From 8a22863a92cb1df4ed265aed442166c9f1a5387d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 31 Jan 2009 20:43:23 -0500 Subject: change hyphens to underscores in function file names, for consistency with function definitions themselves --- src/subcommands/mh/add-hostname | 73 ------------------------- src/subcommands/mh/add-revoker | 21 -------- src/subcommands/mh/add_hostname | 73 +++++++++++++++++++++++++ src/subcommands/mh/add_revoker | 21 ++++++++ src/subcommands/mh/extend-key | 34 ------------ src/subcommands/mh/extend_key | 34 ++++++++++++ src/subcommands/mh/gen-key | 107 ------------------------------------- src/subcommands/mh/gen_key | 107 +++++++++++++++++++++++++++++++++++++ src/subcommands/mh/import-key | 89 ------------------------------ src/subcommands/mh/import_key | 89 ++++++++++++++++++++++++++++++ src/subcommands/mh/publish-key | 31 ----------- src/subcommands/mh/publish_key | 31 +++++++++++ src/subcommands/mh/revoke-hostname | 91 ------------------------------- src/subcommands/mh/revoke-key | 21 -------- src/subcommands/mh/revoke_hostname | 91 +++++++++++++++++++++++++++++++ src/subcommands/mh/revoke_key | 21 ++++++++ 16 files changed, 467 insertions(+), 467 deletions(-) delete mode 100644 src/subcommands/mh/add-hostname delete mode 100644 src/subcommands/mh/add-revoker create mode 100644 src/subcommands/mh/add_hostname create mode 100644 src/subcommands/mh/add_revoker delete mode 100644 src/subcommands/mh/extend-key create mode 100644 src/subcommands/mh/extend_key delete mode 100644 src/subcommands/mh/gen-key create mode 100644 src/subcommands/mh/gen_key delete mode 100644 src/subcommands/mh/import-key create mode 100644 src/subcommands/mh/import_key delete mode 100644 src/subcommands/mh/publish-key create mode 100644 src/subcommands/mh/publish_key delete mode 100644 src/subcommands/mh/revoke-hostname delete mode 100644 src/subcommands/mh/revoke-key create mode 100644 src/subcommands/mh/revoke_hostname create mode 100644 src/subcommands/mh/revoke_key (limited to 'src/subcommands/mh') diff --git a/src/subcommands/mh/add-hostname b/src/subcommands/mh/add-hostname deleted file mode 100644 index 10d5f58..0000000 --- a/src/subcommands/mh/add-hostname +++ /dev/null @@ -1,73 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host add-hostname subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# add hostname user ID to server key - -add_hostname() { - -local userID -local fingerprint -local tmpuidMatch -local line -local adduidCommand - -if [ -z "$1" ] ; then - failure "You must specify a hostname to add." -fi - -userID="ssh://${1}" - -fingerprint=$(fingerprint_server_key) - -# match to only ultimately trusted user IDs -tmpuidMatch="u:$(echo $userID | gpg_escape)" - -# find the index of the requsted user ID -# NOTE: this is based on circumstantial evidence that the order of -# this output is the appropriate index -if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ - | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then - failure "Host userID '$userID' already exists." -fi - -echo "The following user ID will be added to the host key:" -echo " $userID" -read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not added." -fi - -# edit-key script command to add user ID -adduidCommand=$(cat < -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008, and are all released under the GPL, version 3 -# or later. - -# add a revoker to the host key - -add_revoker() { - -# FIXME: implement! -failure "not implemented yet!" - -} diff --git a/src/subcommands/mh/add_hostname b/src/subcommands/mh/add_hostname new file mode 100644 index 0000000..10d5f58 --- /dev/null +++ b/src/subcommands/mh/add_hostname @@ -0,0 +1,73 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host add-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# add hostname user ID to server key + +add_hostname() { + +local userID +local fingerprint +local tmpuidMatch +local line +local adduidCommand + +if [ -z "$1" ] ; then + failure "You must specify a hostname to add." +fi + +userID="ssh://${1}" + +fingerprint=$(fingerprint_server_key) + +# match to only ultimately trusted user IDs +tmpuidMatch="u:$(echo $userID | gpg_escape)" + +# find the index of the requsted user ID +# NOTE: this is based on circumstantial evidence that the order of +# this output is the appropriate index +if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + failure "Host userID '$userID' already exists." +fi + +echo "The following user ID will be added to the host key:" +echo " $userID" +read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not added." +fi + +# edit-key script command to add user ID +adduidCommand=$(cat < +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008, and are all released under the GPL, version 3 +# or later. + +# add a revoker to the host key + +add_revoker() { + +# FIXME: implement! +failure "not implemented yet!" + +} diff --git a/src/subcommands/mh/extend-key b/src/subcommands/mh/extend-key deleted file mode 100644 index ccbaf0e..0000000 --- a/src/subcommands/mh/extend-key +++ /dev/null @@ -1,34 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host extend-key subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# extend the lifetime of a host key: - -extend_key() { - -local fpr=$(fingerprint_server_key) -local extendTo="$1" - -# get the new expiration date -extendTo=$(get_gpg_expiration "$extendTo") - -gpg_host --quiet --command-fd 0 --edit-key "$fpr" < +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# extend the lifetime of a host key: + +extend_key() { + +local fpr=$(fingerprint_server_key) +local extendTo="$1" + +# get the new expiration date +extendTo=$(get_gpg_expiration "$extendTo") + +gpg_host --quiet --command-fd 0 --edit-key "$fpr" < -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -gen_key() { - -local keyType="RSA" -local keyLength="2048" -local keyUsage="auth" -local keyExpire -local hostName=$(hostname -f) -local userID -local keyParameters -local fingerprint - -# check for presense of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_server_key >/dev/null \ - && failure "An OpenPGP host key already exists." - -# get options -while true ; do - case "$1" in - -l|--length) - keyLength="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - hostName="$1" - shift; - break - ;; - esac -done - -userID="ssh://${hostName}" - -# prompt about key expiration if not specified -keyExpire=$(get_gpg_expiration "$keyExpire") - -# set key parameters -keyParameters=\ -"Key-Type: $keyType -Key-Length: $keyLength -Key-Usage: $keyUsage -Name-Real: $userID -Expire-Date: $keyExpire" - -echo "The following key parameters will be used for the host private key:" -echo "$keyParameters" - -read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." -fi - -# add commit command -# must include blank line! -keyParameters=\ -"${keyParameters} - -%commit -%echo done" - -log verbose "generating host key..." -echo "$keyParameters" | gpg_host --batch --gen-key - -# find the key fingerprint of the newly generated key -fingerprint=$(fingerprint_server_key) - -# export host ownertrust to authentication keyring -log verbose "setting ultimate owner trust for host key..." -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" - -# translate the private key to ssh format, and export to a file -# for sshs usage. -# NOTE: assumes that the primary key is the proper key to use -(umask 077 && \ - gpg_host --export-secret-key "$fingerprint" | \ - openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") -log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" -ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" - -# show info about new key -show_key - -} diff --git a/src/subcommands/mh/gen_key b/src/subcommands/mh/gen_key new file mode 100644 index 0000000..aad213a --- /dev/null +++ b/src/subcommands/mh/gen_key @@ -0,0 +1,107 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host gen-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +gen_key() { + +local keyType="RSA" +local keyLength="2048" +local keyUsage="auth" +local keyExpire +local hostName=$(hostname -f) +local userID +local keyParameters +local fingerprint + +# check for presense of secret key +# FIXME: is this the proper test to be doing here? +fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + +# get options +while true ; do + case "$1" in + -l|--length) + keyLength="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + hostName="$1" + shift; + break + ;; + esac +done + +userID="ssh://${hostName}" + +# prompt about key expiration if not specified +keyExpire=$(get_gpg_expiration "$keyExpire") + +# set key parameters +keyParameters=\ +"Key-Type: $keyType +Key-Length: $keyLength +Key-Usage: $keyUsage +Name-Real: $userID +Expire-Date: $keyExpire" + +echo "The following key parameters will be used for the host private key:" +echo "$keyParameters" + +read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +# add commit command +# must include blank line! +keyParameters=\ +"${keyParameters} + +%commit +%echo done" + +log verbose "generating host key..." +echo "$keyParameters" | gpg_host --batch --gen-key + +# find the key fingerprint of the newly generated key +fingerprint=$(fingerprint_server_key) + +# export host ownertrust to authentication keyring +log verbose "setting ultimate owner trust for host key..." +echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + +# translate the private key to ssh format, and export to a file +# for sshs usage. +# NOTE: assumes that the primary key is the proper key to use +(umask 077 && \ + gpg_host --export-secret-key "$fingerprint" | \ + openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") +log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" +ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" +gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + +# show info about new key +show_key + +} diff --git a/src/subcommands/mh/import-key b/src/subcommands/mh/import-key deleted file mode 100644 index 386e02d..0000000 --- a/src/subcommands/mh/import-key +++ /dev/null @@ -1,89 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host import-key subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009 and are all released under the GPL, -# version 3 or later. - -import_key() { - -local hostName=$(hostname -f) -local keyFile="/etc/ssh/ssh_host_rsa_key" -local keyExpire -local userID - -# check for presense of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_server_key >/dev/null \ - && failure "An OpenPGP host key already exists." - -# get options -while true ; do - case "$1" in - -f|--keyfile) - keyFile="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - hostName="$1" - shift - ;; - break - ;; - esac -done - -if [ ! -f "$keyFile" ] ; then - failure "SSH secret key file '$keyFile' not found." -fi - -userID="ssh://${hostName}" - -# prompt about key expiration if not specified -keyExpire=$(get_gpg_expiration "$keyExpire") - -echo "The following key parameters will be used for the host private key:" -echo "Import: $keyFile" -echo "Name-Real: $userID" -echo "Expire-Date: $keyExpire" - -read -p "Import key? (Y/n) " OK; OK=${OK:=Y} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." -fi - -log verbose "importing ssh key..." -# translate ssh key to a private key -(umask 077 && \ - pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) - -# find the key fingerprint of the newly converted key -fingerprint=$(fingerprint_server_key) - -# export host ownertrust to authentication keyring -log verbose "setting ultimate owner trust for host key..." -echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" -echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" - -# export public key to file -gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" - -# show info about new key -show_key - -} diff --git a/src/subcommands/mh/import_key b/src/subcommands/mh/import_key new file mode 100644 index 0000000..386e02d --- /dev/null +++ b/src/subcommands/mh/import_key @@ -0,0 +1,89 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host import-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009 and are all released under the GPL, +# version 3 or later. + +import_key() { + +local hostName=$(hostname -f) +local keyFile="/etc/ssh/ssh_host_rsa_key" +local keyExpire +local userID + +# check for presense of secret key +# FIXME: is this the proper test to be doing here? +fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + +# get options +while true ; do + case "$1" in + -f|--keyfile) + keyFile="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + hostName="$1" + shift + ;; + break + ;; + esac +done + +if [ ! -f "$keyFile" ] ; then + failure "SSH secret key file '$keyFile' not found." +fi + +userID="ssh://${hostName}" + +# prompt about key expiration if not specified +keyExpire=$(get_gpg_expiration "$keyExpire") + +echo "The following key parameters will be used for the host private key:" +echo "Import: $keyFile" +echo "Name-Real: $userID" +echo "Expire-Date: $keyExpire" + +read -p "Import key? (Y/n) " OK; OK=${OK:=Y} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +log verbose "importing ssh key..." +# translate ssh key to a private key +(umask 077 && \ + pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) + +# find the key fingerprint of the newly converted key +fingerprint=$(fingerprint_server_key) + +# export host ownertrust to authentication keyring +log verbose "setting ultimate owner trust for host key..." +echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" +echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + +# export public key to file +gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + +# show info about new key +show_key + +} diff --git a/src/subcommands/mh/publish-key b/src/subcommands/mh/publish-key deleted file mode 100644 index b7ab01d..0000000 --- a/src/subcommands/mh/publish-key +++ /dev/null @@ -1,31 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host publish-key subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, version 3 -# or later. - -# publish