X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=fe92960472b6b114fea610238084c5755c609ba4;hb=511037b79827cf016010ae2d8b7afc285d675442;hp=36ecf9335b7b5732ad2e4cf266e112bd3ea9f117;hpb=d23689f462039cb7f6fd8e3e5daee9bd08f6e5a3;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 36ecf93..fe92960 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -3,7 +3,7 @@ # monkeysphere: Monkeysphere client tool # # The monkeysphere scripts are written by: -# Jameson Rollins +# Jameson Rollins # Jamie McClelland # Daniel Kahn Gillmor # Micah Anderson @@ -48,9 +48,9 @@ subcommands: ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent - sshfpr (f) KEYID output ssh fingerprint of gpg key - keys-from-userid (u) USERID output valid keys for user id literal + keys-for-userid (u) USERID output valid keys for given user ids + sshfprs-for-userid USERID output ssh fingerprints for given user ids gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) @@ -68,13 +68,13 @@ gpg_user() { # output the ssh fingerprint of a gpg key gpg_ssh_fingerprint() { keyid="$1" - local tmpfile=$(mktemp) + local tmpfile=$(msmktempfile) # trap to remove tmp file if break trap "rm -f $tmpfile" EXIT # use temporary file, since ssh-keygen won't accept keys on stdin - gpg_user --export "$keyid" | openpgp2ssh "$keyid" >"$tmpfile" + gpg_user --export "$keyid" --no-armor | openpgp2ssh "$keyid" >"$tmpfile" ssh-keygen -l -f "$tmpfile" | awk '{ print $1, $2, $4 }' # remove the tmp file @@ -146,7 +146,7 @@ check_gpg_authentication_subkey() { # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then echo "A valid authentication key already exists for primary key '$keyID'." 1>&2 - if [ "$PROMPT" = "true" ] ; then + if [ "$PROMPT" != "false" ] ; then printf "Are you sure you would like to generate another one? (y/N) " >&2 read OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then @@ -217,9 +217,13 @@ mkdir -p -m 0700 "$GNUPGHOME" export LOG_LEVEL export LOG_PREFIX +if [ "$#" -eq 0 ] ; then + usage + failure "Please supply a subcommand." +fi + # get subcommand COMMAND="$1" -[ "$COMMAND" ] || (usage; exit 1) shift case $COMMAND in @@ -247,7 +251,7 @@ case $COMMAND in process_authorized_user_ids "$AUTHORIZED_USER_IDS" ;; - 'import-subkey'|'i') + 'import-subkey'|'import'|'i') source "${MSHAREDIR}/import_subkey" import_subkey "$@" ;; @@ -267,12 +271,35 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; - 'sshfpr'|'f') + 'sshfpr') + echo "Warning: 'sshfpr' is deprecated. Please use 'sshfprs-for-userid' instead." >&2 gpg_ssh_fingerprint "$@" ;; - 'keys-from-userid'|'u') - keys_from_userid "$@" + 'keys-for-userid'|'u') + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keys_for_userid "$@" + ;; + + 'sshfprs-for-userid') + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keytmpdir=$(msmktempdir) + # use a file named " " to avoid arbitrary non-whitespace text + # in the fingerprint output + keytmpfile="$keytmpdir/ " + cd "$keytmpdir" + keys_for_userid "$@" | while read KEYLINE ; do + printf '%s\n' "$KEYLINE" > "$keytmpdir/ " + ssh-keygen -l -f ' ' + done + rm -f "$keytmpfile" + rmdir "$keytmpdir" + ;; + + 'keys-from-userid') + echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 + CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} + keys_for_userid "$@" ;; 'version'|'--version'|'v') @@ -285,6 +312,6 @@ case $COMMAND in *) failure "Unknown command: '$COMMAND' -Type '$PGRM help' for usage." +Try '$PGRM help' for usage." ;; esac