X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-host;h=2dc6003c6cdd7904ad413ba3789681f80afd4991;hb=d2874b94fedbe6d043d44ca3562879251e6ea10f;hp=830646a2d0c2615b98ad86b431818f5b4adc0249;hpb=53fdf9b3e431d9f3538c1b2196276492bec2fc7e;p=monkeysphere.git

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 830646a..2dc6003 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -3,27 +3,41 @@
 # monkeysphere-host: Monkeysphere host admin tool
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Micah Anderson <micah@riseup.net>
 #
-# They are Copyright 2008, and are all released under the GPL, version 3
-# or later.
+# They are Copyright 2008-2009, and are all released under the GPL,
+# version 3 or later.
 
 ########################################################################
+set -e
+
+# set the pipefail option so pipelines fail on first command failure
+set -o pipefail
+
 PGRM=$(basename $0)
 
 SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/host"}
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
 export SYSDATADIR
 
-# monkeysphere temp directory, in sysdatadir to enable atomic moves of
-# authorized_keys files
-MSTMPDIR="${SYSDATADIR}/tmp"
-export MSTMPDIR
+# sharedir for host functions
+MHSHAREDIR="${SYSSHAREDIR}/mh"
+
+# datadir for host functions
+MHDATADIR="${SYSDATADIR}/host"
+
+# temp directory for temp gnupghome directories for add_revoker
+MHTMPDIR="${MHDATADIR}/tmp"
+export MHTMPDIR
+
+# host pub key files
+HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
 
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
@@ -45,227 +59,96 @@ Monkeysphere host admin tool.
 
 subcommands:
  show-key (s)                        output all host key information
- extend-key (e) EXPIRE               extend host key expiration
+ set-expire (e) EXPIRE               set host key expiration
  add-hostname (n+) NAME[:PORT]       add hostname user ID to host key
  revoke-hostname (n-) NAME[:PORT]    revoke hostname user ID
  add-revoker (o) FINGERPRINT         add a revoker to the host key
  revoke-key (r)                      revoke host key
- publish-key (p)                     publish server host key to keyserver
-
- expert
-  import-key (i)                     import existing ssh key to gpg
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
-   --keyfile (-f) FILE                 key file to import
-   --expire (-e) EXPIRE                date to expire
-  gen-key (g)                        generate gpg key for the host
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
-   --length (-l) BITS                  key length in bits (2048)
-   --expire (-e) EXPIRE                date to expire
-   --revoker (-r) FINGERPRINT          add a revoker
-  diagnostics (d)                    monkeysphere host status
+ publish-key (p)                     publish host key to keyserver
+
+ import-key (i) [NAME[:PORT]]        import existing ssh key to gpg
 
  version (v)                         show version number
  help (h,?)                          this help
 
+See ${PGRM}(8) for more info.
 EOF
 }
 
-# function to run command as monkeysphere user
-su_monkeysphere_user() {
-    # if the current user is the monkeysphere user, then just eval
-    # command
-    if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then
-	eval "$@"
-
-    # otherwise su command as monkeysphere user
-    else
-	su "$MONKEYSPHERE_USER" -c "$@"
-    fi
-}
-
-# function to interact with the host gnupg keyring
+# function to interact with the gpg keyring
 gpg_host() {
-    local returnCode
-
-    GNUPGHOME="$GNUPGHOME_HOST"
-    export GNUPGHOME
-
-    # NOTE: we supress this warning because we need the monkeysphere
-    # user to be able to read the host pubring.  we realize this might
-    # be problematic, but it's the simplest solution, without too much
-    # loss of security.
-    gpg --no-permission-warning "$@"
-    returnCode="$?"
-
-    # always reset the permissions on the host pubring so that the
-    # monkeysphere user can read the trust signatures
-    chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
-    chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
-    
-    return "$returnCode"
+    GNUPGHOME="$GNUPGHOME_HOST" gpg "$@"
 }
 
-# check if user is root
-is_root() {
-    [ $(id -u 2>/dev/null) = '0' ]
-}
+# command to list the info about the host key, in colon format
+gpg_host_list() {
+    gpg_host --list-keys --with-colons --fixed-list-mode \
+	--with-fingerprint --with-fingerprint \
+	"0x${HOST_FINGERPRINT}!"
 
