X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=19b457fed71ea65cf34fa85234f22181619ea1e6;hb=8c8d5414f07e1c411f824d60fbfaaf545e91749a;hp=67466d2feea8ef7af5115fb50715bc6b40c91bcf;hpb=cabc89111693c8f928a7685f55a385ccf75daf86;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 67466d2..19b457f 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -47,15 +47,13 @@ subcommands: publish-key (p) publish server's host key to keyserver add-identity-certifier (a) KEYID import and tsign a certification key - -n|--domain DOMAIN domain of certifier () - -t|--trust TRUST trust level of certifier (2) + -n|--domain DOMAIN limit ID certifications to IDs in DOMAIN () + -t|--trust TRUST trust level of certifier (full) -d|--depth DEPTH trust depth for certifier (1) remove-identity-certifier (r) KEYID remove a certification key list-identity-certifiers (l) list certification keys - gpg-authentication-cmd execute a gpg command to the - authentication keyring as the - monkeysphere user + gpg-authentication-cmd CMD gnupg-authentication command help (h,?) this help @@ -344,6 +342,10 @@ EOF fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \ grep '^fpr:' | head -1 | cut -d: -f10) + # export host ownertrust to authentication keyring + log "setting ultimate owner trust for server key..." + echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use @@ -385,10 +387,11 @@ add_certifier() { local keyID local fingerprint local ltsignCommand + local trustval # set default values for trust depth and domain domain= - trust=2 + trust=full depth=1 # get options @@ -425,11 +428,11 @@ add_certifier() { done keyID="$1" + if [ -z "$keyID" ] ; then + failure "You must specify the key ID of a key to add." + fi export keyID - # export host ownertrust to authentication keyring - gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust" - # get the key from the key server gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'" @@ -440,7 +443,8 @@ add_certifier() { echo "key found:" gpg_authentication "--fingerprint $fingerprint" - read -p "Are you sure you want to add this key as a certifier of users on this system? (y/N) " OK; OK=${OK:-N} + echo "Are you sure you want to add this key as a certifier of" + read -p "users on this system? (y/N) " OK; OK=${OK:-N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "aborting." fi @@ -448,18 +452,26 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export $keyID" | gpg_host --import + if [ "$trust" == marginal ]; then + trustval=1 + elif [ "$trust" == full ]; then + trustval=2 + else + failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)" + fi + # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <