Remove {update,remove}-userids functions, since we decided they

weren't worth it.  Updated man pages as well.

diff --git a/debian/changelog b/debian/changelog
index 9bfcc26ede3c992acc8ad4d6cc7232884f1f8271..726f262430836424a1e8793e51e031cdba13aaf2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,8 +7,10 @@ monkeysphere (0.2-1) UNRELEASED; urgency=low
   * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
     %h/.config/monkeysphere/authorized_user_ids, instead of
     /etc/monkeysphere/authorized_user_ids.
   * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
     %h/.config/monkeysphere/authorized_user_ids, instead of
     /etc/monkeysphere/authorized_user_ids.

+  * Remove {update,remove}-userids functions, since we decided they
+    weren't useful enough to be worth maintaining.

 
 

- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Thu, 19 Jun 2008 15:22:05 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Thu, 19 Jun 2008 16:56:32 -0400

 
 monkeysphere (0.1-1) experimental; urgency=low
 
 
 monkeysphere (0.1-1) experimental; urgency=low
 

diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1
index 5fabb91af5dce22ac09e4601549eb63bcac561d1..c4196f2b4afbd392272e8dffa40856ec6ebcb9a9 100644 (file)
--- a/man/man1/monkeysphere-ssh-proxycommand.1
+++ b/man/man1/monkeysphere-ssh-proxycommand.1
@@ -18,17 +18,29 @@ or by adding the following line to your ~/.ssh/config script:
 
 .B ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
 
 .B ProxyCommand monkeysphere-ssh-proxycommand %h %p
 

-The script is very simple, and can easily be incorporated into other
-ProxyCommand scripts.  It first tests to see if the host is in the
-known_hosts file.  If it's not, the CHECK_KEYSERVER variable is set to
-true and "update-known_hosts" is run for the host to check for a host
-key for that host.  If the host is found in the known_hosts file,
-CHECK_KEYSERVER is set to false and "update-known_hosts" is run to
-update from the local keychain.
+The script can easily be incorporated into other ProxyCommand scripts
+by calling it with the "--no-connect" option, ie:

 
 

-Run the following command for more info:
+.B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT"

 
 

-.B less $(which monkeysphere-ssh-proxycommand)
+This will run everything but will not exec netcat to make the tcp
+connection to the host.
+
+.SH KEYSERVER CHECKING
+
+The proxy command has a fairly nuanced policy for when keyservers are
+queried when processing host.  If the host userID is not found in
+either the user's keyring or in the known_hosts file, then the
+keyserver is queried for the host userID.  If the host userID is found
+in the user's keyring, then the keyserver is not checked.  This is
+because...  If the host userID is not found in the user's keyring, but
+the host is listed in the known_hosts file, then defered check is
+scheduled.
+
+.SH ENVIRONMENT VARIABLES
+
+.TP
+KEYSERVER The keyserver to query.

 
 .SH AUTHOR
 
 
 .SH AUTHOR
 

diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index f36d69eb700de5f2f7386ce0e9266463856402a9..30e35bba3a5fc7732b52bae70ee3b5935ba77ff6 100644 (file)
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -33,20 +33,6 @@ is done.  If no hosts are specified, all hosts listed in the
 known_hosts file will be processed.  `k' may be used in place of
 `update-known_hosts'.
 .TP
 known_hosts file will be processed.  `k' may be used in place of
 `update-known_hosts'.
 .TP

-.B update-userids [USERID]...
-Add/update a user ID to the authorized_user_ids file.  The user IDs
-specified should be exact matches to OpenPGP user IDs.  For each
-specified user ID, gpg will be queried for a key associated with that
-user ID, querying a keyserver if specified.  If a key is found, the
-user ID will be added to the user's authorized_user_ids file (if it
-wasn't already present).  `u' may be used in place of
-`update-userids'.
-.TP
-.B remove-userids [USERID]...
-Remove a user ID from the authorized_user_ids file.  The user IDs
-specified should be exact matches to OpenPGP user IDs.  `r' may be
-used in place of `remove-userids'.
-.TP

 .B update-authorized_keys
 Update the monkeysphere authorized_keys file.  For each user ID in the
 user's authorized_user_ids file, gpg will be queried for keys
 .B update-authorized_keys
 Update the monkeysphere authorized_keys file.  For each user ID in the
 user's authorized_user_ids file, gpg will be queried for keys


@@ -78,9 +64,7 @@ specification for the host, ie. "ssh://host.full.domain".
 GPG keys are considered acceptable if the following criteria are met:
 .TP
 .B capability
 GPG keys are considered acceptable if the following criteria are met:
 .TP
 .B capability

-For host keys, the key must have both the "authentication" ("a") and
-"encrypt" ("e") capability flags.  For user keys, the key must have
-the "authentication" ("a") capability flag.
+The key must have the "authentication" ("a") usage flag set.