-# check that user is root, for functions that require root access
-check_user() {
-    is_root || failure "You must be root to run this command."
 }
 
-# output just key fingerprint
-fingerprint_server_key() {
-    # set the pipefail option so functions fails if can't read sec key
-    set -o pipefail
-
-    gpg_host --list-secret-keys --fingerprint \
-	--with-colons --fixed-list-mode 2> /dev/null | \
-	grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
+# command for edit key scripts, takes scripts on stdin
+# FIXME: should we supress all the edit script spew?  or pipe it
+# through log debug?
+gpg_host_edit() {
+    gpg_host --quiet --command-fd 0 --edit-key \
+	"0x${HOST_FINGERPRINT}!" "$@"
 }
 
-# function to check for host secret key
-check_host_keyring() {
-    fingerprint_server_key >/dev/null \
-	|| failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-server gen-key' first."
+# export the host public key to the monkeysphere gpg pub key file
+update_gpg_pub_file() {
+    log debug "updating openpgp public key file '$HOST_KEY_FILE'..."
+    gpg_host --export --armor --export-options export-minimal \
+	"0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE"
 }
 
-# output key information
-show_server_key() {
-    local fingerprintPGP
-    local fingerprintSSH
-    local ret=0
-
-    # FIXME: you shouldn't have to be root to see the host key fingerprint
-    if is_root ; then
-	check_host_keyring
-	fingerprintPGP=$(fingerprint_server_key)
-	gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
-	echo "OpenPGP fingerprint: $fingerprintPGP"
-    else
-	log info "You must be root to see host OpenPGP fingerprint."
-	ret='1'
-    fi
-
-    if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
-	fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
-	    awk '{ print $1, $2, $4 }')
-	echo "ssh fingerprint: $fingerprintSSH"
+# load the host fingerprint into the fingerprint variable, using the
+# export gpg pub key file
+# FIXME: this seems much less than ideal, with all this temp keyring
+# stuff.  is there a way we can do this without having to create temp
+# files?  what if we stored the fingerprint in MHDATADIR/fingerprint?
+load_fingerprint() {
+    if [ -f "$HOST_KEY_FILE" ] ; then
+	HOST_FINGERPRINT=$( \
+	    (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
+	    && gpg --quiet --import \
+	    && gpg --quiet --list-keys --with-colons --with-fingerprint \
+	    && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \
+	    | grep '^fpr:' | cut -d: -f10 )
     else
-	log info "SSH host key not found."
-	ret='1'
+	HOST_FINGERPRINT=
     fi
-
-    return $ret
 }
 
-# extend the lifetime of a host key:
-extend_key() {
-    local fpr=$(fingerprint_server_key)
-    local extendTo="$1"
-
-    # get the new expiration date
-    extendTo=$(get_gpg_expiration "$extendTo")
-
-    gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF 
-expire
-$extendTo
-save
-EOF
-
-    echo
-    echo "NOTE: Host key expiration date adjusted, but not yet published."
-    echo "Run '$PGRM publish-key' to publish the new expiration date."
+# load the host fingerprint into the fingerprint variable, using the
+# gpg host secret key
+load_fingerprint_secret() {
+    HOST_FINGERPRINT=$( \
+	gpg_host --quiet --list-secret-key \
+	--with-colons --with-fingerprint \
+	| grep '^fpr:' | cut -d: -f10 )
 }
 
-# add hostname user ID to server key
-add_hostname() {
-    local userID
-    local fingerprint
-    local tmpuidMatch
-    local line
-    local adduidCommand
-
-    if [ -z "$1" ] ; then
-	failure "You must specify a hostname to add."
-    fi
-
-    userID="ssh://${1}"
-
-    fingerprint=$(fingerprint_server_key)
-
-    # match to only ultimately trusted user IDs
-    tmpuidMatch="u:$(echo $userID | gpg_escape)"
-
-    # find the index of the requsted user ID
-    # NOTE: this is based on circumstantial evidence that the order of
-    # this output is the appropriate index
-    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
-	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
-	failure "Host userID '$userID' already exists."
-    fi
-
-    echo "The following user ID will be added to the host key:"
-    echo "  $userID"
-    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
-    if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "User ID not added."
-    fi
-
-    # edit-key script command to add user ID
-    adduidCommand=$(cat <<EOF
-adduid
-$userID
-
-
-save
-EOF
-)
-
-    # execute edit-key script
-    if echo "$adduidCommand" | \
-	gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-
-        # update the trustdb for the authentication keyring
-	gpg_authentication "--check-trustdb"
-
-	show_server_key
+# fail if host key present
+check_host_key() {
+    [ ! -s "$HOST_KEY_FILE" ] \
+	|| failure "An OpenPGP host key already exists."
+}
 
