From ca88f1bccc252571c1f40ed84c40ea7ed4d7db20 Mon Sep 17 00:00:00 2001
From: Jameson Rollins <jrollins@finestructure.net>
Date: Sun, 4 Jul 2010 00:06:35 -0400
Subject: add keys-for-user subcommand to monkeysphere-authentication

This subcommand will output all valid key for a given user.  The
user's authorized_user_ids file will be read for OpenPGP user IDs, one
per line.  The ssh-formated RSA keys will be output to stdout.

Also included is a simple script that takes the user as it's one
argument and exec's this command.  This is something that would be
suitable for the proposed sshd AuthorizedKeysCommand.
---
 src/monkeysphere-authentication               |  6 ++++
 src/monkeysphere-authentication-keys-for-user |  2 ++
 src/share/ma/keys_for_user                    | 50 +++++++++++++++++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100755 src/monkeysphere-authentication-keys-for-user
 create mode 100644 src/share/ma/keys_for_user

(limited to 'src')

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 8c58645..af8c40d 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -55,6 +55,7 @@ Monkeysphere authentication admin tool.
 subcommands:
  update-users (u) [USER]...        update user authorized_keys files
  refresh-keys (r)                  refresh keys in keyring
+ keys-for-user USER                output valid keys for user
 
  add-id-certifier (c+) KEYID|FILE  import and tsign a certification key
    [--domain (-n) DOMAIN]            limit ID certifications to DOMAIN
@@ -177,6 +178,11 @@ case $COMMAND in
 	gpg_sphere "--keyserver $KEYSERVER --refresh-keys"
 	;;
 
+    'keys-for-user')
+	source "${MASHAREDIR}/keys_for_user"
+	keys_for_user "$@"
+	;;
+
     'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
 	source "${MASHAREDIR}/setup"
 	setup
diff --git a/src/monkeysphere-authentication-keys-for-user b/src/monkeysphere-authentication-keys-for-user
new file mode 100755
index 0000000..fb589ea
--- /dev/null
+++ b/src/monkeysphere-authentication-keys-for-user
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+exec monkeysphere-authentication keys-for-user "$@"
diff --git a/src/share/ma/keys_for_user b/src/share/ma/keys_for_user
new file mode 100644
index 0000000..f48d5d3
--- /dev/null
+++ b/src/share/ma/keys_for_user
@@ -0,0 +1,50 @@
+# -*-shell-script-*-
+# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
+
+# Monkeysphere authentication keys-for-user subcommand
+#
+# The monkeysphere scripts are written by:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+#
+# They are Copyright 2008-2010, and are all released under the GPL,
+# version 3 or later.
+
+# This command could be run as an sshd AuthorizedKeysCommand to
+# provide the authorized keys for a user, based on OpenPGP user id's
+# listed in the user's authorized_user_ids file.
+
+keys_for_user() {
+
+local uname
+local authorizedUserIDs
+local line
+local userIDs
+
+# get users from command line
+uname="$1"
+
+# path to authorized_user_ids file, translating ssh-style path
+# variables
+authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
+
+# exit if the authorized_user_ids file is empty
+if [ ! -s "$authorizedUserIDs" ] ; then
+    failure "authorized_user_ids file '$authorizedUserIDs' is empty or does not exist."
+fi
+
+log debug "authorized_user_ids file: $authorizedUserIDs"
+
+# check permissions on the authorized_user_ids file path
+check_key_file_permissions "$uname" "$authorizedUserIDs" || failure
+
+GNUPGHOME="$GNUPGHOME_SPHERE"
+export GNUPGHOME
+
+# extract user IDs from authorized_user_ids file
+IFS=$'\n'
+for line in $(meat "$authorizedUserIDs") ; do
+    su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid '$line'"
+done
+
+}
-- 
cgit v1.2.3