summaryrefslogtreecommitdiff
path: root/src/subcommands/mh/revoke-hostname
blob: b519cf66a93bf6ef041cd39f2e2593540b76d298 (plain) 
    

  1. # -*-shell-script-*-
    2. 

  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
    3. 

  3. 

  4. # Monkeysphere host revoke-hostname subcommand
    5. 

  5. #
    6. 

  6. # The monkeysphere scripts are written by:
    7. 

  7. # Jameson Rollins <jrollins@finestructure.net>
    8. 

  8. # Jamie McClelland <jm@mayfirst.org>
    9. 

  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. #
    11. 

  11. # They are Copyright 2008-2009, and are all released under the GPL,
    12. 

  12. # version 3 or later.
    13. 

  13. 

  14. # revoke hostname user ID from host key
    15. 

  15. 

  16. revoke_hostname() {
    17. 

  17. 

  18. local userID
    19. 

  19. local fingerprint
    20. 

  20. local tmpuidMatch
    21. 

  21. local line
    22. 

  22. local uidIndex
    23. 

  23. local message
    24. 

  24. local revuidCommand
    25. 

  25. 

  26. if [ -z "$1" ] ; then
    27. 

  27.     failure "You must specify a hostname to revoke."
    28. 

  28. fi
    29. 

  29. 

  30. echo "WARNING: There is a known bug in this function."
    31. 

  31. echo "This function has been known to occasionally revoke the wrong user ID."
    32. 

  32. echo "Please see the following bug report for more information:"
    33. 

  33. echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
    34. 

  34. read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
    35. 

  35. if [ ${OK/y/Y} != 'Y' ] ; then
    36. 

  36.     failure "aborting."
    37. 

  37. fi
    38. 

  38. 

  39. userID="ssh://${1}"
    40. 

  40. 

  41. fingerprint=$(fingerprint_server_key)
    42. 

  42. 

  43. # match to only ultimately trusted user IDs
    44. 

  44. tmpuidMatch="u:$(echo $userID | gpg_escape)"
    45. 

  45. 

  46. # find the index of the requsted user ID
    47. 

  47. # NOTE: this is based on circumstantial evidence that the order of
    48. 

  48. # this output is the appropriate index
    49. 

  49. if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
    50. 

  50.     | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
    51. 

  51.     uidIndex=${line%%:*}
    52. 

  52. else
    53. 

  53.     failure "No non-revoked user ID '$userID' is found."
    54. 

  54. fi
    55. 

  55. 

  56. echo "The following host key user ID will be revoked:"
    57. 

  57. echo "  $userID"
    58. 

  58. read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
    59. 

  59. if [ ${OK/y/Y} != 'Y' ] ; then
    60. 

  60.     failure "User ID not revoked."
    61. 

  61. fi
    62. 

  62. 

  63. message="Hostname removed by monkeysphere-server $DATE"
    64. 

  64. 

  65. # edit-key script command to revoke user ID
    66. 

  66. revuidCommand=$(cat <<EOF
    67. 

  67. $uidIndex
    68. 

  68. revuid
    69. 

  69. y
    70. 

  70. 4
    71. 

  71. $message
    72. 

  72. 

  73. y
    74. 

  74. save
    75. 

  75. EOF
    76. 

  76.     )   
    77. 

  77. 

  78. # execute edit-key script
    79. 

  79. if echo "$revuidCommand" | \
    80. 

  80.     gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
    81. 

  81. 

  82.     show_key
    83. 

  83. 

  84.     echo
    85. 

  85.     echo "NOTE: User ID revoked, but revocation not published."
    86. 

  86.     echo "Run '$PGRM publish-key' to publish the revocation."
    87. 

  87. else
    88. 

  88.     failure "Problem revoking user ID."
    89. 

  89. fi
    90. 

  90. 

  91. }
    92.
generated by cgit v1.2.3 (git 2.46.0) at 2024-12-26 03:31:13 +0000