-	echo
-	echo "NOTE: User ID added to key, but key not published."
-	echo "Run '$PGRM publish-key' to publish the new user ID."
-    else
-	failure "Problem adding user ID."
-    fi
+# fail if host key not present
+check_host_no_key() {
+    [ -s "$HOST_KEY_FILE" ] \
+	|| failure "You don't appear to have a Monkeysphere host key on this server.
+Please run 'monkeysphere-host import-key' first."
 }
 
-# revoke hostname user ID to server key
-revoke_hostname() {
-    local userID
-    local fingerprint
+# output the index of a user ID on the host key
+# return 1 if user ID not found
+find_host_userid() {
+    local userID="$1"
     local tmpuidMatch
     local line
-    local uidIndex
-    local message
-    local revuidCommand
-
-    if [ -z "$1" ] ; then
-	failure "You must specify a hostname to revoke."
-    fi
-
-    echo "WARNING: There is a known bug in this function."
-    echo "This function has been known to occasionally revoke the wrong user ID."
-    echo "Please see the following bug report for more information:"
-    echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
-    read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
-    if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
-    fi
-
-    userID="ssh://${1}"
-
-    fingerprint=$(fingerprint_server_key)
 
     # match to only ultimately trusted user IDs
     tmpuidMatch="u:$(echo $userID | gpg_escape)"
@@ -273,286 +156,91 @@ revoke_hostname() {
     # find the index of the requsted user ID
     # NOTE: this is based on circumstantial evidence that the order of
     # this output is the appropriate index
-    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
-	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
-	uidIndex=${line%%:*}
-    else
-	failure "No non-revoked user ID '$userID' is found."
-    fi
+    line=$(gpg_host_list | egrep '^(uid|uat):' | cut -f2,10 -d: | \
+	grep -n -x -F "$tmpuidMatch" 2>/dev/null)
 
-    echo "The following host key user ID will be revoked:"
-    echo "  $userID"
-    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
-    if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "User ID not revoked."
-    fi
-
-    message="Hostname removed by monkeysphere-server $DATE"
-
-    # edit-key script command to revoke user ID
-    revuidCommand=$(cat <<EOF
-$uidIndex
-revuid
-y
-4
-$message
-
-y
-save
-EOF
-	)	
-
-    # execute edit-key script
-    if echo "$revuidCommand" | \
-	gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-
-        # update the trustdb for the authentication keyring
-	gpg_authentication "--check-trustdb"
-
-	show_server_key
-
-	echo
-	echo "NOTE: User ID revoked, but revocation not published."
-	echo "Run '$PGRM publish-key' to publish the revocation."
+    if [ "$line" ] ; then
+	echo ${line%%:*}
+	return 0
     else
-	failure "Problem revoking user ID."
+	return 1
     fi
 }
 
-# add a revoker to the host key
-add_revoker() {
-    # FIXME: implement!
-    failure "not implemented yet!"
-}
+# show info about the host key
+show_key() {
+    local GNUPGHOME
 
-# revoke the host key
-revoke_key() {
-    # FIXME: implement!
-    failure "not implemented yet!"
-}
+    # tmp gpghome dir
+    export GNUPGHOME=$(mktemp -d)
 
-# publish server key to keyserver
-publish_server_key() {
-    read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
-    if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "key not published."
-    fi
-
-    # find the key fingerprint
-    fingerprint=$(fingerprint_server_key)
-
-    # publish host key
-    gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
-}
-
-diagnostics() {
-#  * check on the status and validity of the key and public certificates
-    local seckey
-    local keysfound
-    local curdate
-    local warnwindow
-    local warndate
-    local create
-    local expire
-    local uid
-    local fingerprint
-    local badhostkeys
-    local sshd_config
-    local problemsfound=0
-
-    # FIXME: what's the correct, cross-platform answer?
-    sshd_config=/etc/ssh/sshd_config
-    seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
-    keysfound=$(echo "$seckey" | grep -c ^sec:)
-    curdate=$(date +%s)
-    # warn when anything is 2 months away from expiration
-    warnwindow='2 months'
-    warndate=$(advance_date $warnwindow +%s)
-
-    if ! id monkeysphere >/dev/null ; then
-	echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
-	problemsfound=$(($problemsfound+1))
-    fi
-
-    if ! [ -d "$SYSDATADIR" ] ; then
-	echo "! no $SYSDATADIR directory found.  Please create it."
-	problemsfound=$(($problemsfound+1))
-    fi
-
-    echo "Checking host GPG key..."
-    if (( "$keysfound" < 1 )); then
-	echo "! No host key found."
-	echo " - Recommendation: run 'monkeysphere-server gen-key'"
-	problemsfound=$(($problemsfound+1))
-    elif (( "$keysfound" > 1 )); then
-	echo "! More than one host key found?"
-	# FIXME: recommend a way to resolve this
-	problemsfound=$(($problemsfound+1))
-    else
-	create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
-	expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
-	fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:)
-	# check for key expiration:
-	if [ "$expire" ]; then
-	    if (( "$expire"  < "$curdate" )); then
-		echo "! Host key is expired."
-		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
-		problemsfound=$(($problemsfound+1))
-	    elif (( "$expire" < "$warndate" )); then
-		echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
-		echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
-		problemsfound=$(($problemsfound+1))
-	    fi
-	fi
-
-        # and weirdnesses:
-	if [ "$create" ] && (( "$create" > "$curdate" )); then
-	    echo "! Host key was created in the future(?!). Is your clock correct?"
-	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-        # check for UserID expiration:
-	echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
-	while IFS=: read create expire uid ; do
-	    # FIXME: should we be doing any checking on the form
-	    # of the User ID?  Should we be unmangling it somehow?
-
-	    if [ "$create" ] && (( "$create" > "$curdate" )); then
-		echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
-		echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
-		problemsfound=$(($problemsfound+1))
-	    fi
-	    if [ "$expire" ] ; then
-		if (( "$expire" < "$curdate" )); then
-		    echo "! User ID '$uid' is expired."
-		    # FIXME: recommend a way to resolve this
-		    problemsfound=$(($problemsfound+1))
-		elif (( "$expire" < "$warndate" )); then
-		    echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
-		    # FIXME: recommend a way to resolve this
-		    problemsfound=$(($problemsfound+1))
-		fi
-	    fi
-	done
-	    
-# FIXME: verify that the host key is properly published to the
-#   keyservers (do this with the non-privileged user)
-
-# FIXME: check that there are valid, non-expired certifying signatures
-#   attached to the host key after fetching from the public keyserver
-#   (do this with the non-privileged user as well)
-
-# FIXME: propose adding a revoker to the host key if none exist (do we
-#   have a way to do that after key generation?)
-
-	# Ensure that the ssh_host_rsa_key file is present and non-empty:
-	echo
-	echo "Checking host SSH key..."
-	if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
-	    echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
-	    problemsfound=$(($problemsfound+1))
-	else
-	    if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
-		echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
-		problemsfound=$(($problemsfound+1))
-	    fi
-
-	    # propose changes needed for sshd_config (if any)
-	    if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
-		echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
-		echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
-		problemsfound=$(($problemsfound+1))
-	    fi
-	    if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
-		echo "! $sshd_config refers to some non-monkeysphere host keys:"
-		echo "$badhostkeys"
-		echo " - Recommendation: remove the above HostKey lines from $sshd_config"
-		problemsfound=$(($problemsfound+1))
-	    fi
-
-        # FIXME: test (with ssh-keyscan?) that the running ssh
-        # daemon is actually offering the monkeysphere host key.
-
-	fi
-    fi
+    # trap to remove tmp dir if break
+    trap "rm -rf $GNUPGHOME" EXIT
 
-# FIXME: look at the ownership/privileges of the various keyrings,
-#    directories housing them, etc (what should those values be?  can
-#    we make them as minimal as possible?)
+    # import the host key into the tmp dir
+    gpg --quiet --import <"$HOST_KEY_FILE"
 
-# FIXME: look to see that the ownertrust rules are set properly on the
-#    authentication keyring
+    HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
+	| grep '^fpr:' | cut -d: -f10 )
 
-# FIXME: make sure that at least one identity certifier exists
+    # list the host key info
+    # FIXME: make no-show-keyring work so we don't have to do the grep'ing
+    # FIXME: can we show uid validity somehow?
+    gpg --list-keys --fingerprint \
+	--list-options show-unusable-uids 2>/dev/null \
+	| grep -v "^${GNUPGHOME}/pubring.gpg$" \
+	| egrep -v '^-+$'
 
-# FIXME: look at the timestamps on the monkeysphere-generated
-# authorized_keys files -- warn if they seem out-of-date.
+    # list the pgp fingerprint
+    echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
 
-# FIXME: check for a cronjob that updates monkeysphere-generated
-# authorized_keys?
+    # list the ssh fingerprint
+    echo -n "ssh fingerprint: "
+    ssh-keygen -l -f /dev/stdin \
+	<<<$(openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null) \
+	| awk '{ print $1, $2, $4 }'
 
-    echo
-    echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
-    # Ensure that User ID authentication is enabled:
-    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
-	echo "! $sshd_config does not point to monkeysphere authorized keys."
-	echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'"
-	problemsfound=$(($problemsfound+1))
-    fi
-    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then
-	echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
-	echo "$badauthorizedkeys"
-	echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
-	problemsfound=$(($problemsfound+1))
-    fi
-
-    if [ "$problemsfound" -gt 0 ]; then
-	echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
-	echo "  monkeysphere-server diagnostics"
-    else
-	echo "Everything seems to be in order!"
-    fi
+    # remove the tmp file
+    trap - EXIT
+    rm -rf "$GNUPGHOME"
 }
 
 ########################################################################
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file
+# unset variables that should be defined only in config file of in
+# MONKEYSPHERE_ variables
+unset LOG_LEVEL
 unset KEYSERVER
-unset AUTHORIZED_USER_IDS
-unset RAW_AUTHORIZED_KEYS
 unset MONKEYSPHERE_USER
+unset PROMPT
 
 # load configuration file
-[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${SYSCONFIGDIR}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
+[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG"
 
 # set empty config variable with ones from the environment, or with
 # defaults
 LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
-AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
-RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
 
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
-REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/gnupg-host"}
-GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${SYSDATADIR}/gnupg-authentication"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
 
 # export variables needed in su invocation
 export DATE
 export MODE
-export MONKEYSPHERE_USER
 export LOG_LEVEL
 export KEYSERVER
+export MONKEYSPHERE_USER
+export PROMPT
 export CHECK_KEYSERVER
-export REQUIRED_USER_KEY_CAPABILITY
 export GNUPGHOME_HOST
-export GNUPGHOME_AUTHENTICATION
 export GNUPGHOME
+export HOST_FINGERPRINT=
 
 # get subcommand
 COMMAND="$1"
@@ -561,67 +249,62 @@ shift
 
 case $COMMAND in
     'show-key'|'show'|'s')
-	show_server_key
+	check_host_no_key
+	show_key
 	;;
 
-    'extend-key'|'e')
-	check_user
-	check_host_keyring
-	extend_key "$@"
+    'set-expire'|'extend-key'|'e')
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/set_expire"
+	set_expire "$@"
 	;;
 
     'add-hostname'|'add-name'|'n+')
-	check_user
-	check_host_keyring
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/add_hostname"
 	add_hostname "$@"
 	;;
 
     'revoke-hostname'|'revoke-name'|'n-')
-	check_user
-	check_host_keyring
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/revoke_hostname"
 	revoke_hostname "$@"
 	;;
 
     'add-revoker'|'o')
-	check_user
-	check_host_keyring
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/add_revoker"
 	add_revoker "$@"
 	;;
 
     'revoke-key'|'r')
-	check_user
-	check_host_keyring
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/revoke_key"
 	revoke_key "$@"
 	;;
 
     'publish-key'|'publish'|'p')
-	check_user
-	check_host_keyring
-	publish_server_key
+	check_host_no_key
+	load_fingerprint
+	source "${MHSHAREDIR}/publish_key"
+	publish_key
 	;;
 
-    'expert'|'e')
-	check_user
-	SUBCOMMAND="$1"
-	shift
-	case "$SUBCOMMAND" in
-	    'import-key'|'i')
-		import_key "$@"
-		;;
-
-	    'gen-key'|'g')
-		gen_key "$@"
-		;;
-
-	    'diagnostics'|'d')
-		diagnostics
-		;;
-
-	    *)
-		failure "Unknown expert subcommand: '$COMMAND'
-Type '$PGRM help' for usage."
-		;;
-	esac
+    'import-key'|'i')
+	check_host_key
+	source "${MHSHAREDIR}/import_key"
+	import_key "$@"
+	;;
+
+    'diagnostics'|'d')
+	load_fingerprint
+	source "${MHSHAREDIR}/diagnostics"
+	diagnostics
 	;;
 
     'version'|'v')