src/share/ma/setup b/src/share/ma/setup
index a17e4f2..e77afff 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -13,13 +13,18 @@
 
 setup() {
     # make all needed directories
+    log debug "checking authentication directory structure..."
     mkdir -p "${MADATADIR}"
+    chmod 0750 "${MADATADIR}"
+    chgrp "$MONKEYSPHERE_USER" "${MADATADIR}"
     mkdir -p "${MATMPDIR}"
+    chmod 0750 "${MATMPDIR}"
+    chgrp "$MONKEYSPHERE_USER" "${MATMPDIR}"
     mkdir -p "${GNUPGHOME_CORE}"
-    chmod 700 "${GNUPGHOME_CORE}"
+    chmod 0700 "${GNUPGHOME_CORE}"
     mkdir -p "${GNUPGHOME_SPHERE}"
-    chmod 700 "${GNUPGHOME_SPHERE}"
-    mkdir -p "${MADATADIR}"/authorized_keys
+    chmod 0700 "${GNUPGHOME_SPHERE}"
+    mkdir -p "${SYSDATADIR}"/authorized_keys
 
     # deliberately replace the config files via truncation
     # FIXME: should we be dumping to tmp files and then moving atomically?
@@ -29,7 +34,6 @@ setup() {
 # This file is maintained by the Monkeysphere software.
 # Edits will be overwritten.
 no-greeting
-list-options show-uid-validity
 EOF
 
     log debug "writing sphere gpg.conf..."
@@ -43,9 +47,8 @@ EOF
 
     # make sure the monkeysphere user owns everything in the sphere
     # gnupghome
-    log debuf "fixing sphere gnupg home ownership..."
-    chown -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
-    chgrp -R "$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}"
+    log debug "fixing sphere gnupg home ownership..."
+    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_USER" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
 
     # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(core_fingerprint)
@@ -59,7 +62,7 @@ EOF
 	log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
 	PEM2OPENPGP_USAGE_FLAGS=certify \
 	    PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" \
-	    | gpg_core --import 2>&1 | log debug \
+	    | gpg_core --import \
 	    || failure "Could not import new key for Monkeysphere authentication trust core"
 
 	# get fingerprint of core key.  should definitely not be empty at this point
@@ -75,17 +78,17 @@ EOF
 
     # export the core key to the sphere keyring
     log debug "exporting core pub key to sphere keyring..."
-    gpg_core --quiet --export | gpg_sphere "--quiet --import"
+    gpg_core --export | gpg_sphere "--import"
 
     # ensure that the authentication sphere checker has absolute ownertrust on the expected key.
     log debug "setting ultimate owner trust on core key in gpg_sphere..."
-    printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--quiet --import-ownertrust"
+    printf "%s:6:\n" "$CORE_FPR" | gpg_sphere "--import-ownertrust"
     gpg_sphere "--export-ownertrust" 2>&1 | log debug
 
     # check the owner trust
     log debug "checking gpg_sphere owner trust set properly..."
     local ORIG_TRUST
-    if ORIG_TRUST=$(gpg_sphere "--quiet --export-ownertrust" | grep '^[^#]') ; then
+    if ORIG_TRUST=$(gpg_sphere "--export-ownertrust" | grep '^[^#]') ; then
 	if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then
 	    failure "Monkeysphere authentication trust sphere should explicitly trust the core.  It does not have proper ownertrust settings."
 	fi
@@ -98,7 +101,7 @@ EOF
     # our preferences are reasonable (i.e. 3 marginal OR 1 fully
     # trusted certifications are sufficient to grant full validity.
     log debug "checking trust model for authentication ..."
-    local TRUST_MODEL=$(gpg_sphere "--quiet --with-colons --fixed-list-mode --list-keys" \
+    local TRUST_MODEL=$(gpg_sphere "--with-colons --fixed-list-mode --list-keys" \
 	| head -n1 | grep "^tru:" | cut -d: -f3,6,7)
     log debug "sphere trust model: $TRUST_MODEL"
     if [ "$TRUST_MODEL" != '1:3:1' ] ; then
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index e9e3cc6..092d108 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -35,7 +35,7 @@ MODE="authorized_keys"
 GNUPGHOME="$GNUPGHOME_SPHERE"
 
 # the authorized_keys directory
-authorizedKeysDir="${MADATADIR}/authorized_keys"
+authorizedKeysDir="${SYSDATADIR}/authorized_keys"
 
 # check to see if the gpg trust database has been initialized
 if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then