Updates to use the new openpgp2ssh program that dkg wrote.
authorJameson Graef Rollins <jrollins@phys.columbia.edu>
Wed, 11 Jun 2008 18:08:29 +0000 (14:08 -0400)
committerJameson Graef Rollins <jrollins@phys.columbia.edu>
Wed, 11 Jun 2008 18:08:29 +0000 (14:08 -0400)
man/man8/monkeysphere-server.8
src/common
src/monkeysphere-server

index 39a8e5c32e93a326e1e7c597cd6b992d6f88350b..7a12e17591a0b44200e8503ae22ec3607fb87c99 100644 (file)
@@ -57,4 +57,3 @@ extent permitted by law.
 .BR monkeysphere (1),
 .BR gpg (1),
 .BR ssh (1)
-
index ff6ba5943ae9e27842d159513836ac6b57d5a5d3..d7caefdfd3dd50fddae5d0c0fdd53f5187cb6e8e 100755 (executable)
@@ -82,27 +82,36 @@ unescape() {
     echo "$1" | sed 's/\\x3a/:/'
 }
 
-# stand in until we get dkg's gpg2ssh program
-gpg2ssh_tmp() {
+# convert key from gpg to ssh known_hosts format
+gpg2known_hosts() {
     local keyID
-    local userID
     local host
 
     keyID="$1"
-    userID="$2"
-
-    if [ "$MODE" = 'authorized_keys' ] ; then
-       gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere userID: ${userID}/"
+    host=$(echo "$2" | sed -e "s|ssh://||")
 
     # NOTE: it seems that ssh-keygen -R removes all comment fields from
     # all lines in the known_hosts file.  why?
     # NOTE: just in case, the COMMENT can be matched with the
     # following regexp:
     # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$'
-    elif [ "$MODE" = 'known_hosts' ] ; then
-       host=$(echo "$userID" | sed -e "s|ssh://||")
-       echo -n "$host "; gpgkey2ssh "$keyID" | sed -e "s/COMMENT/MonkeySphere${DATE}/"
-    fi
+    echo -n "$host "
+    gpg --export "$keyID" | \
+       openpgp2ssh "$keyID" | tr -d '\n'
+    echo "MonkeySphere${DATE}"
+}
+
+# convert key from gpg to ssh authorized_keys format
+gpg2authorized_keys() {
+    local keyID
+    local userID
+
+    keyID="$1"
+    userID="$2"
+
+    echo -n "MonkeySphere${DATE}:${userID}"
+    gpg --export "$keyID" | \
+       openpgp2ssh "$keyID"
 }
 
 # userid and key policy checking
@@ -235,15 +244,21 @@ process_user_id() {
        for keyID in ${keyIDs[@]} ; do
            loge "  acceptable key/uid found."
 
-           # export the key with gpg2ssh
-            # FIXME: needs to apply extra options for authorized_keys
-           # lines if specified
-           gpg2ssh_tmp "$keyID" "$userID" >> "$cacheDir"/"$userIDHash"."$pubKeyID"
-
-           # hash the cache file if specified
-           if [ "$MODE" = 'known_hosts' -a "$HASH_KNOWN_HOSTS" ] ; then
-               ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
-               rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+           if [ "$MODE" = 'known_hosts' ] ; then
+               # export the key
+               gpg2known_hosts "$keyID" "$userID" >> \
+                   "$cacheDir"/"$userIDHash"."$pubKeyID"
+               # hash the cache file if specified
+               if [ "$HASH_KNOWN_HOSTS" ] ; then
+                   ssh-keygen -H -f "$cacheDir"/"$userIDHash"."$pubKeyID" > /dev/null 2>&1
+                   rm "$cacheDir"/"$userIDHash"."$pubKeyID".old
+               fi
+           elif [ "$MODE" = 'authorized_keys' ] ; then
+               # export the key
+                # FIXME: needs to apply extra options for authorized_keys
+               # lines if specified
+               gpg2authorized_keys "$keyID" "$userID" >> \
+                   "$cacheDir"/"$userIDHash"."$pubKeyID"
            fi
        done
     fi
index 6eeb7021dc1de7965dd81e75f37fb509e5b2cca8..34239b6e489987af25fd84d1147692e8544da5cb 100755 (executable)
@@ -145,9 +145,10 @@ case $COMMAND in
        fi
 
        for uname in $unames ; do
+           MODE="authorized_keys"
+
            log "----- user: $uname -----"
 
-           MODE="authorized_keys"
            AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
            cacheDir="$STAGING_AREA"/"$uname"/user_keys
            msAuthorizedKeys="$STAGING_AREA"/"$uname"/authorized_keys
@@ -167,6 +168,7 @@ case $COMMAND in
            # update authorized_keys
            update_authorized_keys "$cacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys"
        done
+
        log "----- done. -----"
        ;;