From e8ac612c4bad88172c5e80fa7e813664e536a6f8 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 23 Jun 2008 17:02:15 -0400
Subject: openpgp2ssh can now accept arbitrary-length key IDs (from the trivial
 8 hex digit key IDs to 40 hex digits of a full fingerprint).

This moves our build dependency on gnutls to 2.4.0, which includes
subkey fingerprint calculations.
---
 man/man1/openpgp2ssh.1 | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'man')

diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1
index bea1da5..6141ec5 100644
--- a/man/man1/openpgp2ssh.1
+++ b/man/man1/openpgp2ssh.1
@@ -19,11 +19,14 @@ SSH-style key on standard output.
 .Pp
 If the data on standard input contains no subkeys, you can invoke
 .Nm
-without arguments.  If the data on standard input contains
-multiple keys (e.g. a primary key and associated subkeys), you must
-specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or
-fingerprint as the first argument to indicate which key to export.
-The keyid must be exactly 16 hex characters.
+without arguments.  If the data on standard input contains multiple
+keys (e.g. a primary key and associated subkeys), you must specify a
+specific OpenPGP key identifier as the first argument to indicate
+which key to export.  The key ID is normally the 40 hex digit OpenPGP
+fingerprint of the key or subkey desired, but
+.Nm
+will accept as few as the last 8 digits of the fingerprint as a key
+ID.
 .Pp
 If the input contains an OpenPGP RSA or DSA public key, it will be
 converted to the OpenSSH-style single-line keystring, prefixed with
@@ -78,8 +81,9 @@ Secret key output is currently not passphrase-protected.
 .Nm
 currently cannot handle passphrase-protected secret keys on input.
 .Pp
-It would be nice to be able to use keyids shorter or longer than 16
-hex characters.
+Key identifiers consisting of an odd number of hex digits are not
+accepted.  Users who use a key ID with a standard length of 8, 16, or
+40 hex digits should not be affected by this.
 .Pp
 .Nm
 only acts on keys associated with the first primary key
-- 
cgit v1.2.3


From 438d1fa8881a1f8359b5e91932bf42addefbffca Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 23 Jun 2008 19:02:58 -0400
Subject: switched shortcut for monkeysphere-server update-users to "u", added
 some FIXMEs to monkeysphere-server.

---
 man/man8/monkeysphere-server.8 | 4 ++--
 src/common                     | 4 ++--
 src/monkeysphere-server        | 9 ++++++++-
 3 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'man')

diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index e821e63..f808eff 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -28,8 +28,8 @@ file are processed, and the user's authorized_keys file in
 /var/cache/monkeysphere/authorized_keys/USER.  See `man monkeysphere'
 for more info.  If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
 set, then a user-controlled authorized_keys file (usually
-~USER/.ssh/authorized_keys) is added to the authorized_keys file.  `k'
-may be used in place of `update-known_hosts'.
+~USER/.ssh/authorized_keys) is added to the authorized_keys file.  `u'
+may be used in place of `update-users.
 .TP
 .B gen-key
 Generate a gpg key for the host.  `g' may be used in place of
diff --git a/src/common b/src/common
index 9dcc5e8..9fd156b 100644
--- a/src/common
+++ b/src/common
@@ -109,7 +109,7 @@ translate_ssh_variables() {
     echo "$path"
 }
 
-### CONVERTION UTILITIES
+### CONVERSION UTILITIES
 
 # output the ssh key for a given key ID
 gpg2ssh() {
@@ -263,7 +263,7 @@ process_user_id() {
     fi
     requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
 
-    # if CHECK_KEYSERVER variable set, check the keyserver
+    # if CHECK_KEYSERVER variable set to true, check the keyserver
     # for the user ID
     if [ "$CHECK_KEYSERVER" = "true" ] ; then
 	gpg_fetch_userid "$userID"
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index b989816..11e593b 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -171,7 +171,7 @@ mkdir -p -m 0700 "$GNUPGHOME"
 mkdir -p "${CACHE}/authorized_keys"
 
 case $COMMAND in
-    'update-users'|'update-user'|'s')
+    'update-users'|'update-user'|'u')
 	if [ "$1" ] ; then
 	    # get users from command line
 	    unames="$@"
@@ -196,6 +196,9 @@ case $COMMAND in
 
 	    # skip user if authorized_user_ids file does not exist
 	    if [ ! -f "$authorizedUserIDs" ] ; then
+		#FIXME: what about a user with no authorized_user_ids
+		# file, but with an authorized_keys file when
+		# USER_CONTROLLED_AUTHORIZED_KEYS is set?
 		continue
 	    fi
 
@@ -207,6 +210,10 @@ case $COMMAND in
 	    # skip if the user's authorized_user_ids file is empty
 	    if [ ! -s "$authorizedUserIDs" ] ; then
 		log "authorized_user_ids file '$authorizedUserIDs' is empty."
+		#FIXME: what about a user with an empty
+		# authorized_user_ids file, but with an
+		# authorized_keys file when
+		# USER_CONTROLLED_AUTHORIZED_KEYS is set?
 		continue
 	    fi
 
-- 
cgit v1.2.3