X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fcommon;h=914c800a24d6d3471fc2f2eaaa477a47d085b5d2;hb=03cc847e6fc901ab4c1920324910126158655e37;hp=8643080f595a67aee3f6e46aa1e4922a8a9bc2e6;hpb=4793624c65673268128fb0146cd9bd1b3cfeb6c4;p=monkeysphere.git

diff --git a/src/common b/src/common
old mode 100755
new mode 100644
index 8643080..914c800
--- a/src/common
+++ b/src/common
@@ -14,8 +14,8 @@
 # managed directories
 ETC="/etc/monkeysphere"
 export ETC
-LIB="/var/lib/monkeysphere"
-export LIB 
+CACHE="/var/cache/monkeysphere"
+export CACHE
 ########################################################################
 
 failure() {
@@ -82,27 +82,36 @@ unescape() {
     echo "$1" | sed 's/\\x3a/:/'
 }
 
-# stand in until we get dkg's gpg2ssh program
-gpg2ssh_tmp() {
+# convert key from gpg to ssh known_hosts format
+gpg2known_hosts() {
     local keyID
-    local userID
     local host
 
-    keyID="$2"
-    userID="$3"
-
-    if [ "$mode" = 'authorized_keys' ] ; then
-	gpgkey2ssh "$keyID" | sed -e "s/COMMENT/${userID}/"
+    keyID="$1"
+    host=$(echo "$2" | sed -e "s|ssh://||")
 
     # NOTE: it seems that ssh-keygen -R removes all comment fields from
     # all lines in the known_hosts file.  why?
     # NOTE: just in case, the COMMENT can be matched with the
     # following regexp:
     # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
-    elif [ "$MODE" = 'known_hosts' ] ; then
-	host=$(echo "$userID" | sed -e "s|ssh://||")
-	echo -n "$host "; gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere${DATE}/"
-    fi
+    echo -n "$host "
+    gpg --export "$keyID" | \
+	openpgp2ssh "$keyID" | tr -d '\n'
+    echo "MonkeySphere${DATE}"
+}
+
+# convert key from gpg to ssh authorized_keys format
+gpg2authorized_keys() {
+    local keyID
+    local userID
+
+    keyID="$1"
+    userID="$2"
+
+    echo -n "MonkeySphere${DATE}:${userID}"
+    gpg --export "$keyID" | \
+	openpgp2ssh "$keyID"
 }
 
 # userid and key policy checking
@@ -235,15 +244,21 @@ process_user_id() {
 	for keyID in ${keyIDs[@]} ; do
 	    loge "  acceptable key/uid found."
 
-	    # export the key with gpg2ssh
-            # FIXME: needs to apply extra options for authorized_keys
-	    # lines if specified
-	    gpg2ssh_tmp "$keyID" "$userID" >> "$cacheDir"/"$userIDHash"."$pubKeyID"
-
-	    # hash the cache file if specified
-	    if [ "$MODE" = 'known_hosts' -a "$HASH_KNOWN_HOSTS" ] ; then
-		ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
-		rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+	    if [ "$MODE" = 'known_hosts' ] ; then
+		# export the key
+		gpg2known_hosts "$keyID" "$userID" >> \
+		    "$cacheDir"/"$userIDHash"."$pubKeyID"
+		# hash the cache file if specified
+		if [ "$HASH_KNOWN_HOSTS" ] ; then
+		    ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
+		    rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+		fi
+	    elif [ "$MODE" = 'authorized_keys' ] ; then
+		# export the key
+                # FIXME: needs to apply extra options for authorized_keys
+	        # lines if specified
+		gpg2authorized_keys "$keyID" "$userID" >> \
+		    "$cacheDir"/"$userIDHash"."$pubKeyID"
 	    fi
 	done
     fi
@@ -294,10 +309,65 @@ process_known_hosts() {
     done
 }
 