 .TP
 .B validity
 The key must be "fully" valid, and must not be expired or revoked.
 .TP
 .B validity
 The key must be "fully" valid, and must not be expired or revoked.


@@ -97,9 +81,6 @@ System-wide monkeysphere config file.
 ~/.config/monkeysphere/authorized_user_ids
 OpenPGP user IDs associated with keys that will be checked for
 addition to the authorized_keys file.
 ~/.config/monkeysphere/authorized_user_ids
 OpenPGP user IDs associated with keys that will be checked for
 addition to the authorized_keys file.

-.TP
-~/.config/monkeysphere/authorized_keys
-Monkeysphere generated authorized_keys file.

 
 .SH AUTHOR
 
 
 .SH AUTHOR
 

diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index 28149fb470dc2ab3b17b0eedf29942e0f247eb78..3073adc698ca28a69432afcd3e1484acadae3bbf 100644 (file)
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -23,7 +23,8 @@ be used for authentication of ssh connections.
 .TP
 .B update-users [USER]...
 Update the admin-controlled authorized_keys files for user.  For each
 .TP
 .B update-users [USER]...
 Update the admin-controlled authorized_keys files for user.  For each

-user specified, update the user's authorized_keys file in
+user specified, user ID's listed in the user's authorized_user_ids
+file are processed, and the user's authorized_keys file in

 /var/cache/monkeysphere/authorized_keys/USER.  See `man monkeysphere'
 for more info.  If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
 set, then a user-controlled authorized_keys file (usually
 /var/cache/monkeysphere/authorized_keys/USER.  See `man monkeysphere'
 for more info.  If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
 set, then a user-controlled authorized_keys file (usually


@@ -46,14 +47,6 @@ of `publish-key'.
 Mark key specified with key IDs with full owner trust.  `t' may be used
 in place of `trust-keys'.
 .TP
 Mark key specified with key IDs with full owner trust.  `t' may be used
 in place of `trust-keys'.
 .TP

-.B update-user-userids USER USERID...
-Add/update a user ID to the authorized_user_ids file for USER.  `u' may
-be used in place of `update-user-userids'.
-.TP
-.B remove-user-userids USER USERID...
-Remove a user ID from the authorized_user_ids file for USER.  `r' may
-be used in place of `remove-user-userids'.
-.TP

 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.

diff --git a/src/common b/src/common
index 89efc46a4014dbcfedaec546018c09d066e3509b..00ee7b04a124db6679959c35b5c000b2e9ea2389 100644 (file)
--- a/src/common
+++ b/src/common
@@ -369,56 +369,6 @@ process_user_id() {
     done
 }
 
     done
 }
 

-# update the cache for userid, and prompt to add file to
-# authorized_user_ids file if the userid is found in gpg
-# and not already in file.
-update_userid() {
-    local userID
-
-    userID="$1"
-    authorizedUserIDs="$2"
-
-    log "processing userid: '$userID'"
-
-    # process the user ID to pull it from keyserver
-    process_user_id "$userID" | grep -q "^0 "
-
-    # check if user ID is in the authorized_user_ids file
-    if ! grep -q "^${userID}\$" "$authorizedUserIDs" ; then
-       read -p "user ID not currently authorized.  authorize? [Y|n]: " OK; OK=${OK:=Y}
-       if [ ${OK/y/Y} = 'Y' ] ; then
-           # add if specified
-           log -n " adding user ID to authorized_user_ids file... "
-           echo "$userID" >> "$authorizedUserIDs"
-           loge "done."
-       else
-           # else do nothing
-           log " authorized_user_ids file untouched."
-       fi
-    fi
-}
-
-# remove a userid from the authorized_user_ids file
-remove_userid() {
-    local userID
-
-    userID="$1"
-    authorizedUserIDs="$2"
-
-    log "processing userid: '$userID'"
-
-    # check if user ID is in the authorized_user_ids file
-    if ! grep -q "^${userID}\$" "$authorizedUserIDs" ; then
-       log " user ID not currently authorized."
-       return 1
-    fi
-
-    # remove user ID from file
-    log -n " removing user ID '$userID'... "
-    remove_line "$authorizedUserIDs" "^${userID}$"
-    loge "done."
-}
-

 # process a host in known_host file
 process_host_known_hosts() {
     local host
 # process a host in known_host file
 process_host_known_hosts() {
     local host

diff --git a/src/monkeysphere b/src/monkeysphere
index a9c9d5856002acf42e99c4f757e347a7d3967536..a433701a1c6fb4da462e9b29bdd6bae6e4d644db 100755 (executable)
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -35,8 +35,6 @@ MonkeySphere client tool.
 
