Merge commit 'dkg/master'

diff --git a/doc/MonkeySpec b/doc/MonkeySpec
index 9ed072422811bba2738c515cee99f25ae25c8228..fe5a0bf37318e181470be8d59043469c8f112e49 100644 (file)
--- a/doc/MonkeySpec
+++ b/doc/MonkeySpec
@@ -43,12 +43,12 @@ server-side components
   - publishes server gpg keys
   - used to specify keys to trust for user authentication
 
-* "tamarin": script to trigger rhesus during attempt to initiate
-  connection from client
+* "tamarin": concept - how to trigger or schedule rhesus at admin defined 
+       points (e.g. via cron or during ssh connections).
 
 client-side components
 ----------------------
-* "marmoset": script to trigger rhesus during attempt to initiate
+* "marmoset": concept - how to trigger rhesus during attempt to initiate
   connection to server
   - runs on connection to a certain host
   - triggers update to known_hosts file then makes connection

diff --git a/gpg2ssh/Makefile b/gpg2ssh/Makefile
index aa18aaad5a2e096e9456008fcafc41f65d45bb64..a0b72418cdcbcaaa21f965630eaa261c18b35b30 100644 (file)
--- a/gpg2ssh/Makefile
+++ b/gpg2ssh/Makefile
@@ -1,3 +1,5 @@
+all: monkeysphere gpg2ssh
+
 monkeysphere: main.c gnutls-helpers.o
        gcc -g -Wall --pedantic -o monkeysphere main.c `libgnutls-config --libs --cflags` -lgnutls-extra gnutls-helpers.o
 
@@ -11,6 +13,6 @@ ssh2gpg: ssh2gpg.c gnutls-helpers.o
        gcc -g -Wall --pedantic -o $@ -c $<
 
 clean: 
-       rm -f monkeysphere *.o
+       rm -f monkeysphere gpg2ssh *.o
 
-.PHONY: clean
+.PHONY: clean all

diff --git a/gpg2ssh/gpg2ssh.c b/gpg2ssh/gpg2ssh.c
index a1e94df7998a55a56c88a97e9342abfe14153def..c99f03fe25fbc20ca4fe490791a4b8bac2416cc8 100644 (file)
--- a/gpg2ssh/gpg2ssh.c
+++ b/gpg2ssh/gpg2ssh.c
@@ -116,8 +116,9 @@ int main(int argc, char* argv[]) {
     err("failed to get the usage flags for the primary key (error: %d)\n", ret);
     return ret;
   }
-  if (usage & GNUTLS_KEY_KEY_AGREEMENT) {
-    err("the primary key can be used for authentication\n");
+  if (usage & GNUTLS_KEY_KEY_AGREEMENT &&
+      usage & GNUTLS_KEY_KEY_ENCIPHERMENT) {
+    err("the primary key can be used for authentication and communication encryption!\n");
 
     algo = gnutls_openpgp_crt_get_pk_algorithm(openpgp_crt, &bits);
     if (algo < 0) {
@@ -144,10 +145,10 @@ int main(int argc, char* argv[]) {
     }
     
   } else {
-    err("primary key is only good for: 0x%08x.  Trying subkeys...\n", usage);
+    err("primary key is not good for authentication and communication encryption.  Trying subkeys...\n");
     
     if (ret = gnutls_openpgp_crt_get_auth_subkey(openpgp_crt, keyid, 0), ret) {
-      err("failed to find a subkey capable of authentication (error: %d)\n", ret);
+      err("failed to find a subkey capable of authentication and communication encryption (error: %d)\n", ret);
       return ret;
     }
     make_keyid_printable(p_keyid, keyid);
@@ -169,8 +170,9 @@ int main(int argc, char* argv[]) {
       err("could not figure out usage of subkey %.16s (error: %d)\n", p_keyid, ret);
       return ret;
     }
-    if ((usage & GNUTLS_KEY_KEY_AGREEMENT) == 0) {
-      err("could not find a subkey with authentication privileges.\n");
+    if ((usage & GNUTLS_KEY_KEY_AGREEMENT) == 0 &&
+       usage & GNUTLS_KEY_KEY_ENCIPHERMENT) {
+      err("could not find a subkey with authentication and communication encryption.\n");
       return 1;
     }