-# process authorized_keys file
+# update an authorized_keys file after first processing the 
+# authorized_user_ids file
+update_authorized_keys() {
+    local msAuthorizedKeys
+    local userAuthorizedKeys
+    local cacheDir
+
+    msAuthorizedKeys="$1"
+    userAuthorizedKeys="$2"
+    cacheDir="$3"
+
+    process_authorized_ids "$AUTHORIZED_USER_IDS" "$cacheDir"
+
+    # write output key file
+    log "writing monkeysphere authorized_keys file... "
+    touch "$msAuthorizedKeys"
+    if [ "$(ls "$cacheDir")" ] ; then
+	log -n "adding gpg keys... "
+	cat "$cacheDir"/* > "$msAuthorizedKeys"
+	echo "done."
+    else
+	log "no gpg keys to add."
+    fi
+    if [ "$userAuthorizedKeys" -a -s "$userAuthorizedKeys" ] ; then
+	log -n "adding user authorized_keys file... "
+	cat "$userAuthorizedKeys" >> "$msAuthorizedKeys"
+	echo "done."
+    fi
+    log "monkeysphere authorized_keys file generated: $msAuthorizedKeys"
+}
+
+# process an authorized_*_ids file
+# go through line-by-line, extract each userid, and process
+process_authorized_ids() {
+    local authorizedIDs
+    local cacheDir
+    local userID
+
+    authorizedIDs="$1"
+    cacheDir="$2"
+
+    # clean out keys file and remake keys directory
+    rm -rf "$cacheDir"
+    mkdir -p "$cacheDir"
+
+    # loop through all user ids in file
+    # FIXME: needs to handle authorized_keys options
+    cat "$authorizedIDs" | meat | \
+    while read -r userID ; do
+	# process the userid
+	log "processing userid: '$userID'"
+	process_user_id "$userID" "$cacheDir" > /dev/null
+    done
+}
+
+# EXPERIMENTAL (unused) process userids found in authorized_keys file
 # go through line-by-line, extract monkeysphere userids from comment
 # fields, and process each userid
-process_authorized_keys() {
+process_userids_from_authorized_keys() {
     local authorizedKeys
     local cacheDir
     local userID
@@ -328,26 +398,42 @@ process_authorized_keys() {
     done
 }
 
-# process an authorized_*_ids file
-# go through line-by-line, extract each userid, and process
-process_authorized_ids() {
-    local authorizedIDs
-    local cacheDir
+# update the cache for userid, and prompt to add file to
+# authorized_user_ids file if the userid is found in gpg
+# and not already in file.
+update_userid() {
     local userID
+    local cacheDir
+    local userIDKeyCache
 
-    authorizedIDs="$1"
+    userID="$1"
     cacheDir="$2"
 
-    # clean out keys file and remake keys directory
-    rm -rf "$cacheDir"
-    mkdir -p "$cacheDir"
+    log "processing userid: '$userID'"
+    userIDKeyCache=$(process_user_id "$userID" "$cacheDir")
+    if [ -z "$userIDKeyCache" ] ; then
+	return 1
+    fi
+    if ! grep -q "^${userID}\$" "$AUTHORIZED_USER_IDS" ; then
+	echo "the following userid is not in the authorized_user_ids file:"
+	echo "  $userID"
+	read -p "would you like to add? [Y|n]: " OK; OK=${OK:=Y}
+	if [ ${OK/y/Y} = 'Y' ] ; then
+	    log -n "  adding userid to authorized_user_ids file... "
+	    echo "$userID" >> "$AUTHORIZED_USER_IDS"
+	    echo "done."
+	fi
+    fi
+}
 
-    # loop through all user ids in file
-    # FIXME: needs to handle authorized_keys options
-    cat "$authorizedIDs" | meat | \
-    while read -r userID ; do
-	# process the userid
-	log "processing userid: '$userID'"
-	process_user_id "$userID" "$cacheDir" > /dev/null
-    done
+# retrieve key from web of trust, and set owner trust to "full"
+# if key is found.
+trust_key() {
+    # get the key from the key server
+    gpg --keyserver "$KEYSERVER" --recv-key "$keyID" || failure "could not retrieve key '$keyID'"
+
+    # edit the key to change trust
+    # FIXME: need to figure out how to automate this,
+    # in a batch mode or something.
+    gpg --edit-key "$keyID"
 }