X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=a08007627a323c4ce4c8ae1d0feb204728b61fe0;hb=e6d14b3efaa96cc55eae34556daf8f85f09b92f6;hp=1e05799a00ca9ef64cdabec33ce3a51cc3fa3cdc;hpb=e3c7c570091a602788ae140c99bf2da2e80b3c4a;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 1e05799..a080076 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -41,7 +41,9 @@ subcommands: gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver - trust-key (t) KEYID import and tsign a certification key + add-certifier (a) KEYID import and tsign a certification key + remove-certifier (r) KEYID remove a certification key + list-certifiers (l) list certification keys help (h,?) this help EOF @@ -184,8 +186,6 @@ update_users() { # it into place mv -f "$AUTHORIZED_KEYS" "${VARLIB}/authorized_keys/${uname}" - log "authorized_keys file updated." - # destroy temporary directory rm -rf "$TMPDIR" done @@ -247,7 +247,7 @@ EOF echo "The following key parameters will be used for the host private key:" echo "$keyParameters" - read -p "Generate key? [Y|n]: " OK; OK=${OK:=Y} + read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi @@ -286,7 +286,7 @@ fingerprint_server_key() { # publish server key to keyserver publish_server_key() { - read -p "really publish key to $KEYSERVER? [y|N]: " OK; OK=${OK:=N} + read -p "really publish key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi @@ -299,22 +299,14 @@ publish_server_key() { failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development)." } -# retrieve key from web of trust, and set owner trust to "full" -# if key is found. -trust_key() { +# retrieve key from web of trust, import it into the host keyring, and +# ltsign the key in the host keyring so that it may certify other keys +add_certifier() { local keyID - local trustLevel + local fingerprint + local ltsignCommand keyID="$1" - - # default values for trust depth and domain - DEPTH=${DEPTH:-1} - DOMAIN=${DOMAIN:-} - - if [ -z "$keyID" ] ; then - failure "You must specify key to trust." - fi - export keyID # export host ownertrust to authentication keyring @@ -334,9 +326,18 @@ trust_key() { echo "key found:" gpg_authentication "--fingerprint $fingerprint" + read -p "Are you sure you want to add this key as a certifier of users on this system? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + # export the key to the host keyring gpg_authentication "--export $keyID" | gpg_host --import + # default values for trust depth and domain + DEPTH=${DEPTH:-1} + DOMAIN=${DOMAIN:-} + # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <