replaced nullmailer with postfix on george

[monkeysphere.git] / src / monkeysphere-server

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 0b63e5cefb476f637642ba46ee4bec58bb6c8600..a1844eeeba6af74cfe129836e7744d477ef54940 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -132,13 +132,13 @@ show_server_key() {
     fingerprint=$(fingerprint_server_key)
     gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
 
-    # dumping to a file named ' ' so that the ssh-keygen output
-    # doesn't claim any potentially bogus hostname(s):
-    tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
-    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+    # do some crazy "Here Strings" redirection to get the key to
+    # ssh-keygen, since it doesn't read from stdin cleanly
     echo -n "ssh fingerprint: "
-    (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
-    rm -rf "$tmpkey"
+    ssh-keygen -l -f /dev/stdin \
+       <<<$(gpg_authentication "--export $fingerprint" | \
+       openpgp2ssh "$fingerprint" 2>/dev/null) | \
+       awk '{ print $1, $2, $4 }'
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
 }
@@ -180,7 +180,7 @@ update_users() {
        log verbose "----- user: $uname -----"
 
         # make temporary directory
-        TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX)
+        TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
 
        # trap to delete temporary directory on exit
        trap "rm -rf $TMPLOC" EXIT
@@ -230,7 +230,7 @@ update_users() {
        # add user-controlled authorized_keys file if specified
        # translate ssh-style path variables
        rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
-       if [ "$rawAuthorizedKeys" ] ; then
+       if [ "$rawAuthorizedKeys" != 'none' ] ; then
            log debug "checking for raw authorized_keys..."
            if [ -s "$rawAuthorizedKeys" ] ; then
                # check permissions on the authorized_keys file path
@@ -399,7 +399,11 @@ EOF
     (umask 077 && \
        gpg_host --export-secret-key "$fingerprint" | \
        openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-    log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+    log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+    gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+    log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
 }
 
 # extend the lifetime of a host key: