From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Fri, 15 Aug 2008 22:02:56 +0000 (-0700)
Subject: Merge commit 'dkg/master'
X-Git-Tag: monkeysphere_0.8-1~13
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cb05f332e617e346aa533d6dde02fb11c6148799;p=monkeysphere.git

Merge commit 'dkg/master'

Conflicts:

	src/monkeysphere-server

Resolved conflicts in revoke-hostname, and finish work on them.
---

cb05f332e617e346aa533d6dde02fb11c6148799
diff --cc debian/changelog
index e80e48a,59aea1e..b39ba44
--- a/debian/changelog
+++ b/debian/changelog
@@@ -13,8 -14,8 +14,9 @@@ monkeysphere (0.8-1) UNRELEASED; urgenc
      be removed from key files.
    * enabled host key publication.
    * added checking of gpg.conf for keyserver
++  * new functions to add/revoke host key user IDs
  
-- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 10:46:23 -0700
++ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Fri, 15 Aug 2008 15:02:48 -0700
  
  monkeysphere (0.7-1) experimental; urgency=low
  
diff --cc src/common
index 34c86cb,24decae..bb988f7
--- a/src/common
+++ b/src/common
@@@ -69,14 -69,20 +69,20 @@@ file_hash() 
      md5sum "$1" 2> /dev/null
  }
  
 -# convert escaped characters from gpg output back into original
 -# character
 -# FIXME: undo all escape character translation in with-colons gpg output
 -unescape() {
 -    echo "$1" | sed 's/\\x3a/:/g'
 +# convert escaped characters in pipeline from gpg output back into
 +# original character
 +# FIXME: undo all escape character translation in with-colons gpg
 +# output
 +gpg_unescape() {
 +    sed 's/\\x3a/:/g'
  }
  
 -# convert nasty chars into gpg-friendly form
++# convert nasty chars into gpg-friendly form in pipeline
+ # FIXME: escape everything, not just colons!
 -escape() {
 -    echo "$1" | sed 's/:/\\x3a/g'
++gpg_escape() {
++    sed 's/:/\\x3a/g'
+ }
+ 
 -
  # remove all lines with specified string from specified file
  remove_line() {
      local file
diff --cc src/monkeysphere-server
index 31bce7d,2b9b744..4fb8265
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@@ -373,30 -371,18 +373,39 @@@ EO
  
  # add hostname user ID to server key
  add_hostname() {
 +    local userID
 +    local fingerprint
++    local tmpuidMatch
++    local line
 +    local adduidCommand
 +
      if [ -z "$1" ] ; then
  	failure "You must specify a hostname to add."
      fi
  
      userID="ssh://${1}"
  
-     if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
 -    if [ "$(gpg_host --list-key "=${userID}")" ] ; then
++    fingerprint=$(fingerprint_server_key)
++
++    # match to only ultimately trusted user IDs
++    tmpuidMatch="u:$(echo $userID | gpg_escape)"
++
++    # find the index of the requsted user ID
++    # NOTE: this is based on circumstantial evidence that the order of
++    # this output is the appropriate index
++    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
++	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
  	failure "Host userID '$userID' already exists."
      fi
  
 -    fingerprint=$(fingerprint_server_key)
 +    echo "The following user ID will be added to the host key:"
-     echo "  '$userID'"
++    echo "  $userID"
 +    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
 +    if [ ${OK/y/Y} != 'Y' ] ; then
 +	failure "user ID not added."
 +    fi
  
-     fingerprint=$(fingerprint_server_key)
- 
 +    # edit-key script command to add user ID
      adduidCommand=$(cat <<EOF
  adduid
  $userID
@@@ -406,71 -393,53 +415,85 @@@ sav
  EOF
  	)
  
 -    # add uid
 -    echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
 +    # execute edit-key script
-     echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
++    if echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
++        # update trust db
++	gpg_host --check-trustdb
 +
-     # update trust db
-     gpg_host --check-trustdb
++	show_server_key
  
-     show_server_key
- 
-     # publish the key
-     publish_server_key
 -    echo "NOTE: new host userID has not been published."
 -    echo "Use '$PGRM publish-key' to publish these changes."
++	echo "NOTE: User ID added but key not published."
++	echo "Run '$PGRM publish-key' to publish the key"
++    else
++	failure "Problem adding user ID."
++    fi
  }
  
  # revoke hostname user ID to server key
  revoke_hostname() {
 -    local msg
 -    local uidNum
 +    local userID
++    local fingerprint
+     local tmpuidMatch
 -    local fpr
 -    local linenum
++    local line
 +    local uidIndex
++    local message
++    local revuidCommand
  
      if [ -z "$1" ] ; then
  	failure "You must specify a hostname to revoke."
      fi
  
 -    fpr=$(fingerprint_server_key)
 -    tmpuidMatch="u:$(escape "ssh://$1")"
 +    userID="ssh://${1}"
 +
 +    fingerprint=$(fingerprint_server_key)
 +
++    # match to only ultimately trusted user IDs
++    tmpuidMatch="u:$(echo $userID | gpg_escape)"
+ 
 -    if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x$fpr"\! | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
 -	uidNum=${linenum%%:*}
 +    # find the index of the requsted user ID
 +    # NOTE: this is based on circumstantial evidence that the order of
 +    # this output is the appropriate index
-     uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
- 	egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
- 	grep "$userID" | awk '{ print $1 }')
- 
-     if [ -z "$uidIndex" ] ; then
- 	failure "User ID '$userID' not found in host key."
++    if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \
++	| egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
++	uidIndex=${line%%:*}
+     else
 -	failure "no non-revoked hostname '$1' is listed."
++	failure "No non-revoked user ID '$userID' is found."
      fi
  
 -    msg="hostname removed by monkeysphere-server on $(date +%F)"
 -    
 +    echo "The following user ID will be revoked from the host key:"
-     echo "  '$userID'"
++    echo "  $userID"
 +    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
 +    if [ ${OK/y/Y} != 'Y' ] ; then
 +	failure "user ID not revoked."
 +    fi
  
++    message="Hostname removed by monkeysphere-server $DATE"
++
 +    # edit-key script command to revoke user ID
      revuidCommand=$(cat <<EOF
 -$uidNum
 +$uidIndex
  revuid
  y
  4
 -$msg
++$message
  
  y
  save
  EOF
 -)
 +	)	
  
 -    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fpr"\!
 +    # execute edit-key script
-     echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
- 
-     # update trust db
-     gpg_host --check-trustdb
++    if echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then
++        # update trust db
++	gpg_host --check-trustdb
  
-     show_server_key
 -    echo "NOTE: host userID revokation has not been published."
 -    echo "Use '$PGRM publish-key' to publish these changes."
++	show_server_key
 +
-     # publish the key
-     publish_server_key
++	echo "NOTE: User ID revoked but key not published."
++	echo "Run '$PGRM publish-key' to publish the key"
++    else
++	failure "Problem revoking user ID."
++    fi
  }
  
  # publish server key to keyserver