From 8cf936aa9d62f6e8655904375a2d8217f559947a Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Fri, 15 Aug 2008 13:02:05 -0700
Subject: [PATCH 1/1] more work on hostname add/revoke

---
 src/common              | 13 +++---
 src/monkeysphere-server | 89 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 82 insertions(+), 20 deletions(-)

diff --git a/src/common b/src/common
index 17955a7..34c86cb 100644
--- a/src/common
+++ b/src/common
@@ -69,11 +69,12 @@ file_hash() {
     md5sum "$1" 2> /dev/null
 }
 
-# convert escaped characters from gpg output back into original
-# character
-# FIXME: undo all escape character translation in with-colons gpg output
-unescape() {
-    echo "$1" | sed 's/\\x3a/:/g'
+# convert escaped characters in pipeline from gpg output back into
+# original character
+# FIXME: undo all escape character translation in with-colons gpg
+# output
+gpg_unescape() {
+    sed 's/\\x3a/:/g'
 }
 
 # remove all lines with specified string from specified file
@@ -398,7 +399,7 @@ process_user_id() {
 		    continue
 		fi
 		# if the user ID does not match, skip
-		if [ "$(unescape "$uidfpr")" != "$userID" ] ; then
+		if [ "$(echo "$uidfpr" | gpg_unescape)" != "$userID" ] ; then
 		    continue
 		fi
 		# if the user ID validity is not ok, skip
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 023ce9b..31bce7d 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -100,17 +100,19 @@ gpg_authentication() {
     su_monkeysphere_user "gpg $@"
 }
 
-# output key information
-show_server_key() {
-    gpg_host --list-secret-keys --fingerprint
-}
-
 # output just key fingerprint
 fingerprint_server_key() {
     gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode | \
 	grep '^fpr:' | head -1 | cut -d: -f10
 }
 
+# output key information
+show_server_key() {
+    local fingerprint
+    fingerprint=$(fingerprint_server_key)
+    gpg_host --fingerprint --list-secret-key "$fingerprint"
+}
+
 # update authorized_keys for users
 update_users() {
     if [ "$1" ] ; then
@@ -371,52 +373,111 @@ EOF
 
 # add hostname user ID to server key
 add_hostname() {
+    local userID
+    local fingerprint
+    local adduidCommand
+
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to add."
     fi
 
     userID="ssh://${1}"
 
-    if [ "$(gpg_host --list-key "=${userID}")" ] ; then
+    if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
 	failure "Host userID '$userID' already exists."
     fi
 
+    echo "The following user ID will be added to the host key:"
+    echo "  '$userID'"
+    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "user ID not added."
+    fi
+
     fingerprint=$(fingerprint_server_key)
 
+    # edit-key script command to add user ID
     adduidCommand=$(cat <<EOF
 adduid
 $userID
 
 
-O
 save
 EOF
 	)
 
-    # add uid
+    # execute edit-key script
     echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
 
-    echo "NOTE: new host userID has not been published."
-    echo "Use '$PGRM publish-key' to publish these changes."
+    # update trust db
+    gpg_host --check-trustdb
+
+    show_server_key
+
+    # publish the key
+    publish_server_key
 }
 
 # revoke hostname user ID to server key
 revoke_hostname() {
+    local userID
+    local uidIndex
+
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to revoke."
     fi
 
-    failure "Sorry, not yet implemented."
+    userID="ssh://${1}"
+
+    fingerprint=$(fingerprint_server_key)
+
+    # find the index of the requsted user ID
+    # NOTE: this is based on circumstantial evidence that the order of
+    # this output is the appropriate index
+    uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
+	egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
+	grep "$userID" | awk '{ print $1 }')
+
+    if [ -z "$uidIndex" ] ; then
+	failure "User ID '$userID' not found in host key."
+    fi
 
-    echo "NOTE: host userID revokation has not been published."
-    echo "Use '$PGRM publish-key' to publish these changes."
+    echo "The following user ID will be revoked from the host key:"
+    echo "  '$userID'"
+    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "user ID not revoked."
+    fi
+
+    # edit-key script command to revoke user ID
+    revuidCommand=$(cat <<EOF
+$uidIndex
+revuid
+y
+4
+
+y
+save
+EOF
+	)	
+
+    # execute edit-key script
+    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
+
+    # update trust db
+    gpg_host --check-trustdb
+
+    show_server_key
+
+    # publish the key
+    publish_server_key
 }
 
 # publish server key to keyserver
 publish_server_key() {
     read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
+	failure "key not published."
     fi
 
     # find the key fingerprint
-- 
2.25.1