X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-authentication;h=4485bd4ffcdfcbbd92fd8152badaea6fd3071686;hb=770f45b0c1d72a1bb89fd98fe070a6dfdcc4c0bf;hp=bd8e54050501a7c9a08e4fe0876025a67b29933b;hpb=e4c566d5a1dd25d87d07dac1459a395321b9a5ef;p=monkeysphere.git

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index bd8e540..4485bd4 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -6,9 +6,10 @@
 # Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Micah Anderson <micah@riseup.net>
 #
-# They are Copyright 2008, and are all released under the GPL, version 3
-# or later.
+# They are Copyright 2008-2009, and are all released under the GPL,
+# version 3 or later.
 
 ########################################################################
 set -e
@@ -19,14 +20,17 @@ SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
+
 # sharedir for authentication functions
 MASHAREDIR="${SYSSHAREDIR}/ma"
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
-export SYSDATADIR
+# datadir for authentication functions
+MADATADIR="${SYSDATADIR}/authentication"
 
 # temp directory to enable atomic moves of authorized_keys files
-MATMPDIR="${SYSDATADIR}/tmp"
+MATMPDIR="${MADATADIR}/tmp"
 export MSTMPDIR
 
 # UTC date in ISO 8601 format if needed
@@ -48,6 +52,7 @@ usage: $PGRM <subcommand> [options] [args]
 Monkeysphere authentication admin tool.
 
 subcommands:
+ setup (s)                           setup monkeysphere user authentication
  update-users (u) [USER]...          update user authorized_keys files
  add-id-certifier (c+) KEYID         import and tsign a certification key
    --domain (-n) DOMAIN                limit ID certifications to DOMAIN
@@ -56,9 +61,8 @@ subcommands:
  remove-id-certifier (c-) KEYID      remove a certification key
  list-id-certifiers (c)              list certification keys
 
- expert
-  diagnostics (d)                    monkeysphere authentication status
-  gpg-cmd CMD                        execute gpg command
+ expert <expert-subcommand>          run expert command
+ expert help                         expert command help
 
  version (v)                         show version number
  help (h,?)                          this help
@@ -81,8 +85,6 @@ su_monkeysphere_user() {
 
 # function to interact with the gpg core keyring
 gpg_core() {
-    local returnCode
-
     GNUPGHOME="$GNUPGHOME_CORE"
     export GNUPGHOME
 
@@ -90,15 +92,7 @@ gpg_core() {
     # user to be able to read the host pubring.  we realize this might
     # be problematic, but it's the simplest solution, without too much
     # loss of security.
-    gpg --no-permission-warning "$@"
-    returnCode="$?"
-
-    # always reset the permissions on the host pubring so that the
-    # monkeysphere user can read the trust signatures
-    chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg"
-    chmod g+r "${GNUPGHOME_CORE}/pubring.gpg"
-    
-    return "$returnCode"
+    gpg "$@"
 }
 
 # function to interact with the gpg sphere keyring
@@ -112,6 +106,12 @@ gpg_sphere() {
     su_monkeysphere_user "gpg $@"
 }
 
+# export signatures from core to sphere
+gpg_core_sphere_sig_transfer() {
+    gpg_core --export-options export-local-sigs --export | \
+	gpg_sphere --import-options import-local-sigs --import
+}
+
 ########################################################################
 # MAIN
 ########################################################################
@@ -136,8 +136,9 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"}
-GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"}
+GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
+GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
+CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"}
 
 # export variables needed in su invocation
 export DATE
@@ -150,6 +151,7 @@ export REQUIRED_USER_KEY_CAPABILITY
 export GNUPGHOME_CORE
 export GNUPGHOME_SPHERE
 export GNUPGHOME
+export CORE_KEYLENGTH
 
 # get subcommand
 COMMAND="$1"
@@ -157,6 +159,11 @@ COMMAND="$1"
 shift
 
 case $COMMAND in
+    'setup'|'setup'|'s')
+	source "${MASHAREDIR}/setup"
+	setup "$@"
+	;;
+
     'update-users'|'update-user'|'u')
 	source "${MASHAREDIR}/update_users"
 	update_users "$@"
@@ -181,6 +188,17 @@ case $COMMAND in
 	SUBCOMMAND="$1"
 	shift
 	case "$SUBCOMMAND" in
+	    'help'|'h'|'?')
+		cat <<EOF
+usage: $PGRM expert <subcommand> [options] [args]
+
+expert subcommands:
+ diagnostics (d)                     monkeysphere authentication status
+ gpg-cmd CMD                         execute gpg command
+
+EOF
+		;;
+
 	    'diagnostics'|'d')
 		source "${MASHAREDIR}/diagnostics"
 		diagnostics