X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=3cc7454faec27528e4e9822020a373010e6e2144;hb=b13286dc0e549347f86b64049d4eb2bd2891e1ab;hp=0ff06af5b261d67b0c3b011faef74f3687ff4b4c;hpb=35a6f7cf8c455318078c7f94951dbc964bb41006;p=monkeysphere.git

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 0ff06af..3cc7454 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # monkeysphere-server: MonkeySphere server admin tool
 #
@@ -28,14 +28,15 @@ GREP_OPTIONS=
 usage() {
 cat <<EOF
 usage: $PGRM <subcommand> [args]
-Monkeysphere server admin tool.
+MonkeySphere server admin tool.
 
 subcommands:
   update-users (s) [USER]...            update users authorized_keys files
   gen-key (g)                           generate gpg key for the server
   publish-key (p)                       publish server key to keyserver
   trust-keys (t) KEYID...               mark keyids as trusted
-  update-user-userids (u) USER UID...   add/update userids for a user
+  update-user-userids (u) USER UID...   add/update user IDs for a user
+  remove-user-userids (r) USER UID...   remove user IDs for a user
   help (h,?)                            this help
 
 EOF
@@ -46,7 +47,7 @@ gen_key() {
     # set key defaults
     KEY_TYPE=${KEY_TYPE:-"RSA"}
     KEY_LENGTH=${KEY_LENGTH:-"2048"}
-    KEY_USAGE=${KEY_USAGE:-"encrypt,auth"}
+    KEY_USAGE=${KEY_USAGE:-"auth,encrypt"}
     SERVICE=${SERVICE:-"ssh"}
     HOSTNAME_FQDN=${HOSTNAME_FQDN:-$(hostname -f)}
 
@@ -70,7 +71,7 @@ EOF
 )
     fi
 
-    log "The following key parameters will be used:"
+    echo "The following key parameters will be used:"
     echo "$keyParameters"
 
     read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
@@ -90,25 +91,10 @@ EOF
 EOF
 )
 
-    echo "generating server key..."
+    log "generating server key..."
     echo "$keyParameters" | gpg --batch --gen-key
 }
 
-# publish server key to keyserver
-publish_key() {
-    read -p "publish key to $KEYSERVER? [Y|n]: " OK; OK=${OK:=Y}
-    if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
-    fi
-
-    keyID=$(gpg --list-key --with-colons ="$USERID" 2> /dev/null | grep '^pub:' | cut -d: -f5)
-
-    # dummy command so as not to publish fakes keys during testing
-    # eventually:
-    #gpg --send-keys --keyserver "$KEYSERVER" "$keyID"
-    echo "NOT PUBLISHED: gpg --send-keys --keyserver $KEYSERVER $keyID"
-}
-
 ########################################################################
 # MAIN
 ########################################################################
@@ -127,7 +113,7 @@ MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere-server.conf}
 # set empty config variable with defaults
 GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg}
 KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
-REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
+REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
 
 export GNUPGHOME
@@ -136,7 +122,7 @@ export GNUPGHOME
 mkdir -p -m 0700 "$GNUPGHOME"
 
 case $COMMAND in
-    'update-users'|'s')
+    'update-users'|'update-user'|'s')
 	if [ "$1" ] ; then
 	    unames="$@"
 	else
@@ -148,13 +134,17 @@ case $COMMAND in
 
 	    log "----- user: $uname -----"
 
+	    # set variables for the user
 	    AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
 	    msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
 	    cacheDir="$CACHE"/"$uname"/user_keys
 
-            # make sure authorized_user_ids file exists
+            # make sure user's authorized_user_ids file exists
+	    touch "$AUTHORIZED_USER_IDS"
+
+	    # skip if the user's authorized_user_ids file is empty
 	    if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
-		log "authorized_user_ids file for '$uname' is empty or does not exist."
+		log "authorized_user_ids file for '$uname' is empty."
 		continue
 	    fi
 
@@ -176,32 +166,69 @@ case $COMMAND in
 	;;
 
     'publish-key'|'p')
-	publish_key
+	publish_server_key
 	;;
 
-    'trust-keys'|'t')
+    'trust-keys'|'trust-key'|'t')
 	if [ -z "$1" ] ; then
-	    failure "you must specify at least one key to trust."
+	    failure "You must specify at least one key to trust."
 	fi
+
+	# process key IDs
 	for keyID ; do
 	    trust_key "$keyID"
 	done
 	;;
 
-    'update-user-userids'|'u')
+    'update-user-userids'|'update-user-userid'|'u')
 	uname="$1"
 	shift
 	if [ -z "$uname" ] ; then
-	    failure "you must specify user."
+	    failure "You must specify user."
 	fi
 	if [ -z "$1" ] ; then
-	    failure "you must specify at least one userid."
+	    failure "You must specify at least one user ID."
 	fi
+
+	# set variables for the user
 	AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
 	cacheDir="$CACHE"/"$uname"/user_keys
+
+        # make sure user's authorized_user_ids file exists
+	touch "$AUTHORIZED_USER_IDS"
+
+	# process the user IDs
 	for userID ; do
 	    update_userid "$userID" "$cacheDir"
 	done
+
+	log "Run the following to update user's authorized_keys file:"
+	log "$PGRM update-users $uname"
+	;;
+
+    'remove-user-userids'|'remove-user-userid'|'r')
+	uname="$1"
+	shift
+	if [ -z "$uname" ] ; then
+	    failure "You must specify user."
+	fi
+	if [ -z "$1" ] ; then
+	    failure "You must specify at least one user ID."
+	fi
+
+	# set variables for the user
+	AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
+
+        # make sure user's authorized_user_ids file exists
+	touch "$AUTHORIZED_USER_IDS"
+
+	# process the user IDs
+	for userID ; do
+	    remove_userid "$userID"
+	done
+
+	log "Run the following to update user's authorized_keys file:"
+	log "$PGRM update-users $uname"
 	;;
 
     'help'|'h'|'?')
@@ -210,6 +237,6 @@ case $COMMAND in
 
     *)
         failure "Unknown command: '$COMMAND'
-Type 'cereal-admin help' for usage."
+Type '$PGRM help' for usage."
         ;;
 esac