Separate required key capability variables for users and hosts.

[monkeysphere.git] / src / monkeysphere

diff --git a/src/monkeysphere b/src/monkeysphere
index 69741e1c10df0aa177b9b7f903c6ccba8ad14510..ff4423ba11107365afb2343f46232baf35bf1b22 100755 (executable)
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -31,11 +31,12 @@ GREP_OPTIONS=
 usage() {
 cat <<EOF
 usage: $PGRM <subcommand> [args]
-Monkeysphere client tool.
+MonkeySphere client tool.
 
 subcommands:
   update-known_hosts (k) [HOST]...  update known_hosts file
-  update-userids (u) [USERID]...    add/update userid
+  update-userids (u) [USERID]...    add/update user IDs
+  remove-userids (r) [USERID]...    remove user IDs
   update-authorized_keys (a)        update authorized_keys file
   gen-ae-subkey (g) KEYID           generate an 'ae' capable subkey
   help (h,?)                        this help
@@ -117,7 +118,8 @@ MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"}
 AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
 GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
-REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
+REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
+REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
 USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
 HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
@@ -136,6 +138,7 @@ mkdir -p -m 0700 "$GNUPGHOME"
 mkdir -p -m 0700 "$MS_HOME"
 mkdir -p "$hostKeysCacheDir"
 mkdir -p "$userKeysCacheDir"
+touch "$AUTHORIZED_USER_IDS"
 
 case $COMMAND in
     'update-known_hosts'|'update-known-hosts'|'k')
@@ -163,12 +166,34 @@ case $COMMAND in
        fi
        ;;
 
+    'update-userids'|'update-userid'|'u')
+       if [ -z "$1" ] ; then
+           failure "you must specify at least one userid."
+       fi
+       for userID ; do
+           update_userid "$userID" "$userKeysCacheDir"
+       done
+       log "run the following to update your monkeysphere authorized_keys file:"
+       log "$PGRM update-authorized_keys"
+       ;;
+
+    'remove-userids'|'remove-userid'|'r')
+       if [ -z "$1" ] ; then
+           failure "you must specify at least one userid."
+       fi
+       for userID ; do
+           remove_userid "$userID"
+       done
+       log "run the following to update your monkeysphere authorized_keys file:"
+       log "$PGRM update-authorized_keys"
+       ;;
+
     'update-authorized_keys'|'update-authorized-keys'|'a')
        MODE='authorized_keys'
 
-        # make sure authorized_user_ids file exists
+        # fail if the authorized_user_ids file is empty
        if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
-           failure "authorized_user_ids file is empty or does not exist."
+           failure "$AUTHORIZED_USER_IDS is empty."
        fi
 
        # set user-controlled authorized_keys file path
@@ -178,15 +203,6 @@ case $COMMAND in
        update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir"
        ;;
 
-    'update-userids'|'u')
-       if [ -z "$1" ] ; then
-           failure "you must specify at least one userid."
-       fi
-       for userID ; do
-           update_userid "$userID" "$userKeysCacheDir"
-       done
-       ;;
-
     'gen-ae-subkey'|'g')
        keyID="$1"
        if [ -z "$keyID" ] ; then
@@ -201,6 +217,6 @@ case $COMMAND in
 
     *)
         failure "Unknown command: '$COMMAND'
-Type 'cereal-admin help' for usage."
+Type '$PGRM help' for usage."
         ;;
 esac