+ failure "key not published."
+ fi
+
+ # find the key fingerprint
+ fingerprint=$(fingerprint_server_key)
+
+ # publish host key
+ gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
+}
+
+
+diagnostics() {
+# * check on the status and validity of the key and public certificates
+ local seckey
+ local keysfound
+ local curdate
+ local warnwindow
+ local warndate
+ local create
+ local expire
+ local uid
+ local fingerprint
+ local badhostkeys
+ local sshd_config
+ local problemsfound=0
+
+ # FIXME: what's the correct, cross-platform answer?
+ sshd_config=/etc/ssh/sshd_config
+ seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
+ keysfound=$(echo "$seckey" | grep -c ^sec:)
+ curdate=$(date +%s)
+ # warn when anything is 2 months away from expiration
+ warnwindow='2 months'
+ warndate=$(advance_date $warnwindow +%s)
+
+ if ! id monkeysphere >/dev/null ; then
+ echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell."
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ if ! [ -d "$SYSDATADIR" ] ; then
+ echo "! no $SYSDATADIR directory found. Please create it."
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ echo "Checking host GPG key..."
+ if (( "$keysfound" < 1 )); then
+ echo "! No host key found."
+ echo " - Recommendation: run 'monkeysphere-server gen-key'"
+ problemsfound=$(($problemsfound+1))
+ elif (( "$keysfound" > 1 )); then
+ echo "! More than one host key found?"
+ # FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
+ else
+ create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
+ expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
+ fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:)
+ # check for key expiration:
+ if [ "$expire" ]; then
+ if (( "$expire" < "$curdate" )); then
+ echo "! Host key is expired."
+ echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
+ elif (( "$expire" < "$warndate" )); then
+ echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+ echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ problemsfound=$(($problemsfound+1))
+ fi
+ fi
+
+ # and weirdnesses:
+ if [ "$create" ] && (( "$create" > "$curdate" )); then
+ echo "! Host key was created in the future(?!). Is your clock correct?"
+ echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ # check for UserID expiration:
+ echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
+ while IFS=: read create expire uid ; do
+ # FIXME: should we be doing any checking on the form
+ # of the User ID? Should we be unmangling it somehow?
+
+ if [ "$create" ] && (( "$create" > "$curdate" )); then
+ echo "! User ID '$uid' was created in the future(?!). Is your clock correct?"
+ echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
+ problemsfound=$(($problemsfound+1))
+ fi
+ if [ "$expire" ] ; then
+ if (( "$expire" < "$curdate" )); then
+ echo "! User ID '$uid' is expired."
+ # FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
+ elif (( "$expire" < "$warndate" )); then
+ echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+ # FIXME: recommend a way to resolve this
+ problemsfound=$(($problemsfound+1))
+ fi
+ fi
+ done
+
+# FIXME: verify that the host key is properly published to the
+# keyservers (do this with the non-privileged user)
+
+# FIXME: check that there are valid, non-expired certifying signatures
+# attached to the host key after fetching from the public keyserver
+# (do this with the non-privileged user as well)
+
+# FIXME: propose adding a revoker to the host key if none exist (do we
+# have a way to do that after key generation?)
+
+ # Ensure that the ssh_host_rsa_key file is present and non-empty:
+ echo
+ echo "Checking host SSH key..."
+ if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
+ echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
+ problemsfound=$(($problemsfound+1))
+ else
+ if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
+ echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ # propose changes needed for sshd_config (if any)
+ if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
+ echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
+ echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
+ problemsfound=$(($problemsfound+1))
+ fi
+ if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
+ echo "! $sshd_config refers to some non-monkeysphere host keys:"
+ echo "$badhostkeys"
+ echo " - Recommendation: remove the above HostKey lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ # FIXME: test (with ssh-keyscan?) that the running ssh
+ # daemon is actually offering the monkeysphere host key.
+
+ fi
+ fi
+
+# FIXME: look at the ownership/privileges of the various keyrings,
+# directories housing them, etc (what should those values be? can
+# we make them as minimal as possible?)
