X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=59cb3d6ac45764e255fa1135f2eecdee24ca5541;hb=b7a13e19393e347ba66196a49e972d722d7d4780;hp=2ca36365d19e43615010899c3bcc4c58a8dfa080;hpb=3c65d3d8ce819bc94cce81724f0374765e405906;p=monkeysphere.git

diff --git a/src/monkeysphere b/src/monkeysphere
index 2ca3636..59cb3d6 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -4,6 +4,8 @@
 #
 # The monkeysphere scripts are written by:
 # Jameson Rollins <jrollins@fifthhorseman.net>
+# Jamie McClelland <jm@mayfirst.org>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
 # They are Copyright 2008, and are all released under the GPL, version 3
 # or later.
@@ -32,7 +34,7 @@ umask 077
 ########################################################################
 
 usage() {
-    cat <<EOF
+    cat <<EOF >&2
 usage: $PGRM <subcommand> [options] [args]
 MonkeySphere client tool.
 
@@ -91,7 +93,7 @@ gen_subkey(){
 
     if [ -z "$1" ] ; then
 	# find all secret keys
-	keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
+	keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u)
 	# if multiple sec keys exist, fail
 	if (( $(echo "$keyID" | wc -l) > 1 )) ; then
 	    echo "Multiple secret keys found:"
@@ -113,7 +115,7 @@ key before joining the monkeysphere. You can do this with:
 
     # fail if multiple sec lines are returned, which means the id
     # given is not unique
-    if [ $(echo "$gpgOut" | grep '^sec:' | wc -l) -gt '1' ] ; then
+    if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then
 	failure "Key ID '$keyID' is not unique."
     fi
 
@@ -128,25 +130,7 @@ key before joining the monkeysphere. You can do this with:
 
     # set subkey defaults
     # prompt about key expiration if not specified
-    if [ -z "$keyExpire" ] ; then
-	cat <<EOF
-Please specify how long the key should be valid.
-         0 = key does not expire
-      <n>  = key expires in n days
-      <n>w = key expires in n weeks
-      <n>m = key expires in n months
-      <n>y = key expires in n years
-EOF
-	while [ -z "$keyExpire" ] ; do
-	    read -p "Key is valid for? (0) " keyExpire
-	    if ! test_gpg_expire ${keyExpire:=0} ; then
-		echo "invalid value"
-		unset keyExpire
-	    fi
-	done
-    elif ! test_gpg_expire "$keyExpire" ; then
-	failure "invalid key expiration value '$keyExpire'."
-    fi
+    keyExpire=$(get_gpg_expiration "$keyExpire")
 
     # generate the list of commands that will be passed to edit-key
     editCommands=$(cat <<EOF
@@ -162,7 +146,7 @@ save
 EOF
 )
 
-    log "generating subkey..."
+    log verbose "generating subkey..."
     fifoDir=$(mktemp -d)
     (umask 077 && mkfifo "$fifoDir/pass")
     echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
@@ -171,19 +155,28 @@ EOF
 
     rm -rf "$fifoDir"
     wait
-    log "done."
+    log verbose "done."
 }
 
 function subkey_to_ssh_agent() {
     # try to add all authentication subkeys to the agent:
 
-    local authsubkeys
+    local sshaddresponse
     local secretkeys
-    local subkey
+    local authsubkeys
     local workingdir
-    local kname
-    local sshaddresponse
     local keysuccess
+    local subkey
+    local publine
+    local kname
+
+    if ! test_gnu_dummy_s2k_extension ; then
+	failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
+You may want to consider patching or upgrading.
+
+For more details, see:
+ http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html"
+    fi
 
     # if there's no agent running, don't bother:
     if [ -z "$SSH_AUTH_SOCK" ] || ! which ssh-add >/dev/null ; then
@@ -199,28 +192,24 @@ function subkey_to_ssh_agent() {
     fi
     
     # get list of secret keys (to work around https://bugs.g10code.com/gnupg/issue945):
-    secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }')
+    secretkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint | \
+	grep '^fpr:' | cut -f10 -d: | awk '{ print "0x" $1 "!" }')
 
     if [ -z "$secretkeys" ]; then
 	failure "You have no secret keys in your keyring!
-You might want to 'gpg --gen-key'"
+You might want to run 'gpg --gen-key'."
     fi
     
-    authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode --fingerprint --fingerprint $secretkeys | cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | grep '^fpr::' | cut -f3 -d: | sort -u)
+    authsubkeys=$(gpg --list-secret-keys --with-colons --fixed-list-mode \
+	--fingerprint --fingerprint $secretkeys | \
+	cut -f1,5,10,12 -d: | grep -A1 '^ssb:[^:]*::[^:]*a[^:]*$' | \
+	grep '^fpr::' | cut -f3 -d: | sort -u)
 
     if [ -z "$authsubkeys" ]; then
 	failure "no authentication-capable subkeys available.
 You might want to 'monkeysphere gen-subkey'"
     fi
 
-    if ! test_gnu_dummy_s2k_extension ; then
-	failure "Your version of GnuTLS does not seem capable of using with gpg's exported subkeys.
-You may want to consider patching or upgrading.
-
-For more details, see:
- http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html"
-    fi
-
     workingdir=$(mktemp -d)
     umask 077
     mkfifo "$workingdir/passphrase"
@@ -238,7 +227,8 @@ For more details, see:
 
 	primaryuid=$(gpg --with-colons --list-key "0x${subkey}!" | grep '^pub:' | cut -f10 -d: | tr -d /)
 
-	kname="[monkeysphere] $primaryuid"
+	#kname="[monkeysphere] $primaryuid"
+	kname="$primaryuid"
 
 	if [ "$1" = '-d' ]; then
 	    # we're removing the subkey:
@@ -252,7 +242,7 @@ For more details, see:
 		--export-secret-subkeys "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" &
 	    (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
 
-	    passphrase_prompt "Enter passphrase for key for $primaryuid: " "$workingdir/passphrase"
+	    passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
 	    wait %2
 	fi
 	keysuccess="$?"
@@ -283,7 +273,7 @@ unset AUTHORIZED_KEYS
 [ -r "${ETC}/monkeysphere.conf" ] && . "${ETC}/monkeysphere.conf"
 
 # set monkeysphere home directory
-MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.config/monkeysphere"}
+MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.monkeysphere"}
 mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
 
 # load local config
@@ -291,6 +281,7 @@ mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
 
 # set empty config variables with ones from the environment, or from
 # config file, or with defaults
+LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
 GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:="$KEYSERVER"}
 # if keyserver not specified in env or monkeysphere.conf,
@@ -316,6 +307,7 @@ REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
 # permissions
 export GNUPGHOME
 mkdir -p -m 0700 "$GNUPGHOME"
+export LOG_LEVEL
 
 # get subcommand
 COMMAND="$1"
@@ -342,7 +334,7 @@ case $COMMAND in
 	else
 	    # exit if the known_hosts file does not exist
 	    if [ ! -e "$KNOWN_HOSTS" ] ; then
-		log "known_hosts file '$KNOWN_HOSTS' does not exist."
+		log error "known_hosts file '$KNOWN_HOSTS' does not exist."
 		exit
 	    fi
 
@@ -366,7 +358,7 @@ case $COMMAND in
 
         # exit if the authorized_user_ids file is empty
 	if [ ! -e "$AUTHORIZED_USER_IDS" ] ; then
-	    log "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist."
+	    log error "authorized_user_ids file '$AUTHORIZED_USER_IDS' does not exist."
 	    exit
 	fi