fix bugs in ssh key export functions

[monkeysphere.git] / src / common
diff --git a/src/common b/src/common

old mode 100755 (executable)

new mode 100644 (file)

index ff6ba59..8b0f41a
--- a/src/common
+++ b/src/common
@@ -14,8 +14,8 @@
  # managed directories
  ETC="/etc/monkeysphere"
  export ETC
-LIB="/var/lib/monkeysphere"
-export LIB 
+CACHE="/var/cache/monkeysphere"
+export CACHE
  ########################################################################
  
  failure() {
@@ -82,27 +82,36 @@ unescape() {
      echo "$1" | sed 's/\\x3a/:/'
  }
  
-# stand in until we get dkg's gpg2ssh program
-gpg2ssh_tmp() {
+# convert key from gpg to ssh known_hosts format
+gpg2known_hosts() {
      local keyID
-    local userID
      local host
  
      keyID="$1"
-    userID="$2"
-
-    if [ "$MODE" = 'authorized_keys' ] ; then
-       gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere userID: ${userID}/"
+    host=$(echo "$2" | sed -e "s|ssh://||")
  
      # NOTE: it seems that ssh-keygen -R removes all comment fields from
      # all lines in the known_hosts file.  why?
      # NOTE: just in case, the COMMENT can be matched with the
      # following regexp:
      # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
-    elif [ "$MODE" = 'known_hosts' ] ; then
-       host=$(echo "$userID" | sed -e "s|ssh://||")
-       echo -n "$host "; gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere${DATE}/"
-    fi
+    echo -n "$host "
+    gpg --export "$keyID" | \
+       openpgp2ssh "$keyID" | tr -d '\n'
+    echo " MonkeySphere${DATE}"
+}
+
+# convert key from gpg to ssh authorized_keys format
+gpg2authorized_keys() {
+    local keyID
+    local userID
+
+    keyID="$1"
+    userID="$2"
+
+    gpg --export "$keyID" | \
+       openpgp2ssh "$keyID" | tr -d '\n'
+    echo " MonkeySphere${DATE}:${userID}"
  }
  
  # userid and key policy checking
@@ -235,15 +244,21 @@ process_user_id() {
         for keyID in ${keyIDs[@]} ; do
             loge "  acceptable key/uid found."
  
-           # export the key with gpg2ssh
-            # FIXME: needs to apply extra options for authorized_keys
-           # lines if specified
-           gpg2ssh_tmp "$keyID" "$userID" >> "$cacheDir"/"$userIDHash"."$pubKeyID"
-
-           # hash the cache file if specified
-           if [ "$MODE" = 'known_hosts' -a "$HASH_KNOWN_HOSTS" ] ; then
-               ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
-               rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+           if [ "$MODE" = 'known_hosts' ] ; then
+               # export the key
+               gpg2known_hosts "$keyID" "$userID" >> \
+                   "$cacheDir"/"$userIDHash"."$pubKeyID"
+               # hash the cache file if specified
+               if [ "$HASH_KNOWN_HOSTS" ] ; then
+                   ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
+                   rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+               fi
+           elif [ "$MODE" = 'authorized_keys' ] ; then
+               # export the key
+                # FIXME: needs to apply extra options for authorized_keys
+               # lines if specified
+               gpg2authorized_keys "$keyID" "$userID" >> \
+                   "$cacheDir"/"$userIDHash"."$pubKeyID"
             fi
         done
      fi
@@ -297,13 +312,13 @@ process_known_hosts() {
  # update an authorized_keys file after first processing the 
  # authorized_user_ids file
  update_authorized_keys() {
-    local cacheDir
      local msAuthorizedKeys
      local userAuthorizedKeys
+    local cacheDir
  
-    cacheDir="$1"
-    msAuthorizedKeys="$2"
-    userAuthorizedKeys="$3"
+    msAuthorizedKeys="$1"
+    userAuthorizedKeys="$2"
+    cacheDir="$3"
  
      process_authorized_ids "$AUTHORIZED_USER_IDS" "$cacheDir"