fix location of the primary public keyring for the new reorganization

[monkeysphere.git] / src / monkeysphere-host

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 5c97aa671887eaeb45579345b699ae1ad14c34c5..1f6825662382232440d1f85edb5b5eed53febf39 100755 (executable)
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -20,11 +20,6 @@ export SYSSHAREDIR
 SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/host"}
 export SYSDATADIR
 
-# monkeysphere temp directory, in sysdatadir to enable atomic moves of
-# authorized_keys files
-MSTMPDIR="${SYSDATADIR}/tmp"
-export MSTMPDIR
-
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
 
@@ -53,15 +48,12 @@ subcommands:
  publish-key (p)                     publish server host key to keyserver
 
  expert
-  import-key (i)                     import existing ssh key to gpg
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
+  import-key (i) [NAME[:PORT]]       import existing ssh key to gpg
    --keyfile (-f) FILE                 key file to import
    --expire (-e) EXPIRE                date to expire
-  gen-key (g)                        generate gpg key for the host
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
+  gen-key (g) [NAME[:PORT]]          generate gpg key for the host
    --length (-l) BITS                  key length in bits (2048)
    --expire (-e) EXPIRE                date to expire
-   --revoker (-r) FINGERPRINT          add a revoker
   diagnostics (d)                    monkeysphere host status
 
  version (v)                         show version number
@@ -105,16 +97,6 @@ gpg_host() {
     return "$returnCode"
 }
 
-# check if user is root
-is_root() {
-    [ $(id -u 2>/dev/null) = '0' ]
-}
-
-# check that user is root, for functions that require root access
-check_user() {
-    is_root || failure "You must be root to run this command."
-}
-
 # output just key fingerprint
 fingerprint_server_key() {
     # set the pipefail option so functions fails if can't read sec key
@@ -131,6 +113,35 @@ check_host_keyring() {
        || failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-server gen-key' first."
 }
 
+# show info about the host key
+show_key() {
+    local fingerprintPGP
+    local fingerprintSSH
+    local ret=0
+
+    # FIXME: you shouldn't have to be root to see the host key fingerprint
+    if is_root ; then
+       check_host_keyring
+       fingerprintPGP=$(fingerprint_server_key)
+       gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+       echo "OpenPGP fingerprint: $fingerprintPGP"
+    else
+       log info "You must be root to see host OpenPGP fingerprint."
+       ret='1'
+    fi
+
+    if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+       fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+           awk '{ print $1, $2, $4 }')
+       echo "ssh fingerprint: $fingerprintSSH"
+    else
+       log info "SSH host key not found."
+       ret='1'
+    fi
+
+return $ret
+}
+
 ########################################################################
 # MAIN
 ########################################################################
@@ -181,37 +192,31 @@ case $COMMAND in
        ;;
 
     'extend-key'|'e')
-       check_user
        check_host_keyring
        extend_key "$@"
        ;;
 
     'add-hostname'|'add-name'|'n+')
-       check_user
        check_host_keyring
        add_hostname "$@"
        ;;
 
     'revoke-hostname'|'revoke-name'|'n-')
-       check_user
        check_host_keyring
        revoke_hostname "$@"
        ;;
 
     'add-revoker'|'o')
-       check_user
        check_host_keyring
        add_revoker "$@"
        ;;
 
     'revoke-key'|'r')
-       check_user
        check_host_keyring
        revoke_key "$@"
        ;;
 
     'publish-key'|'publish'|'p')
-       check_user
        check_host_keyring
        publish_server_key
        ;;