SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
-. "${SYSSHAREDIR}/common" || exit 1
+. "${SYSSHAREDIR}/defaultenv"
+. "${SYSSHAREDIR}/common"
SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
export SYSDATADIR
# unset some environment variables that could screw things up
unset GREP_OPTIONS
-# default return code
-RETURN=0
-
########################################################################
# FUNCTIONS
########################################################################
Monkeysphere host admin tool.
subcommands:
- import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT] import existing ssh key to gpg
show-key (s) output all host key information
+ publish-key (p) publish host key to keyserver
set-expire (e) [EXPIRE] set host key expiration
add-hostname (n+) NAME[:PORT] add hostname user ID to host key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
- add-revoker (o) FINGERPRINT add a revoker to the host key
- revoke-key (r) revoke host key
- publish-key (p) publish host key to keyserver
+ add-revoker (r+) KEYID|FILE add a revoker to the host key
+ revoke-key generate and/or publish revocation
+ certificate for host key
version (v) show version number
help (h,?) this help
load_fingerprint() {
if [ -f "$HOST_KEY_FILE" ] ; then
HOST_FINGERPRINT=$( \
- (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
+ (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \
&& gpg --quiet --import \
&& gpg --quiet --list-keys --with-colons --with-fingerprint \
&& rm -rf "$FUBAR") <"$HOST_KEY_FILE" \
Please run 'monkeysphere-host import-key...' first."
}
-# output the index of a user ID on the host key
-# return 1 if user ID not found
+# return 0 if user ID was found.
+# return 1 if user ID not found.
find_host_userid() {
local userID="$1"
local tmpuidMatch
- local line
- # match to only ultimately trusted user IDs
- tmpuidMatch="u:$(echo $userID | gpg_escape)"
+ # match to only "unknown" user IDs (host has no need for ultimate trust)
+ tmpuidMatch="uid:-:$(echo $userID | gpg_escape)"
- # find the index of the requsted user ID
- # NOTE: this is based on circumstantial evidence that the order of
- # this output is the appropriate index
- line=$(gpg_host_list | egrep '^(uid|uat):' | cut -f2,10 -d: | \
- grep -n -x -F "$tmpuidMatch" 2>/dev/null)
-
- if [ "$line" ] ; then
- echo ${line%%:*}
- return 0
- else
- return 1
- fi
+ # See whether the requsted user ID is present
+ gpg_host_list | cut -f1,2,10 -d: | \
+ grep -q -x -F "$tmpuidMatch" 2>/dev/null
}
# show info about the host key
show_key() {
local GNUPGHOME
+ local TMPSSH
+ local revokers
# tmp gpghome dir
export GNUPGHOME=$(msmktempdir)
# create the ssh key
TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub
- openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null >"$TMPSSH"
+ gpg --export | openpgp2ssh 2>/dev/null >"$TMPSSH"
# get the gpg fingerprint
HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
| grep -v "^${GNUPGHOME}/pubring.gpg$" \
| egrep -v '^-+$'
+ # list revokers, if there are any
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode \
+ | awk -F: '/^rvk:/{ print $10 }' )
+ if [ "$revokers" ] ; then
+ echo "The following keys are allowed to revoke this host key:"
+ for key in $revokers ; do
+ echo "revoker: $key"
+ done
+ echo
+ fi
+
# list the pgp fingerprint
echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
+MONKEYSPHERE_GROUP=$(get_primary_group "$MONKEYSPHERE_USER")
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
# other variables
GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
+LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '}
# export variables needed in su invocation
export DATE
export KEYSERVER
export CHECK_KEYSERVER
export MONKEYSPHERE_USER
+export MONKEYSPHERE_GROUP
export PROMPT
export GNUPGHOME_HOST
export GNUPGHOME
export HOST_FINGERPRINT
+export LOG_PREFIX
# get subcommand
COMMAND="$1"
revoke_hostname "$@"
;;
- 'add-revoker'|'o')
+ 'add-revoker'|'r+')
check_host_no_key
load_fingerprint
source "${MHSHAREDIR}/add_revoker"
add_revoker "$@"
;;
- 'revoke-key'|'r')
+ 'revoke-key')
check_host_no_key
load_fingerprint
source "${MHSHAREDIR}/revoke_key"
;;
'diagnostics'|'d')
- load_fingerprint
source "${MHSHAREDIR}/diagnostics"
diagnostics
;;
;;
'version'|'v')
- echo "$VERSION"
+ version
;;
'--help'|'help'|'-h'|'h'|'?')
Type '$PGRM help' for usage."
;;
esac
-
-exit "$RETURN"
projects / monkeysphere.git / blobdiff