server key to keyserver - -publish_key() { - -read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "key not published." -fi - -# find the key fingerprint -fingerprint=$(fingerprint_server_key) - -# publish host key -# FIXME: need to define how to do this -#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'" -echo "not published!!!" - -} diff --git a/src/subcommands/mh/publish_key b/src/subcommands/mh/publish_key new file mode 100644 index 0000000..b7ab01d --- /dev/null +++ b/src/subcommands/mh/publish_key @@ -0,0 +1,31 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host publish-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, version 3 +# or later. + +# publish server key to keyserver + +publish_key() { + +read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "key not published." +fi + +# find the key fingerprint +fingerprint=$(fingerprint_server_key) + +# publish host key +# FIXME: need to define how to do this +#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'" +echo "not published!!!" + +} diff --git a/src/subcommands/mh/revoke-hostname b/src/subcommands/mh/revoke-hostname deleted file mode 100644 index b519cf6..0000000 --- a/src/subcommands/mh/revoke-hostname +++ /dev/null @@ -1,91 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host revoke-hostname subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# revoke hostname user ID from host key - -revoke_hostname() { - -local userID -local fingerprint -local tmpuidMatch -local line -local uidIndex -local message -local revuidCommand - -if [ -z "$1" ] ; then - failure "You must specify a hostname to revoke." -fi - -echo "WARNING: There is a known bug in this function." -echo "This function has been known to occasionally revoke the wrong user ID." -echo "Please see the following bug report for more information:" -echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/" -read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." -fi - -userID="ssh://${1}" - -fingerprint=$(fingerprint_server_key) - -# match to only ultimately trusted user IDs -tmpuidMatch="u:$(echo $userID | gpg_escape)" - -# find the index of the requsted user ID -# NOTE: this is based on circumstantial evidence that the order of -# this output is the appropriate index -if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ - | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then - uidIndex=${line%%:*} -else - failure "No non-revoked user ID '$userID' is found." -fi - -echo "The following host key user ID will be revoked:" -echo " $userID" -read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "User ID not revoked." -fi - -message="Hostname removed by monkeysphere-server $DATE" - -# edit-key script command to revoke user ID -revuidCommand=$(cat < -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# revoke host key - -revoke_key() { - -# FIXME: implement! -failure "not implemented yet!" - -} diff --git a/src/subcommands/mh/revoke_hostname b/src/subcommands/mh/revoke_hostname new file mode 100644 index 0000000..b519cf6 --- /dev/null +++ b/src/subcommands/mh/revoke_hostname @@ -0,0 +1,91 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host revoke-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# revoke hostname user ID from host key + +revoke_hostname() { + +local userID +local fingerprint +local tmpuidMatch +local line +local uidIndex +local message +local revuidCommand + +if [ -z "$1" ] ; then + failure "You must specify a hostname to revoke." +fi + +echo "WARNING: There is a known bug in this function." +echo "This function has been known to occasionally revoke the wrong user ID." +echo "Please see the following bug report for more information:" +echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/" +read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +userID="ssh://${1}" + +fingerprint=$(fingerprint_server_key) + +# match to only ultimately trusted user IDs +tmpuidMatch="u:$(echo $userID | gpg_escape)" + +# find the index of the requsted user ID +# NOTE: this is based on circumstantial evidence that the order of +# this output is the appropriate index +if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + uidIndex=${line%%:*} +else + failure "No non-revoked user ID '$userID' is found." +fi + +echo "The following host key user ID will be revoked:" +echo " $userID" +read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." +fi + +message="Hostname removed by monkeysphere-server $DATE" + +# edit-key script command to revoke user ID +revuidCommand=$(cat < +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# revoke host key + +revoke_key() { + +# FIXME: implement! +failure "not implemented yet!" + +} -- cgit v1.2.3