+
+# FIXME: look to see that the ownertrust rules are set properly on the
+# authentication keyring
+
+# FIXME: make sure that at least one identity certifier exists
+
+# FIXME: look at the timestamps on the monkeysphere-generated
+# authorized_keys files -- warn if they seem out-of-date.
+
+# FIXME: check for a cronjob that updates monkeysphere-generated
+# authorized_keys?
+
+ echo
+ echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+ # Ensure that User ID authentication is enabled:
+ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
+ echo "! $sshd_config does not point to monkeysphere authorized keys."
+ echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'"
+ problemsfound=$(($problemsfound+1))
+ fi
+ if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then
+ echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
+ echo "$badauthorizedkeys"
+ echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
+ problemsfound=$(($problemsfound+1))
+ fi
+
+ if [ "$problemsfound" -gt 0 ]; then
+ echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
+ echo " monkeysphere-server diagnostics"
+ else
+ echo "Everything seems to be in order!"
+ fi
+}
+
+# retrieve key from web of trust, import it into the host keyring, and
+# ltsign the key in the host keyring so that it may certify other keys
+add_certifier() {
+ local domain
+ local trust
+ local depth
+ local keyID
+ local fingerprint
+ local ltsignCommand
+ local trustval
+
+ # set default values for trust depth and domain
+ domain=
+ trust=full
+ depth=1
+
+ # get options
+ while true ; do
+ case "$1" in
+ -n|--domain)
+ domain="$2"
+ shift 2
+ ;;
+ -t|--trust)
+ trust="$2"
+ shift 2
+ ;;
+ -d|--depth)
+ depth="$2"
+ shift 2
+ ;;
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
+ break
+ ;;
+ esac
+ done
+
+ keyID="$1"
+ if [ -z "$keyID" ] ; then
+ failure "You must specify the key ID of a key to add, or specify a file to read the key from."
+ fi
+ if [ -f "$keyID" ] ; then
+ echo "Reading key from file '$keyID':"
+ importinfo=$(gpg_authentication "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'"
+ # FIXME: if this is tried when the key database is not
+ # up-to-date, i got these errors (using set -x):
+
+# ++ su -m monkeysphere -c '\''gpg --import'\''
+# Warning: using insecure memory!
+# gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+# gpg: Total number processed: 1
+# gpg: imported: 1 (RSA: 1)
+# gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied
+# gpg: failed to rebuild keyring cache: Permission denied
+# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+# gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+# gpg: next trustdb check due at 2009-01-10'
+# + failure 'could not read key from '\''/root/dkg.gpg'\'''
+# + echo 'could not read key from '\''/root/dkg.gpg'\'''
+
+ keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ )
+ if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then
+ failure "Expected there to be a single gpg key in the file."
+ fi
+ else
+ # get the key from the key server
+ gpg_authentication "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
+ fi
+
+ export keyID
+
+
+ # get the full fingerprint of a key ID
+ fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint 0x${keyID}!" | \
+ grep '^fpr:' | grep "$keyID" | cut -d: -f10)
+
+ if [ -z "$fingerprint" ] ; then
+ failure "Key '$keyID' not found."
+ fi
+
+ echo
+ echo "key found:"
+ gpg_authentication "--fingerprint 0x${fingerprint}!"
+
+ echo "Are you sure you want to add the above key as a"
+ read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "Identity certifier not added."
+ fi
+
+ # export the key to the host keyring
+ gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import
+
+ if [ "$trust" = marginal ]; then
+ trustval=1
+ elif [ "$trust" = full ]; then
+ trustval=2
+ else
+ failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)."
+ fi
+
+ # ltsign command
+ # NOTE: *all* user IDs will be ltsigned
+ ltsignCommand=$(cat <<EOF
+ltsign
+y
+$trustval
+$depth
+$domain
+y
+save
+EOF
+ )
+
+ # ltsign the key
+ if echo "$ltsignCommand" | \
+ gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
+
+ echo
+ echo "Identity certifier added."
+ else
+ failure "Problem adding identify certifier."
+ fi
+}
+
+# delete a certifiers key from the host keyring
+remove_certifier() {
+ local keyID
+ local fingerprint
+
+ keyID="$1"
+ if [ -z "$keyID" ] ; then
+ failure "You must specify the key ID of a key to remove."