X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-host;h=32e22934e91ae14b043525af1301e8ab6cd44594;hb=e4c566d5a1dd25d87d07dac1459a395321b9a5ef;hp=7ba070020025a51b0467ed5bbc1376ac6e7cf172;hpb=a0747749cbc7445e0cadaf0fbf1c92a2e86d1369;p=monkeysphere.git

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 7ba0700..32e2293 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -17,13 +17,11 @@ SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
 export SYSSHAREDIR
 . "${SYSSHAREDIR}/common" || exit 1
 
-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/host"}
-export SYSDATADIR
+# sharedir for host functions
+MHSHAREDIR="${SYSSHAREDIR}/mh"
 
-# monkeysphere temp directory, in sysdatadir to enable atomic moves of
-# authorized_keys files
-MSTMPDIR="${SYSDATADIR}/tmp"
-export MSTMPDIR
+SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
+export SYSDATADIR
 
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
@@ -53,15 +51,12 @@ subcommands:
  publish-key (p)                     publish server host key to keyserver
 
  expert
-  import-key (i)                     import existing ssh key to gpg
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
+  import-key (i) [NAME[:PORT]]       import existing ssh key to gpg
    --keyfile (-f) FILE                 key file to import
    --expire (-e) EXPIRE                date to expire
-  gen-key (g)                        generate gpg key for the host
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
+  gen-key (g) [NAME[:PORT]]          generate gpg key for the host
    --length (-l) BITS                  key length in bits (2048)
    --expire (-e) EXPIRE                date to expire
-   --revoker (-r) FINGERPRINT          add a revoker
   diagnostics (d)                    monkeysphere host status
 
  version (v)                         show version number
@@ -83,7 +78,7 @@ su_monkeysphere_user() {
     fi
 }
 
-# function to interact with the host gnupg keyring
+# function to interact with the gpg keyring
 gpg_host() {
     local returnCode
 
@@ -94,25 +89,7 @@ gpg_host() {
     # user to be able to read the host pubring.  we realize this might
     # be problematic, but it's the simplest solution, without too much
     # loss of security.
-    gpg --no-permission-warning "$@"
-    returnCode="$?"
-
-    # always reset the permissions on the host pubring so that the
-    # monkeysphere user can read the trust signatures
-    chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_HOST}/pubring.gpg"
-    chmod g+r "${GNUPGHOME_HOST}/pubring.gpg"
-    
-    return "$returnCode"
-}
-
-# check if user is root
-is_root() {
-    [ $(id -u 2>/dev/null) = '0' ]
-}
-
-# check that user is root, for functions that require root access
-check_user() {
-    is_root || failure "You must be root to run this command."
+    gpg "$@"
 }
 
 # output just key fingerprint
@@ -166,12 +143,10 @@ return $ret
 
 # unset variables that should be defined only in config file
 unset KEYSERVER
-unset AUTHORIZED_USER_IDS
-unset RAW_AUTHORIZED_KEYS
 unset MONKEYSPHERE_USER
 
 # load configuration file
-[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${SYSCONFIGDIR}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
+[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
 
 # set empty config variable with ones from the environment, or with
 # defaults
@@ -183,20 +158,15 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
-REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/gnupg-host"}
-GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${SYSDATADIR}/gnupg-authentication"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/host"}
 
 # export variables needed in su invocation
 export DATE
 export MODE
-export MONKEYSPHERE_USER
 export LOG_LEVEL
+export MONKEYSPHERE_USER
 export KEYSERVER
-export CHECK_KEYSERVER
-export REQUIRED_USER_KEY_CAPABILITY
 export GNUPGHOME_HOST
-export GNUPGHOME_AUTHENTICATION
 export GNUPGHOME
 
 # get subcommand
@@ -206,59 +176,62 @@ shift
 
 case $COMMAND in
     'show-key'|'show'|'s')
-	show_server_key
+	check_host_keyring
+	show_key
 	;;
 
     'extend-key'|'e')
-	check_user
 	check_host_keyring
+	source "${MHSHAREDIR}/extend_key"
 	extend_key "$@"
 	;;
 
     'add-hostname'|'add-name'|'n+')
-	check_user
 	check_host_keyring
+	source "${MHSHAREDIR}/add_hostname"
 	add_hostname "$@"
 	;;
 
     'revoke-hostname'|'revoke-name'|'n-')
-	check_user
 	check_host_keyring
+	source "${MHSHAREDIR}/revoke_hostname"
 	revoke_hostname "$@"
 	;;
 
     'add-revoker'|'o')
-	check_user
 	check_host_keyring
+	source "${MHSHAREDIR}/add_revoker"
 	add_revoker "$@"
 	;;
 
     'revoke-key'|'r')
-	check_user
 	check_host_keyring
+	source "${MHSHAREDIR}/revoke_key"
 	revoke_key "$@"
 	;;
 
     'publish-key'|'publish'|'p')
-	check_user
 	check_host_keyring
-	publish_server_key
+	source "${MHSHAREDIR}/publish_key"
+	publish_key
 	;;
 
     'expert'|'e')
-	check_user
 	SUBCOMMAND="$1"
 	shift
 	case "$SUBCOMMAND" in
 	    'import-key'|'i')
+		source "${MHSHAREDIR}/import_key"
 		import_key "$@"
 		;;
 
 	    'gen-key'|'g')
+		source "${MHSHAREDIR}/gen_key"
 		gen_key "$@"
 		;;
 
 	    'diagnostics'|'d')
+		source "${MHSHAREDIR}/diagnostics"
 		diagnostics
 		;;