 subcommands:
   update-known_hosts (k) [HOST]...  update known_hosts file
 
 subcommands:
   update-known_hosts (k) [HOST]...  update known_hosts file

-  update-userids (u) [USERID]...    add/update user IDs
-  remove-userids (r) [USERID]...    remove user IDs

   update-authorized_keys (a)        update authorized_keys file
   gen-subkey (g) KEYID              generate an 'a' capable subkey
   help (h,?)                        this help
   update-authorized_keys (a)        update authorized_keys file
   gen-subkey (g) KEYID              generate an 'a' capable subkey
   help (h,?)                        this help


@@ -159,28 +157,6 @@ case $COMMAND in
        fi
        ;;
 
        fi
        ;;
 

-    'update-userids'|'update-userid'|'u')
-       if [ -z "$1" ] ; then
-           failure "you must specify at least one userid."
-       fi
-       for userID ; do
-           update_userid "$userID" "$AUTHORIZED_USER_IDS"
-       done
-       log "Run the following to update your monkeysphere authorized_keys file:"
-       log "$PGRM update-authorized_keys"
-       ;;
-
-    'remove-userids'|'remove-userid'|'r')
-       if [ -z "$1" ] ; then
-           failure "you must specify at least one userid."
-       fi
-       for userID ; do
-           remove_userid "$userID" "$AUTHORIZED_USER_IDS"
-       done
-       log "Run the following to update your monkeysphere authorized_keys file:"
-       log "$PGRM update-authorized_keys"
-       ;;
-

     'update-authorized_keys'|'update-authorized-keys'|'a')
        MODE='authorized_keys'
 
     'update-authorized_keys'|'update-authorized-keys'|'a')
        MODE='authorized_keys'
 

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index bfd5db84477cc40c5c3c9e044ebbd241cd7a0e98..154c1462915739110f2af49269d05b43caa6ed11 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -31,14 +31,11 @@ usage: $PGRM <subcommand> [args]
 MonkeySphere server admin tool.
 
 subcommands:
 MonkeySphere server admin tool.
 
 subcommands:

+  update-users (s) [USER]...            update users authorized_keys files

   gen-key (g) [HOSTNAME]                generate gpg key for the server
   show-fingerprint (f)                  show server's host key fingerprint
   publish-key (p)                       publish server key to keyserver
   trust-keys (t) KEYID...               mark keyids as trusted
   gen-key (g) [HOSTNAME]                generate gpg key for the server
   show-fingerprint (f)                  show server's host key fingerprint
   publish-key (p)                       publish server key to keyserver
   trust-keys (t) KEYID...               mark keyids as trusted

-
-  update-users (s) [USER]...            update users authorized_keys files
-  update-user-userids (u) USER UID...   add/update user IDs for a user
-  remove-user-userids (r) USER UID...   remove user IDs for a user

   help (h,?)                            this help
 
 EOF
   help (h,?)                            this help
 
 EOF


@@ -231,60 +228,6 @@ case $COMMAND in
        done
        ;;
 
        done
        ;;
 

-    'update-user-userids'|'update-user-userid'|'u')
-       uname="$1"
-       shift
-       if [ -z "$uname" ] ; then
-           failure "You must specify user."
-       fi
-       if [ -z "$1" ] ; then
-           failure "You must specify at least one user ID."
-       fi
-
-       # set authorized_user_ids variable,
-       # translate ssh-style path variables
-       authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
-
-        # make sure user's authorized_user_ids file exists
-       touch "$authorizedUserIDs"
-
-       # process the user IDs
-       for userID ; do
-           update_userid "$userID" "$authorizedUserIDs"
-       done
-
-       log "Run the following to update user's authorized_keys file:"
-       log "$PGRM update-users $uname"
-       ;;
-
-    'remove-user-userids'|'remove-user-userid'|'r')
-       uname="$1"
-       shift
-       if [ -z "$uname" ] ; then
-           failure "You must specify user."
-       fi
-       if [ -z "$1" ] ; then
-           failure "You must specify at least one user ID."
-       fi
-
-       # set authorized_user_ids variable,
-       # translate ssh-style path variables
-       authorizedUserIDs=$(translate_ssh_variables "$uname" "$AUTHORIZED_USER_IDS")
-
-        # make sure user's authorized_user_ids file exists
-       if [ ! -f "$authorizedUserIDs" ] ; then
-           failure "authorized_user_ids file '$authorizedUserIDs' does not exist."
-       fi
-
-       # process the user IDs
-       for userID ; do
-           remove_userid "$userID" "$authorizedUserIDs"
-       done
-
-       log "Run the following to update user's authorized_keys file:"
-       log "$PGRM update-users $uname"
-       ;;
-

     'help'|'h'|'?')
         usage
         ;;
     'help'|'h'|'?')
         usage
         ;;